[Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Stephen Ingram
sbingram at gmail.com
Mon Oct 3 18:58:12 UTC 2011
Rob-
I tried that, but I couldn't figure out the correct format:
ipa user-mod --setattr=objectclass=oc1, oc2, oc3
ipa user-mod --setattr=objectclass=oc1 oc2 oc3
ipa user-mod --setattr=objectclass=oc1, objectclass=oc2, objectclass=oc3
and some others. Nothing seemed to work all reporting that multiple
arguments were not supported.
Steve
On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden <rcritten at redhat.com> wrote:
> Stephen Ingram wrote:
>>
>> I've successfully used ipa user-mod --setattr to remove custom
>> attributes that I've added by simply setting the attribute equal to
>> nothing. However, it does not work in the case of objectclasses since
>> there are several and the command does not support multiple arguments.
>> I've seen references to --delattr in older v1 documentation.
>> Obviously, this could be easily accomplished with an ldapmodify
>> command, but it would be nice to have directly in ipa. Is this already
>> supported and I simply don't know the correct command?
>>
>> Steve
>
> There is currently not a delattr equivalent in v2 though we are looking into
> it.
>
> What you'd need to do is a setattr with the full list of objectclasses you
> want it to be set to. This will replace the current value(s).
>
> rob
>
More information about the Freeipa-users
mailing list