#4697 Admins can't delete their last token even though they are admins
Closed: Fixed None Opened 9 years ago by ctria.

That is expected behaviour but how to delete the last token of an admin is not that clear and needs to be documented. There are 2 options: [[BR]]
a) Via a second admin account [[BR]]

b) Via ldapdelete:

$ ldapdelete -D 'cn=Directory Manager' -W ipatokenUniqueID=<token id>,cn=otp,<suffix>

This is as designed. However, we need to:
1. Document the above recovery methods.
2. Permit deletion of the last token if the user has the password user auth type configured.

master:

  • bdccb0c Preliminary refactoring of libotp files
  • 953c684 Move authentication configuration cache into libotp
  • 08f8acd Enable last token deletion when password auth type is configured

ipa-4-1:

  • b4e85d0 Preliminary refactoring of libotp files
  • faa4d72 Move authentication configuration cache into libotp
  • a0421d8 Enable last token deletion when password auth type is configured

Metadata Update from @ctria:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 4.1.3

7 years ago

Log in to comment on this ticket.

Metadata