That is expected behaviour but how to delete the last token of an admin is not that clear and needs to be documented. There are 2 options: [[BR]] a) Via a second admin account [[BR]]
b) Via ldapdelete:
$ ldapdelete -D 'cn=Directory Manager' -W ipatokenUniqueID=<token id>,cn=otp,<suffix>
This is as designed. However, we need to: 1. Document the above recovery methods. 2. Permit deletion of the last token if the user has the password user auth type configured.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=919228 (Red Hat Enterprise Linux 7)
https://www.redhat.com/archives/freeipa-devel/2014-November/msg00204.html
4.1.2 was released.
master:
ipa-4-1:
Metadata Update from @ctria: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 4.1.3
Log in to comment on this ticket.