I'm trying to delete a date attribute using --delattr on the CLI:
--delattr
# ipa user-show zachary49 --all --raw | grep krbLastPwdChange krbLastPwdChange: 20210413131646Z # ipa user-mod zachary49 --delattr krbLastPwdChange=20210413131646Z ipa: ERROR: krblastpwdchange does not contain '20210413131646Z'
This is with IPA 4.8.10.
After some investigation, it looks like the issue is raised at baseldap.py:1060 because the value retrieved from LDAP is a datetime object, and it's trying to find the isoformatted string that I passed as a CLI argument. The LDAP value is converted to LDAP when the old_entry.get() function is called.
old_entry.get()
I don't know what would be the best way to fix it, either converting the CLI argument to datetime too or not converting the LDAP value.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server freeipa-server-4.8.10-6.fc33.x86_64 freeipa-client-4.8.10-6.fc33.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.4.11-1.fc33.x86_64 pki-ca-10.10.3-3.fc33.noarch krb5-server-1.18.2-22.fc33.x86_64
This likely affects any parameter class that converts type.
Something like this might work:
try: entry_attrs[attr].remove(self.params[attr].convert(delval)) except KeyError: try: entry_attrs[attr].remove(delval) except ValueError: <what it does now>
So try to delete the converted value if it can be determined, otherwise fall back to deleting the raw value.
Another workaround would be to use:
ipa user-mod someuser --setattr krbPasswordExpiration=
Metadata Update from @rcritten: - Issue assigned to rcritten
It turned out to be a bit more complex than I thought but it looks like we can use the same mapping routines that convert loaded data to try to remove the data with --delattr, to a point.
PR https://github.com/freeipa/freeipa/pull/6184
master:
ipa-4-9:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.