I'm trying to delete a date attribute using --delattr on the CLI:
# ipa user-show zachary49 --all --raw | grep krbLastPwdChange
# ipa user-mod zachary49 --delattr krbLastPwdChange=20210413131646Z
ipa: ERROR: krblastpwdchange does not contain '20210413131646Z'
This is with IPA 4.8.10.
After some investigation, it looks like the issue is raised at baseldap.py:1060 because the value retrieved from LDAP is a datetime object, and it's trying to find the isoformatted string that I passed as a CLI argument. The LDAP value is converted to LDAP when the old_entry.get() function is called.
I don't know what would be the best way to fix it, either converting the CLI argument to datetime too or not converting the LDAP value.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package ipa-server is not installed
package ipa-client is not installed
This likely affects any parameter class that converts type.
Something like this might work:
<what it does now>
So try to delete the converted value if it can be determined, otherwise fall back to deleting the raw value.
Another workaround would be to use:
ipa user-mod someuser --setattr krbPasswordExpiration=
Metadata Update from @rcritten:
- Issue assigned to rcritten
It turned out to be a bit more complex than I thought but it looks like we can use the same mapping routines that convert loaded data to try to remove the data with --delattr, to a point.
Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
to comment on this ticket.