When creating a user with --idp-user-id or modifying an existing user with --idp-user-id, the operations fails if the user entry does not already contain the ipaipduser objectclass.
ipa user-add idpuser --first idp --last user --idp-user-id myidpuserid
ipa user-add idpuser --first idp --last user; ipa user-mod idpuser --idp-user-id myidpuserid
The operation fails with
ipa: ERROR: attribute "ipaIdpSub" not allowed
(what happens)
(what do you expect to happen)
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue.
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2234480, https://bugzilla.redhat.com/show_bug.cgi?id=2234481
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/6975
master:
ipa-4-11:
ipa-4-10:
ipa-4-9:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @abbra: - Custom field changelog adjusted to Allow to create user accounts with external IdP reference pre-defined.
Test PR in progress: https://github.com/freeipa/freeipa/pull/7113
Log in to comment on this ticket.