[Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Rob Crittenden
rcritten at redhat.com
Mon Oct 3 19:05:39 UTC 2011
Stephen Ingram wrote:
> Rob-
>
> I tried that, but I couldn't figure out the correct format:
>
> ipa user-mod --setattr=objectclass=oc1, oc2, oc3
>
> ipa user-mod --setattr=objectclass=oc1 oc2 oc3
>
> ipa user-mod --setattr=objectclass=oc1, objectclass=oc2, objectclass=oc3
>
> and some others. Nothing seemed to work all reporting that multiple
> arguments were not supported.
This should work
ipa user-mod --setattr=objectclass=oc1 --addattr=objectclass=oc2
--addattr=objectclass=oc3 ...
rob
>
> Steve
>
> On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden<rcritten at redhat.com> wrote:
>> Stephen Ingram wrote:
>>>
>>> I've successfully used ipa user-mod --setattr to remove custom
>>> attributes that I've added by simply setting the attribute equal to
>>> nothing. However, it does not work in the case of objectclasses since
>>> there are several and the command does not support multiple arguments.
>>> I've seen references to --delattr in older v1 documentation.
>>> Obviously, this could be easily accomplished with an ldapmodify
>>> command, but it would be nice to have directly in ipa. Is this already
>>> supported and I simply don't know the correct command?
>>>
>>> Steve
>>
>> There is currently not a delattr equivalent in v2 though we are looking into
>> it.
>>
>> What you'd need to do is a setattr with the full list of objectclasses you
>> want it to be set to. This will replace the current value(s).
>>
>> rob
>>
More information about the Freeipa-users
mailing list