[Freeipa-users] ipa user/group-mod --setattr can't remove objectclass
Rob Crittenden
rcritten at redhat.com
Tue Oct 4 12:52:59 UTC 2011
Stephen Ingram wrote:
> Rob-
>
> I think this works. I'm not totally sure because I keep getting
> strange schema violation errors. Perhaps it is the way each --setattr
> option is evaluated by the directory. I'm going to have to dig deeper
> to find out.
setattr are evaluated first, so the setattr wipes out objectclass and
sets it to a single value. addattr then adds the other values.
>
> Needless to say thought, a --delattr option would make it much easier
> to say quickly remove an objectclass or one of a list of email
> addresses.
Yes.
rob
>
> Steve
>
> On Mon, Oct 3, 2011 at 12:05 PM, Rob Crittenden<rcritten at redhat.com> wrote:
>> Stephen Ingram wrote:
>>>
>>> Rob-
>>>
>>> I tried that, but I couldn't figure out the correct format:
>>>
>>> ipa user-mod --setattr=objectclass=oc1, oc2, oc3
>>>
>>> ipa user-mod --setattr=objectclass=oc1 oc2 oc3
>>>
>>> ipa user-mod --setattr=objectclass=oc1, objectclass=oc2, objectclass=oc3
>>>
>>> and some others. Nothing seemed to work all reporting that multiple
>>> arguments were not supported.
>>
>> This should work
>>
>> ipa user-mod --setattr=objectclass=oc1 --addattr=objectclass=oc2
>> --addattr=objectclass=oc3 ...
>>
>> rob
>>
>>>
>>> Steve
>>>
>>> On Mon, Oct 3, 2011 at 11:48 AM, Rob Crittenden<rcritten at redhat.com>
>>> wrote:
>>>>
>>>> Stephen Ingram wrote:
>>>>>
>>>>> I've successfully used ipa user-mod --setattr to remove custom
>>>>> attributes that I've added by simply setting the attribute equal to
>>>>> nothing. However, it does not work in the case of objectclasses since
>>>>> there are several and the command does not support multiple arguments.
>>>>> I've seen references to --delattr in older v1 documentation.
>>>>> Obviously, this could be easily accomplished with an ldapmodify
>>>>> command, but it would be nice to have directly in ipa. Is this already
>>>>> supported and I simply don't know the correct command?
>>>>>
>>>>> Steve
>>>>
>>>> There is currently not a delattr equivalent in v2 though we are looking
>>>> into
>>>> it.
>>>>
>>>> What you'd need to do is a setattr with the full list of objectclasses
>>>> you
>>>> want it to be set to. This will replace the current value(s).
>>>>
>>>> rob
>>>>
>>
>>
More information about the Freeipa-users
mailing list