[Freeipa-users] REST/JSON API: Howto add a user that is not expired
Oliver Dörr
oliver at doerr-privat.de
Wed Nov 11 14:57:26 UTC 2015
Hi,
i've tried user_mod instead because of
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/pwd-expiration.html
and got
Error-code: 2100
Error-name: ACIError
Error-msg: Insufficient access: Insufficient 'write' privilege to the
'krbPasswordExpiration' attribute of entry
'uid=k812339,cn=users,cn=accounts,dc=kreditwerk,dc=de'.
Inside the acces log of the LDAP Server I could see...
[09/Nov/2015:18:40:31 +0100] conn=658 op=7 MOD
dn="uid=k812339,cn=users,cn=accounts,dc=kreditwerk,dc=de"
[09/Nov/2015:18:40:31 +0100] conn=658 op=7 RESULT err=50 tag=103
nentries=0 etime=0
So it looks like it is a permission issue. But I still have the problem
when use admin to do the job. Any idea about how to change the
permission or an API that it is able to do the job?
Thanks in advance
Oliver
Am 11.11.2015 um 15:29 schrieb Oliver Dörr:
> Hi,
>
> i'm still working with the JSON API and I now have the problem, that I
> want to add a user with a not expired password. I've tried setattr and
> addattr with the following JSON code, but both fail.
> {"params":[[],{"givenname":"Oliver","userpassword":"start123","uid":"k812339","version":"2.151","addattr":"krbpasswordexpiration=20160207010919Z","cn":"Oliver
> Support","sn":"Support"}],"id":0,"method":"user_add"}
>
>
> {"params":[[],{"givenname":"Oliver","userpassword":"start123","uid":"k812339","version":"2.151","cn":"Oliver
> Support","setattr":"krbpasswordexpiration=20160207010919Z","sn":"Support"}],"id":0,"method":"user_add"}
>
>
>
> The user is added to IPA, but the user is still forced to change it's
> password. In the response I could see that my krbpasswordexpiration
> is ignored.
>
> Any ideas what I'm doing wrong?
>
> Thanks
> Oliver
>
More information about the Freeipa-users
mailing list