Hi Jonathan,
On 11/6/25 8:52 AM, Jonathan Buzzard via 389-users wrote:
Is there a reason behind the need to supply the existing value of an
attribute for a user when deleting it?
I believe the original thought was that it could be a multi-valued
attribute. In such a case you need to know which value to delete.
However, in your case you just need a trailing ":" on the attribute but
with no value
dsidm -b <basedn> ldap1 user modify testuser delete:shadowExpire:
On our side we should improve the usage/man page to clearly explain how
this works.
Regards,
Mark
For example if I want to enable an account which had a shadowExpire
attribute set then the logical thing to do would be
dsidm -b <basedn> ldap1 user modify testuser delete:shadowExpire
because I really don't care what the existing value is and for that
matter I don't actually know what it is. This would be analogous to doing
chage -E -1 testuser
on a traditional /etc/shadow based system, where using -1 as the date
simply removes the expire entry from /etc/shadow.
In my mind, in general if I want to delete an attribute from a user it
seems bizarre that I need to know what it is. I mean I can modify the
value without knowing what it is so why the need to know what it is to
delete it?
JAB.
--
Identity Management Development Team
--
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
