Hide Forgot
Description of problem: ipa user-mod --setattr and --addattr used to fail with "ipa: ERROR: attribute \"nsAccountLock\" not allowed" Now you can set the attribute ..... # ipa user-mod --setattr nsAccountLock=blah myuser ---------------------- Modified user "myuser" ---------------------- User login: myuser First name: myuser Last name: myuser Home directory: /home/myuser Login shell: /bin/sh Account disabled: blah Member of groups: ipausers and you can set multiple values as well as values other than true of false ... # ipa user-mod --addattr nsAccountLock=test myuser ---------------------- Modified user "myuser" ---------------------- User login: myuser First name: myuser Last name: myuser Home directory: /home/myuser Login shell: /bin/sh Account disabled: true, test Member of groups: ipausers Version-Release number of selected component (if applicable): freeipa-server-2.0-0.2011020720git7be1275.fc14.i686 How reproducible: always Steps to Reproduce: 1. add a user # ipa user-add --first=myuser --last=myuser myuser 2. set the nsAccountLock attribute # ipa user-mod --setattr nsAccountLock=true myuser 3. add an additional nsAccountLock attribute # ipa user-mod --addattr nsAccountLock=test myuser Actual results: successfully set attr and add attr on user object, multi valued and values other than true or false Expected results: Only set attr should be allowed and only values true and false. Additional info:
https://fedorahosted.org/freeipa/ticket/968
master: 4211eee9922cc30e57e740e34018653381bd0dde