Hi,
you can just add a colon at the end of your example command like this:
dsidm -b <basedn> ldap1 user modify testuser delete:shadowExpire:
Note that in case of multivalued attributes this deletes ALL values.
Regards,
On Thu, Nov 6, 2025 at 2:53 PM Jonathan Buzzard via 389-users <389-users@lists.fedoraproject.org> wrote:
Is there a reason behind the need to supply the existing value of an
attribute for a user when deleting it?
For example if I want to enable an account which had a shadowExpire
attribute set then the logical thing to do would be
dsidm -b <basedn> ldap1 user modify testuser delete:shadowExpire
because I really don't care what the existing value is and for that
matter I don't actually know what it is. This would be analogous to doing
chage -E -1 testuser
on a traditional /etc/shadow based system, where using -1 as the date
simply removes the expire entry from /etc/shadow.
In my mind, in general if I want to delete an attribute from a user it
seems bizarre that I need to know what it is. I mean I can modify the
value without knowing what it is so why the need to know what it is to
delete it?
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment