I'm running ipa-server on Centos 6. I was going through the users disabling accounts and accidentally disabled the "administrator" account. Now I have no access to do anything. Is there any way to restore access to this account? Or to prevent this from happening in the future?
Asked
Active
Viewed 2,063 times
2 Answers
1
Find out the exact DN of the administrator user:
$ ipa user-show admin --all --raw | grep dn
... and use cn=Directory Manager with password entered during FreeIPA installation (you still remember it, do you?) and enable the account:
$ ldapmodify -h ipa.server.fqdn -D "cn=Directory Manager" -ZZ -x -W
dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: nsaccountlock
nsaccountlock: false
Martin Kosek
- 386
- 1
- 3
0
Log in with a different account and re-enable it, if you have such an account (you should, in all but the smallest deployments).
As of FreeIPA 3.0, which is included in EL 6.4, it is no longer possible to disable the last administrator account.
Michael Hampton
- 237,123
- 42
- 477
- 940