Hi, On Mon, Jun 9, 2025 at 11:57 AM alexey safonov via FreeIPA-users < [email protected]> wrote:
> Hi team, > > I accidentally created subordinateID and made some random user as an > owner. So right now we are not using that function and I'd like to > delete it. Could not find how to do that. any suggestions? > There is no supported method allowing to remove a subid, please see https://freeipa.readthedocs.io/en/ipa-4-11/designs/subordinate-ids.html#revision-1-limitation : once assigned subids cannot be removed. However if you feel adventurous, you can use ldapdelete to directly remove the entry. Let's take the following example where I created a user "flo" and assigned subid to this user: [root@server ~]# ipa subid-find --owner flo --all --raw ------------------------ 1 subordinate id matched ------------------------ dn: *ipauniqueid=64bf0eb6-d58f-4a83-a3d1-38e24da9bd72,cn=subids,cn=accounts,dc=ipa,dc=test* ipauniqueid: 64bf0eb6-d58f-4a83-a3d1-38e24da9bd72 description: auto-assigned subid ipaowner: uid=flo,cn=users,cn=accounts,dc=ipa,dc=test ipasubuidnumber: 2147483648 ipasubuidcount: 65536 ipasubgidnumber: 2147483648 ipasubgidcount: 65536 objectclass: ipasubordinateidentry objectclass: ipasubordinateid objectclass: ipasubordinategid objectclass: ipasubordinateuid objectclass: top ---------------------------- Number of entries returned 1 ---------------------------- The above command displays the DN of the subid entry. You can then use ldapdelete to remove it: [root@server ~]# ldapdelete -D cn=directory\ manager -w password ipauniqueid=64bf0eb6-d58f-4a83-a3d1-38e24da9bd72,cn=subids,cn=accounts,dc=ipa,dc=test Check again, the entry is removed: [root@server ~]# ipa subid-find --owner flo ------------------------- 0 subordinate ids matched ------------------------- ---------------------------- Number of entries returned 0 ---------------------------- flo > > Alex > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
