Ldap – Accidentally disabled the administrator account on IPA server

freeipaldap

I'm running ipa-server on Centos 6. I was going through the users disabling accounts and accidentally disabled the "administrator" account. Now I have no access to do anything. Is there any way to restore access to this account? Or to prevent this from happening in the future?

Best Answer

Find out the exact DN of the administrator user:

$ ipa user-show admin --all --raw | grep dn

... and use cn=Directory Manager with password entered during FreeIPA installation (you still remember it, do you?) and enable the account:

$ ldapmodify -h ipa.server.fqdn -D "cn=Directory Manager" -ZZ -x -W
dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: nsaccountlock
nsaccountlock: false
Related Topic