11.3. Editing Users

Editing Users in the Web UI

  1. Select the IdentityUsers tab.
  2. Search the Active users, Stage users, or Preserved users category to find the user to edit.
  3. Click the name of the user to edit.
    Selecting a User to Edit

    Figure 11.10. Selecting a User to Edit

  4. Edit the user attribute fields as required.
  5. Click Save at the top of the page.
    Save Modified User Attributes

    Figure 11.11. Save Modified User Attributes

After you update user details in the web UI, the new values are not synchronized immediately. It might take up to approximately 5 minutes before the new values are reflected at the client system.

Editing Users from the Command Line

To modify a user in the active or preserved states, use the ipa user-mod command. To modify a user in the stage state, use the ipa stageuser-mod command.
The ipa user-mod and ipa stageuser-mod commands accept the following options:
  • the user login, which identifies the user account to be modified
  • options specifying the new attribute values
For a complete list of user entry attributes that can be modified from the command line, see the list of options accepted by ipa user-mod and ipa stageuser-mod. To display the list of options, run the commands with the --help option added.
Simply adding an attribute option to ipa user-mod or ipa stageuser-mod overwrites the current attribute value. For example, the following changes a user's title or adds a new title if the user did not yet have a title specified:
$ ipa user-mod user_login --title=new_title
For LDAP attributes that are allowed to have multiple values, IdM also accepts multiple values. For example, a user can have two email addresses saved in their user account. To add an additional attribute value without overwriting the existing value, use the --addattr option together with the option to specify the new attribute value. For example, to add a new email address to a user account that already has an email address specified:
$ ipa user-mod user --addattr=mobile=new_mobile_number
--------------------
Modified user "user"
--------------------
  User login: user
...
  Mobile Telephone Number: mobile_number, new_mobile_number
...
To set two attribute values at the same time, use the --addattr option twice:
$ ipa user-mod user --addattr=mobile=mobile_number_1 --addattr=mobile=mobile_number_2
The ipa user-mod command also accepts the --setattr option for setting attribute values and the --delattr option for deleting attribute values. These options are used in a way similar to using --addattr. For details, see the output of the ipa user-mod --help command.

Note

To overwrite the current email address for a user, use the --email option. However, to add an additional email address, use the mail option with the --addattr option:
$ ipa user-mod user --email=email@example.com

$ ipa user-mod user --addattr=mail=another_email@example.com