An error occurred while changing an IdM password - attribute "krbpasswordexpirationkrbpasswordexpiration" not allowed

Solution Verified - Updated -

Issue

  • Getting an error when changing an IdM password - attribute "krbpasswordexpirationkrbpasswordexpiration" not allowed

  • Unable to change the password for a specific IdM account, the GUI gave an objectclass violation error and noticed the following in the LDAP error log.

[18/Apr/2023:14:21:44.541377591 +0100] - ERR - oc_check_allowed_sv - Entry "uid=ipauser1,cn=users,cn=accounts,dc=ipa,dc=example,dc=com" -- attribute "krbpasswordexpirationkrbpasswordexpiration" not allowed  <----
  • Modifying IPA user entry is failing with error below:
[root@ipaserver ~]$ ipa user-mod ipauser1 --password-expiration=20230715081343Z
ipa: ERROR: attribute "krbpasswordexpirationkrbpasswordexpiration" not allowed

Environment

  • Red Hat Enterprise Linux 7
  • Identity Management (IPA/IdM)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content