[Freeipa-users] Adding user accounts

Dmitri Pal dpal at redhat.com
Mon Mar 28 14:56:20 UTC 2011


On 03/28/2011 10:50 AM, Rob Crittenden wrote:
> Sigbjorn Lie wrote:
>> Fantastic! Thanks. I will update my scripts.
>>
>> Is there any downside to doing this?
>
> One thing I should warn you of though that we've run into from time to
> time. Some of our LDAP operations are done as post-operations, that is
> they execute after the data has been returned to the client. Managed
> Entries (private groups) is one of these. I can definitely see the
> case where you try to detach a managed group that hasn't quite
> finished being created yet. I'd probably put a 1 or 2 second sleep
> after the user creation to be sure, even if it does slow things
> considerably.
>
> We're working with the 389-ds devs on this. There is the tradeoff of
> speed vs correctness (users don't like watching a blinking prompt).
> Some of these post-ops could take a while.

I think we should seriously consider a -noprivategroup option


>
> rob
>
>>
>>
>>
>> Rgds,
>> Siggi
>>
>>
>>
>>
>> On Mon, March 28, 2011 16:02, Rob Crittenden wrote:
>>> Sigbjorn Lie wrote:
>>>
>>>> Thanks.
>>>>
>>>>
>>>> I also noticed that a group with the same GID number as the users
>>>> UID number is automatically
>>>> created when creating the user account, this is a problem for
>>>> existing environments who's
>>>> already used the same ID number for a group.
>>>>
>>>> I see that even after doing a user-mod, changing the GID of the
>>>> account, the private
>>>> (invisible)
>>>> group still exists.
>>>>
>>>> I'm missing an option to choose if I want to create or not create a
>>>> private group for the user.
>>>>
>>>
>>> There currently isn't an option for that. You can delete a managed
>>> group
>>> this way:
>>>
>>> $ ipa user-add --first=Tim --last=Test ttest
>>>
>>>
>>> You now have a group ttest too, lets delete it.
>>>
>>>
>>> $ ipa group-detach ttest
>>> $ ipa group-del ttest
>>>
>>>
>>> The first command detaches it from the user (this is not reversible)
>>> and
>>> the second removes it altogether.
>>>
>>> rob
>>>
>>>>
>>>>
>>>> Rgds,
>>>> Siggi
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Sat, March 26, 2011 18:21, Dmitri Pal wrote:
>>>>
>>>>> On 03/25/2011 03:13 PM, Sigbjorn Lie wrote:
>>>>>
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Using --gidnumber when adding a new user with "ipa user-add" does
>>>>>> not
>>>>>> seem to have any effect. A gid number with the same value as what
>>>>>> I specify in with the
>>>>>> --uid
>>>>>> parameter is chosen.
>>>>>>
>>>>>> I presume this is not the way user-add is intended to work?
>>>>>>
>>>>>>
>>>>>
>>>>> We will take a look.
>>>>> https://fedorahosted.org/freeipa/ticket/1127
>>>>>
>>>>>
>>>>>
>>>>> Looks like a bug so I filed a ticket.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>> # ipa user-add mysql14 --first=MySQL --last=Server
>>>>>> --homedir=/var/lib/mysql --shell=/bin/false --uid=110
>>>>>> --gidnumber=3004
>>>>>> --------------------
>>>>>> Added user "mysql14"
>>>>>> --------------------
>>>>>> User login: mysql14
>>>>>> First name: MySQL
>>>>>> Last name: Server
>>>>>> Full name: MySQL Server
>>>>>> Display name: MySQL Server
>>>>>> Initials: MS
>>>>>> Home directory: /var/lib/mysql
>>>>>> GECOS field: mysql14
>>>>>> Login shell: /bin/false
>>>>>> Kerberos principal: mysql14 at IX.NIXTRA.COM
>>>>>> UID: 110
>>>>>> GID: 110
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Siggi
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> Thank you,
>>>>> Dmitri Pal
>>>>>
>>>>>
>>>>>
>>>>> Sr. Engineering Manager IPA project,
>>>>> Red Hat Inc.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------
>>>>> Looking to carve out IT costs?
>>>>> www.redhat.com/carveoutcosts/
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>
>>>
>>
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/






More information about the Freeipa-users mailing list