[Freeipa-users] ipa user-add
george he
george_he7 at yahoo.com
Thu Jun 21 19:10:18 UTC 2012
it's x86_64 2.2.0-1.fc17.
Thanks,
George
>________________________________
> From: Rob Crittenden <rcritten at redhat.com>
>To: Rich Megginson <rmeggins at redhat.com>
>Cc: george he <george_he7 at yahoo.com>; "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>Sent: Thursday, June 21, 2012 2:54 PM
>Subject: Re: [Freeipa-users] ipa user-add
>
>Rich Megginson wrote:
>> On 06/21/2012 12:25 PM, george he wrote:
>>> Hello all,
>>>
>>> After the server and the client are installed, I run
>>>
>>> ipa user-add myname
>>>
>>> to add users. The users are added successfully, but each user get his
>>> own GID, which is the same as his UID, even though "ipa config-show
>>> --all" shows
>>> Default users group: ipausers
>>>
>>> How do I put all new users to this ipausers group? If I use
>>> --gidnumber=INT, how to find out the GID of the ipausers group?
>
>It would help to know what version and platform of IPA you are using.
>The method differs by version.
>
>>>
>>> I tried to delete a user using "ipa user-del myname", but the private
>>> group myname is left there. So I did the following:
>>>
>>> # ipa group-del myname
>>> ipa: ERROR: Deleting a managed group is not allowed. It must be
>>> detached first.
>>> # ipa group-detach myname
>>> ipa: ERROR: myname: group not found
>>> # ipa user-add myname
>>> First name: myfirstname
>>> Last name: mylastname
>>> ipa: ERROR: Unable to create private group. A group 'myname' already
>>> exists.
>>>
>>> How do I get out of this loop?
>>
>> What is your platform and 389-ds-base version?
>>
>> I'm not familiar with group-detach, but you can manually detach and
>> remove the private group using ldapsearch and ldapmodify:
>>
>> assuming you have done kinit admin:
>> 1) ldapsearch -LLL -Y GSSAPI cn=myname dn
>> This will give you the DN of the group - ignore any entries in the
>> compat tree
>>
>> 2) ldapmodify -Y GSSAPI <<EOF
>> dn: DN of the group from ldapsearch
>> changetype: modify
>> delete: objectclass
>> objectclass: mepManagedEntry
>> -
>> delete: mepManagedBy
>> -
>>
>> dn: DN of the group from ldapsearch
>> changetype: delete
>> EOF
>>
>> This will remove the private group.
>>>
>>> Thanks,
>>> George
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120621/08ff26ed/attachment.htm>
More information about the Freeipa-users
mailing list