Rob, That is correct, I just put my ssh key in for that new user and was unable to ssh to one of the nodes registered with IPA. I also logged in as myself (which did work) and then ran getent password new.user and that yielded nothing, but getent password john.moyer yielded all of my information.
On 6/17/14, 11:26 AM, Rob Crittenden wrote: > John Moyer wrote: >> Sorry forgot the second part of your question: >> >> rpm -qa | grep ipa >> libipa_hbac-1.9.2-129.el6_5.4.x86_64 >> ipa-server-3.0.0-37.el6.x86_64 >> ipa-pki-ca-theme-9.0.3-7.el6.noarch >> python-iniparse-0.3.1-2.1.el6.noarch >> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64 >> ipa-python-3.0.0-37.el6.x86_64 >> ipa-client-3.0.0-37.el6.x86_64 >> ipa-admintools-3.0.0-37.el6.x86_64 >> ipa-pki-common-theme-9.0.3-7.el6.noarch >> ipa-server-selinux-3.0.0-37.el6.x86_64 > It's important that we're comparing apples to apples. Is this a search > against the same IPA server or do you have multiple masters? > > I assume that SSSD isn't seeing these new users either which is what > lead you to ldapsearch? > > You might want to do the same search on a working and non-working box > and compare the 389-ds access logs to see if there is anything noticeable. > > rob > >> >> John >> >> On 6/17/14, 8:30 AM, John Moyer wrote: >>> I'm using ldapsearch. The command I was using was like the one below >>> (edited to protect creds/users). >>> >>> ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b >>> "dc=digitalreasoning,dc=com" -D >>> "uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com" -w >>> 'password' uid=first.last >>> >>> >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <dc=digitalreasoning,dc=com> with scope subtree >>> # filter: uid=first.last >>> # requesting: ALL >>> # >>> >>> # search result >>> search: 3 >>> result: 0 Success >>> >>> # numResponses: 1 >>> >>> >>> Any help is much appreciated! >>> >>> Thanks, >>> >>> John >>> >>> >>> >>> On 6/16/14, 6:22 PM, Rob Crittenden wrote: >>>> John Moyer wrote: >>>>> Hello All, >>>>> >>>>> I'm having a problem querying new users. >>>>> >>>>> I can create the user from the webpage no problem, and I can see >>>>> them afterwards via the webpage. I can then see those users via ipa >>>>> user-find, as well as a LOCAL ldapsearch, even remotely from apache >>>>> directory studio. However, if I go to another linux box and do an >>>>> ldapsearch the new user (only the new user) is not seen in the search. >>>>> Users created before today work great. Now I did change stuff, I did a >>>>> yum upgrade last weekend and this was not a problem before I did this. >>>>> Any help or guidance to make a remove ldapsearch work on new users would >>>>> be greatly appreciated! >>>> What command-line are you using? What rpm version is [free]ipa-python? >>>> Do you have multiple masters or is this a single IPA server? >>>> >>>> rob >>>> >>> >>> >>> >>> Thanks, >>> ------------------------------------------------------------------------ >>> John Moyer >>> >> >> >> >> Thanks, >> ------------------------------------------------------------------------ >> John Moyer >> Director, IT Operations >> 901 N. Stuart St. STE 904A >> Arlington,VA 22203 >> 703.678.2311 Office >> 240.460.0023 Cell >> 703.678.2312 Fax Thanks, ------------------------------------------------------------------------ John Moyer Director, IT Operations 901 N. Stuart St. STE 904A Arlington,VA 22203 703.678.2311 Office 240.460.0023 Cell 703.678.2312 Fax
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project