More information that I should have include before is below. Note that
I use a perl script to add users to the IPA server using perl->LDAP
commands (see below). Could this be the source of the problem?
========================
snippet from perl createid script:
$mesg = $ldap->add("uid=$me,".$CONF{"dn_suffix"},
attrs => [
"objectclass" => $CONF{"obj_class"},
"uidNumber" => $uid,
"gidNumber" => $gid,
"cn" => $gecos,
"gecos" => $gecos,
"sn" => $lastname,
"givenName" => $firstname,
"homeDirectory" => $homedir,
"loginShell" => $shell,
"mail" => $mail,
"userPassword" => $pass
]);
=========================================================
This user does not show the memberof entries even though user brog is in
the p309-mm group.
[root@ipa ~]# ipa user-show --raw --all brog
dn: uid=brog,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
uid: brog
givenname: Bir
sn: Roga
cn: Bir Roga
homedirectory: /home2/brog
gecos: Bir Roga
loginshell: /bin/bash
mail: b...@xyz.gh
uidnumber: 15520
gidnumber: 15520
nsaccountlock: False
has_password: True
has_keytab: False
mepmanagedentry: cn=brog,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
objectclass: posixAccount
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: shadowAccount
objectclass: mepOriginEntry
==========================================================
this user shows the "memberof" entries as expected.
[root@ipa ~]# ipa user-show --raw --all dwth
dn: uid=dwth,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
uid: dwth
givenname: Dev
sn: Tho
cn: Dev Tho
homedirectory: /home2/dwth
gecos: Devin Tho
loginshell: /bin/bash
krbprincipalname: d...@abc.def.gh
mail: d...@xyz.gh
uidnumber: 15424
gidnumber: 400
nsaccountlock: False
has_password: True
has_keytab: True
ipauniqueid: 44f17786-f95c-11e2-b3be-64700200e138
krbextradata: AAJP6ihScm9vdC9hZG1pbkBQSEFTLlVCQy5DQQA=
krblastpwdchange: 20130905203215Z
krbpasswordexpiration: 20131204203215Z
memberof: cn=ipausers,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
memberof: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: organizationalperson
objectclass: top
objectclass: ipasshuser
objectclass: inetorgperson
objectclass: person
objectclass: inetuser
objectclass: krbprincipalaux
objectclass: shadowaccount
objectclass: posixaccount
objectclass: ipaSshGroupOfPubKeys
==========================================================
[root@ipa ~]# ipa group-show --all p309-mm
dn: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
Group name: p309-mm
Description: p309 lab group mm
GID: 462
Member users: halp, jfc, tpr, dwth, brog
ipauniqueid: b4d0f16e-3a95-11e4-81df-64700200e138
objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject,
posixgroup
==========================================================
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
