On Wed, 17 Sep 2014, Ron wrote:
More information that I should have include before is below. Note that
I use a perl script to add users to the IPA server using perl->LDAP
commands (see below). Could this be the source of the problem?
Yes. If you are creating users not using IPA commands, you need to make
sure you are adding required object classes. Your user below misses
ipaObject and few more.
========================
snippet from perl createid script:
$mesg = $ldap->add("uid=$me,".$CONF{"dn_suffix"},
attrs => [
"objectclass" => $CONF{"obj_class"},
"uidNumber" => $uid,
"gidNumber" => $gid,
"cn" => $gecos,
"gecos" => $gecos,
"sn" => $lastname,
"givenName" => $firstname,
"homeDirectory" => $homedir,
"loginShell" => $shell,
"mail" => $mail,
"userPassword" => $pass
]);
=========================================================
This user does not show the memberof entries even though user brog is in
the p309-mm group.
[root@ipa ~]# ipa user-show --raw --all brog
dn: uid=brog,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
uid: brog
givenname: Bir
sn: Roga
cn: Bir Roga
homedirectory: /home2/brog
gecos: Bir Roga
loginshell: /bin/bash
mail: b...@xyz.gh
uidnumber: 15520
gidnumber: 15520
nsaccountlock: False
has_password: True
has_keytab: False
mepmanagedentry: cn=brog,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
objectclass: posixAccount
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: shadowAccount
objectclass: mepOriginEntry
==========================================================
this user shows the "memberof" entries as expected.
[root@ipa ~]# ipa user-show --raw --all dwth
dn: uid=dwth,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
uid: dwth
givenname: Dev
sn: Tho
cn: Dev Tho
homedirectory: /home2/dwth
gecos: Devin Tho
loginshell: /bin/bash
krbprincipalname: d...@abc.def.gh
mail: d...@xyz.gh
uidnumber: 15424
gidnumber: 400
nsaccountlock: False
has_password: True
has_keytab: True
ipauniqueid: 44f17786-f95c-11e2-b3be-64700200e138
krbextradata: AAJP6ihScm9vdC9hZG1pbkBQSEFTLlVCQy5DQQA=
krblastpwdchange: 20130905203215Z
krbpasswordexpiration: 20131204203215Z
memberof: cn=ipausers,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
memberof: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
objectclass: krbticketpolicyaux
objectclass: ipaobject
objectclass: organizationalperson
objectclass: top
objectclass: ipasshuser
objectclass: inetorgperson
objectclass: person
objectclass: inetuser
objectclass: krbprincipalaux
objectclass: shadowaccount
objectclass: posixaccount
objectclass: ipaSshGroupOfPubKeys
==========================================================
[root@ipa ~]# ipa group-show --all p309-mm
dn: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
Group name: p309-mm
Description: p309 lab group mm
GID: 462
Member users: halp, jfc, tpr, dwth, brog
ipauniqueid: b4d0f16e-3a95-11e4-81df-64700200e138
objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject,
posixgroup
==========================================================
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
