Martin Kosek wrote:
On 08/20/2015 11:57 AM, Detlev Habicht wrote:
Hi all,
i am new using IPA and learning IPA i am also learning some
other things new for me.
Migrating our system to IPA i found some problems with private groups.
We don’t used it up to now.
Trying to disable this feature with
ipa-managed-entries -e „UPG Definition“ -p xxx disable
crashed my database.
By crashed, you mean that Directory Server process crashed? If yes, it would be
really interesting to get a stack trace, steps in
http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes
This would allow 389-DS developers to fix the bug.
I don’t know why. After this i can’t
create new users.
IIRC, you would need to turn the default "ipausers" group into POSIX group
(group-mod --posix), to let it be used it instead of the user private groups.
But this depends on the error you are getting.
For this problem i have no more information.
But i have a question:
Can i delete a private group after creating an user? How can i do this?
You can use "group-detach" command and then "group-del" on the detached managed
group.
And can i later create a private group again for this user? How?
Hmm... You could do group-add command with the right GID, I do not know about
single command doing that.
There is no way to create the same kind of UPG for an existing user as
can be done for a new user. The managed entries plugin manages the
linkage between the user and group and IPA currently doesn't provide a
way to create a linkage after the fact.
You can create a group with the same gid with : ipa group-add myuser
--gid <uid-of-user>, but this isn't exactly "private". A private group
doesn't allow members.
One of the other features of UPG is that when the user is deleted, the
group is also deleted. This would not happen in the case of manually
created private groups.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
