date:20150816

Re: [Freeipa-users] IPA User Group Auto membership

2015-08-16 Thread Yogesh Sharma

Same is working when I use userclass instead of title as because options to
set title is available only after creating user where as we can set the
userclass while creating user from UI.

*Best Regards,*

*__*

*Yogesh Sharma*
*Email: yks0...@gmail.com yks0...@gmail.com | Web: www.initd.in
http://www.initd.in/ *

*RHCE, VCE-CIA, RACKSPACE CLOUD U Certified*

https://www.fb.com/yks   http://in.linkedin.com/in/yks
https://twitter.com/checkwithyogesh
http://google.com/+YogeshSharmaOnGooglePlus

On Sat, Aug 15, 2015 at 8:52 PM, Yogesh Sharma yks0...@gmail.com wrote:

 Hi Rob,

 My concern was for new entries only.

 -Yogesh Sharma

 (Sent from my HTC)
 On 15-Aug-2015 7:40 pm, Rob Crittenden rcrit...@redhat.com wrote:

 Yogesh Sharma wrote:

 Team,,

 We are having issue in configuring Auto Membership for Usergroup i.e.
 when ever we add/update a user to IPA , it should get added to a group
 on the basis of his/her Job Title.

 Below is the rule:

 [root@ipa-inf-prd-ng2-02 ~]# ipa automember-find  dbausers
 Grouping Type: group
 ---
 1 rules matched
 ---
Description: DBA Auto membership
Automember Rule: dbausers
Inclusive Regex: title=(.*)((?i)(DBA))(.*)
 
 Number of entries returned 1
 
 [root@ipa-inf-prd-ng2-02 ~]#


 We are setting Job Title as Sr. DBA Mgr , DBA II etc, However it is
 not working.

 We have tested the regex, and it seems to be working while testing it.


 The rules only apply to new entries. In order to apply rules to existing
 entries run: ipa automember-rebuild --type=group

 rob


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IDM/ipa slow login

2015-08-16 Thread Jakub Hrozek


 On 13 Aug 2015, at 22:57, John Obaterspok john.obaters...@gmail.com wrote:
 
 Hi Seli,
 
 In /etc/sssd/sssd.conf add below:
  selinux_provider=none

Hmm, good idea. I forgot the version OP was using, but yet -- at one point we 
had a bug where the selinux_child would be invoked even if the context didn't 
change which would be slow. We fixed that error since, but chances are Seli is 
still running the affected version.

 to the domain section. Then restart sssd.
 
 -- john
 
 
 2015-08-13 16:23 GMT+02:00 seli irithyl seli.irit...@gmail.com:
 Here's the sssd_domain log part during an ssh
 
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_get_account_info] 
 (0x0200): Got request for [0x3][1][name=test]
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_req_set_domain] 
 (0x0400): Changing request domain from [bioinf.local] to [bioinf.local]
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] 
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain 
 SID from [(null)]
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] 
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain 
 SID from [(null)]
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_initgr_next_base] (0x0400): Searching for users with base 
 [cn=accounts,dc=bioinf,dc=local]
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
 [((uid=test)(objectclass=posixAccount)((uidNumber=*)(!(uidNumber=0][cn=accounts,dc=bioinf,dc=local].
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
 set
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user] 
 (0x0400): Save user
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_get_primary_name] 
 (0x0400): Processing object test
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user] 
 (0x0400): Processing user test
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] 
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain 
 SID from [(null)]
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user] 
 (0x0400): Adding original memberOf attributes to [test].
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user] 
 (0x0400): Adding user principal [test@BIOINF.LOCAL] to attributes of [test].
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_save_user] 
 (0x0400): Storing info for user test
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_get_primary_name] 
 (0x0400): Processing object test
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [sdap_has_deref_support] 
 (0x0400): The server supports deref method OpenLDAP
 (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
 [((|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))][cn=ipausers,cn=groups,cn=accounts,dc=bioinf,dc=local].
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
 set
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
 [((|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))][cn=bioinfo,cn=groups,cn=accounts,dc=bioinf,dc=local].
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
 set
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_get_primary_name] 
 (0x0400): Processing object ipausers
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_get_primary_name] 
 (0x0400): Processing object bioinfo
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain 
 SID from [(null)]
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_groups_next_base] (0x0400): Searching for groups with base 
 [cn=accounts,dc=bioinf,dc=local]
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
 [((gidNumber=1713400050)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)((gidNumber=*)(!(gidNumber=0][cn=accounts,dc=bioinf,dc=local].
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg 
 set
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_get_groups_process] 
 (0x0400): Search for groups, returned 1 results.
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] [sdap_has_deref_support] 
 (0x0400): The server supports deref method OpenLDAP
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]] 
 [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse domain 
 SID from [(null)]
 (Thu Aug 13 15:22:32 2015) [sssd[be[bioinf.local]]]

Re: [Freeipa-users] IPA User Group Auto membership

Re: [Freeipa-users] IDM/ipa slow login

2 matches

Site Navigation

Mail list logo

Footer information