[Freeipa-users] ipa user-add

Rob Crittenden rcritten at redhat.com
Thu Jun 21 18:54:53 UTC 2012 

Rich Megginson wrote:
> On 06/21/2012 12:25 PM, george he wrote:
>> Hello all,
>>
>> After the server and the client are installed, I run
>>
>> ipa user-add myname
>>
>> to add users. The users are added successfully, but each user get his
>> own GID, which is the same as his UID, even though "ipa config-show
>> --all" shows
>> Default users group: ipausers
>>
>> How do I put all new users to this ipausers group? If I use
>> --gidnumber=INT, how to find out the GID of the ipausers group?

It would help to know what version and platform of IPA you are using. 
The method differs by version.

>>
>> I tried to delete a user using "ipa user-del myname", but the private
>> group myname is left there. So I did the following:
>>
>> # ipa group-del myname
>> ipa: ERROR: Deleting a managed group is not allowed. It must be
>> detached first.
>> # ipa group-detach myname
>> ipa: ERROR: myname: group not found
>> # ipa user-add myname
>> First name: myfirstname
>> Last name: mylastname
>> ipa: ERROR: Unable to create private group. A group 'myname' already
>> exists.
>>
>> How do I get out of this loop?
>
> What is your platform and 389-ds-base version?
>
> I'm not familiar with group-detach, but you can manually detach and
> remove the private group using ldapsearch and ldapmodify:
>
> assuming you have done kinit admin:
> 1) ldapsearch -LLL -Y GSSAPI cn=myname dn
> This will give you the DN of the group - ignore any entries in the
> compat tree
>
> 2) ldapmodify -Y GSSAPI <<EOF
> dn: DN of the group from ldapsearch
> changetype: modify
> delete: objectclass
> objectclass: mepManagedEntry
> -
> delete: mepManagedBy
> -
>
> dn: DN of the group from ldapsearch
> changetype: delete
> EOF
>
> This will remove the private group.
>>
>> Thanks,
>> George
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list