<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Please ignore this problem, I found the
problem, embarrassing as this is, a host file was in place where I
didn't expect it, the user was not created in the correct system.
<br>
<br>
John<br>
<br>
On 6/18/14, 9:02 AM, John Moyer wrote:<br>
</div>
<blockquote cite="mid:53A18DCE.4050003@digitalreasoning.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Rob, <br>
<br>
That is correct, I just put my ssh key in for that new user
and was unable to ssh to one of the nodes registered with IPA.
I also logged in as myself (which did work) and then ran getent
password new.user and that yielded nothing, but getent password
john.moyer yielded all of my information. <br>
<br>
<br>
<br>
On 6/17/14, 11:26 AM, Rob Crittenden wrote:<br>
</div>
<blockquote cite="mid:53A05E3C.3000005@redhat.com" type="cite">
<pre wrap="">John Moyer wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Sorry forgot the second part of your question:
rpm -qa | grep ipa
libipa_hbac-1.9.2-129.el6_5.4.x86_64
ipa-server-3.0.0-37.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
python-iniparse-0.3.1-2.1.el6.noarch
libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
ipa-python-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
ipa-admintools-3.0.0-37.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-selinux-3.0.0-37.el6.x86_64
</pre>
</blockquote>
<pre wrap="">It's important that we're comparing apples to apples. Is this a search
against the same IPA server or do you have multiple masters?
I assume that SSSD isn't seeing these new users either which is what
lead you to ldapsearch?
You might want to do the same search on a working and non-working box
and compare the 389-ds access logs to see if there is anything noticeable.
rob
</pre>
<blockquote type="cite">
<pre wrap="">
John
On 6/17/14, 8:30 AM, John Moyer wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I'm using ldapsearch. The command I was using was like the one below
(edited to protect creds/users).
ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b
"dc=digitalreasoning,dc=com" -D
"uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com" -w
'password' uid=first.last
# extended LDIF
#
# LDAPv3
# base <dc=digitalreasoning,dc=com> with scope subtree
# filter: uid=first.last
# requesting: ALL
#
# search result
search: 3
result: 0 Success
# numResponses: 1
Any help is much appreciated!
Thanks,
John
On 6/16/14, 6:22 PM, Rob Crittenden wrote:
</pre>
<blockquote type="cite">
<pre wrap="">John Moyer wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello All,
I'm having a problem querying new users.
I can create the user from the webpage no problem, and I can see
them afterwards via the webpage. I can then see those users via ipa
user-find, as well as a LOCAL ldapsearch, even remotely from apache
directory studio. However, if I go to another linux box and do an
ldapsearch the new user (only the new user) is not seen in the search.
Users created before today work great. Now I did change stuff, I did a
yum upgrade last weekend and this was not a problem before I did this.
Any help or guidance to make a remove ldapsearch work on new users would
be greatly appreciated!
</pre>
</blockquote>
<pre wrap="">What command-line are you using? What rpm version is [free]ipa-python?
Do you have multiple masters or is this a single IPA server?
rob
</pre>
</blockquote>
<pre wrap="">
Thanks,
------------------------------------------------------------------------
John Moyer
</pre>
</blockquote>
<pre wrap="">
Thanks,
------------------------------------------------------------------------
John Moyer
Director, IT Operations
901 N. Stuart St. STE 904A
Arlington,VA 22203
703.678.2311 Office
240.460.0023 Cell
703.678.2312 Fax
</pre>
</blockquote>
</blockquote>
<br>
<br>
<div class="moz-signature"><br>
<br>
Thanks,<br>
<hr> John Moyer<br>
Director, IT Operations<br>
901 N. Stuart St. STE 904A<br>
Arlington,VA 22203<br>
703.678.2311 Office<br>
240.460.0023 Cell<br>
703.678.2312 Fax<br>
</div>
</blockquote>
<br>
<br>
<div class="moz-signature"><br>
<br>
Thanks,<br>
<hr>
John Moyer<br>
Director, IT Operations<br>
901 N. Stuart St. STE 904A<br>
Arlington,VA 22203<br>
703.678.2311 Office<br>
240.460.0023 Cell<br>
703.678.2312 Fax<br>
</div>
</body>
</html>