[Freeipa-users] Adding user accounts

Rob Crittenden rcritten at redhat.com
Mon Mar 28 14:50:14 UTC 2011 

Sigbjorn Lie wrote:
> Fantastic! Thanks. I will update my scripts.
>
> Is there any downside to doing this?

One thing I should warn you of though that we've run into from time to 
time. Some of our LDAP operations are done as post-operations, that is 
they execute after the data has been returned to the client. Managed 
Entries (private groups) is one of these. I can definitely see the case 
where you try to detach a managed group that hasn't quite finished being 
created yet. I'd probably put a 1 or 2 second sleep after the user 
creation to be sure, even if it does slow things considerably.

We're working with the 389-ds devs on this. There is the tradeoff of 
speed vs correctness (users don't like watching a blinking prompt). Some 
of these post-ops could take a while.

rob

>
>
>
> Rgds,
> Siggi
>
>
>
>
> On Mon, March 28, 2011 16:02, Rob Crittenden wrote:
>> Sigbjorn Lie wrote:
>>
>>> Thanks.
>>>
>>>
>>> I also noticed that a group with the same GID number as the users UID number is automatically
>>> created when creating the user account, this is a problem for existing environments who's
>>> already used the same ID number for a group.
>>>
>>> I see that even after doing a user-mod, changing the GID of the account, the private
>>> (invisible)
>>> group still exists.
>>>
>>> I'm missing an option to choose if I want to create or not create a private group for the user.
>>>
>>
>> There currently isn't an option for that. You can delete a managed group
>> this way:
>>
>> $ ipa user-add --first=Tim --last=Test ttest
>>
>>
>> You now have a group ttest too, lets delete it.
>>
>>
>> $ ipa group-detach ttest
>> $ ipa group-del ttest
>>
>>
>> The first command detaches it from the user (this is not reversible) and
>> the second removes it altogether.
>>
>> rob
>>
>>>
>>>
>>> Rgds,
>>> Siggi
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Sat, March 26, 2011 18:21, Dmitri Pal wrote:
>>>
>>>> On 03/25/2011 03:13 PM, Sigbjorn Lie wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>>
>>>>> Using --gidnumber when adding a new user with "ipa user-add" does not
>>>>> seem to have any effect. A gid number with the same value as what I specify in with the
>>>>> --uid
>>>>> parameter is chosen.
>>>>>
>>>>> I presume this is not the way user-add is intended to work?
>>>>>
>>>>>
>>>>
>>>> We will take a look.
>>>> https://fedorahosted.org/freeipa/ticket/1127
>>>>
>>>>
>>>>
>>>> Looks like a bug so I filed a ticket.
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>> # ipa user-add mysql14 --first=MySQL --last=Server
>>>>> --homedir=/var/lib/mysql --shell=/bin/false --uid=110 --gidnumber=3004
>>>>> --------------------
>>>>> Added user "mysql14"
>>>>> --------------------
>>>>> User login: mysql14
>>>>> First name: MySQL
>>>>> Last name: Server
>>>>> Full name: MySQL Server
>>>>> Display name: MySQL Server
>>>>> Initials: MS
>>>>> Home directory: /var/lib/mysql
>>>>> GECOS field: mysql14
>>>>> Login shell: /bin/false
>>>>> Kerberos principal: mysql14 at IX.NIXTRA.COM
>>>>> UID: 110
>>>>> GID: 110
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> Siggi
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>>
>>>>
>>>> Sr. Engineering Manager IPA project,
>>>> Red Hat Inc.
>>>>
>>>>
>>>>
>>>>
>>>> -------------------------------
>>>> Looking to carve out IT costs?
>>>> www.redhat.com/carveoutcosts/
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>
>

More information about the Freeipa-users mailing list