[Freeipa-users] ipa user-add

[Rich Megginson]

On 06/21/2012 12:25 PM, george he wrote:
> Hello all,
>
> After the server and the client are installed, I run
>
> ipa user-add myname
>
> to add users. The users are added successfully, but each user get his 
> own GID, which is the same as his UID, even though "ipa config-show 
> --all" shows
>   Default users group: ipausers
>
> How do I put all new users to this ipausers group? If I use 
> --gidnumber=INT, how to find out the GID of the ipausers group?
>
> I tried to delete a user using "ipa user-del myname", but the private 
> group myname is left there. So I did the following:
>
> # ipa group-del myname
> ipa: ERROR: Deleting a managed group is not allowed. It must be 
> detached first.
> # ipa group-detach myname
> ipa: ERROR: myname: group not found
> # ipa user-add myname
> First name: myfirstname
> Last name: mylastname
> ipa: ERROR: Unable to create private group. A group 'myname' already 
> exists.
>
> How do I get out of this loop?

What is your platform and 389-ds-base version?

I'm not familiar with group-detach, but you can manually detach and 
remove the private group using ldapsearch and ldapmodify:

assuming you have done kinit admin:
1) ldapsearch -LLL -Y GSSAPI cn=myname dn
This will give you the DN of the group - ignore any entries in the 
compat tree

2) ldapmodify -Y GSSAPI <<EOF
dn: DN of the group from ldapsearch
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
-
delete: mepManagedBy
-

dn: DN of the group from ldapsearch
changetype: delete
EOF

This will remove the private group.
>
> Thanks,
> George
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120621/9ee83fb6/attachment.htm>