[Freeipa-users] Problem finding new users via command line

Rob Crittenden rcritten at redhat.com
Tue Jun 17 15:26:52 UTC 2014 

John Moyer wrote:
> Sorry forgot the second part of your question:
> 
> rpm -qa | grep ipa
> libipa_hbac-1.9.2-129.el6_5.4.x86_64
> ipa-server-3.0.0-37.el6.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> python-iniparse-0.3.1-2.1.el6.noarch
> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
> ipa-python-3.0.0-37.el6.x86_64
> ipa-client-3.0.0-37.el6.x86_64
> ipa-admintools-3.0.0-37.el6.x86_64
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> ipa-server-selinux-3.0.0-37.el6.x86_64

It's important that we're comparing apples to apples. Is this a search
against the same IPA server or do you have multiple masters?

I assume that SSSD isn't seeing these new users either which is what
lead you to ldapsearch?

You might want to do the same search on a working and non-working box
and compare the 389-ds access logs to see if there is anything noticeable.

rob

> 
> 
> John
> 
> On 6/17/14, 8:30 AM, John Moyer wrote:
>> I'm using ldapsearch.  The command I was using was like the one below
>> (edited to protect creds/users).
>>
>> ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b
>> "dc=digitalreasoning,dc=com" -D
>> "uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com" -w
>> 'password' uid=first.last
>>
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=digitalreasoning,dc=com> with scope subtree
>> # filter: uid=first.last
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 3
>> result: 0 Success
>>
>> # numResponses: 1
>>
>>
>> Any help is much appreciated! 
>>
>> Thanks,
>>
>> John
>>
>>
>>
>> On 6/16/14, 6:22 PM, Rob Crittenden wrote:
>>> John Moyer wrote:
>>>> Hello All,
>>>>
>>>>     I'm having a problem querying new users.   
>>>>
>>>>     I can create the user from the webpage no problem, and I can see
>>>> them afterwards via the webpage.  I can then see those users via ipa
>>>> user-find, as well as a LOCAL ldapsearch, even remotely from apache
>>>> directory studio.  However, if I go to another linux box and do an
>>>> ldapsearch the new user (only the new user) is not seen in the search.  
>>>> Users created before today work great.   Now I did change stuff, I did a
>>>> yum upgrade last weekend and this was not a problem before I did this.  
>>>> Any help or guidance to make a remove ldapsearch work on new users would
>>>> be greatly appreciated!  
>>> What command-line are you using? What rpm version is [free]ipa-python?
>>> Do you have multiple masters or is this a single IPA server?
>>>
>>> rob
>>>
>>
>>
>>
>>
>> Thanks,
>> ------------------------------------------------------------------------
>> John Moyer
>>
> 
> 
> 
> 
> Thanks,
> ------------------------------------------------------------------------
> John Moyer
> Director, IT Operations
> 901 N. Stuart St. STE 904A
> Arlington,VA 22203
> 703.678.2311 Office
> 240.460.0023 Cell
> 703.678.2312 Fax

More information about the Freeipa-users mailing list