[Freeipa-users] Problem finding new users via command line

Wed Jun 18 13:02:06 UTC 2014

Rob,

    That is correct, I just put my ssh key in for that new user and was
unable to ssh to one of the nodes registered with IPA.  I also logged in
as myself (which did work) and then ran getent password new.user and
that yielded nothing, but getent password john.moyer yielded all of my
information.  


On 6/17/14, 11:26 AM, Rob Crittenden wrote:
> John Moyer wrote:
>> Sorry forgot the second part of your question:
>>
>> rpm -qa | grep ipa
>> libipa_hbac-1.9.2-129.el6_5.4.x86_64
>> ipa-server-3.0.0-37.el6.x86_64
>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>> python-iniparse-0.3.1-2.1.el6.noarch
>> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
>> ipa-python-3.0.0-37.el6.x86_64
>> ipa-client-3.0.0-37.el6.x86_64
>> ipa-admintools-3.0.0-37.el6.x86_64
>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>> ipa-server-selinux-3.0.0-37.el6.x86_64
> It's important that we're comparing apples to apples. Is this a search
> against the same IPA server or do you have multiple masters?
>
> I assume that SSSD isn't seeing these new users either which is what
> lead you to ldapsearch?
>
> You might want to do the same search on a working and non-working box
> and compare the 389-ds access logs to see if there is anything noticeable.
>
> rob
>
>>
>> John
>>
>> On 6/17/14, 8:30 AM, John Moyer wrote:
>>> I'm using ldapsearch.  The command I was using was like the one below
>>> (edited to protect creds/users).
>>>
>>> ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b
>>> "dc=digitalreasoning,dc=com" -D
>>> "uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com" -w
>>> 'password' uid=first.last
>>>
>>>
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=digitalreasoning,dc=com> with scope subtree
>>> # filter: uid=first.last
>>> # requesting: ALL
>>> #
>>>
>>> # search result
>>> search: 3
>>> result: 0 Success
>>>
>>> # numResponses: 1
>>>
>>>
>>> Any help is much appreciated! 
>>>
>>> Thanks,
>>>
>>> John
>>>
>>>
>>>
>>> On 6/16/14, 6:22 PM, Rob Crittenden wrote:
>>>> John Moyer wrote:
>>>>> Hello All,
>>>>>
>>>>>     I'm having a problem querying new users.   
>>>>>
>>>>>     I can create the user from the webpage no problem, and I can see
>>>>> them afterwards via the webpage.  I can then see those users via ipa
>>>>> user-find, as well as a LOCAL ldapsearch, even remotely from apache
>>>>> directory studio.  However, if I go to another linux box and do an
>>>>> ldapsearch the new user (only the new user) is not seen in the search.  
>>>>> Users created before today work great.   Now I did change stuff, I did a
>>>>> yum upgrade last weekend and this was not a problem before I did this.  
>>>>> Any help or guidance to make a remove ldapsearch work on new users would
>>>>> be greatly appreciated!  
>>>> What command-line are you using? What rpm version is [free]ipa-python?
>>>> Do you have multiple masters or is this a single IPA server?
>>>>
>>>> rob
>>>>
>>>
>>>
>>>
>>> Thanks,
>>> ------------------------------------------------------------------------
>>> John Moyer
>>>
>>
>>
>>
>> Thanks,
>> ------------------------------------------------------------------------
>> John Moyer
>> Director, IT Operations
>> 901 N. Stuart St. STE 904A
>> Arlington,VA 22203
>> 703.678.2311 Office
>> 240.460.0023 Cell
>> 703.678.2312 Fax


Thanks,
------------------------------------------------------------------------
John Moyer
Director, IT Operations
901 N. Stuart St. STE 904A
Arlington,VA 22203
703.678.2311 Office
240.460.0023 Cell
703.678.2312 Fax
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140618/5707d237/attachment.htm>