[Freeipa-users] users in groups but user entry does not show groups

Ron rap at phas.ubc.ca
Wed Sep 17 18:18:42 UTC 2014 

More information that I should have include before is below.  Note that
I use a perl script to add users to the IPA server using perl->LDAP
commands (see below).  Could this be the source of the problem?

========================
snippet from perl createid script:

      $mesg = $ldap->add("uid=$me,".$CONF{"dn_suffix"},
        attrs => [
        "objectclass"   => $CONF{"obj_class"},
        "uidNumber"     => $uid,
        "gidNumber"     => $gid,
        "cn"            => $gecos,
        "gecos"         => $gecos,
        "sn"            => $lastname,
        "givenName"     => $firstname,
        "homeDirectory" => $homedir,
        "loginShell"    => $shell,
        "mail"          => $mail,
        "userPassword"  => $pass
        ]);

=========================================================
This user does not show the memberof entries even though user brog is in
the p309-mm group.

[root at ipa ~]# ipa user-show --raw --all brog
  dn: uid=brog,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
  uid: brog
  givenname: Bir
  sn: Roga
  cn: Bir Roga
  homedirectory: /home2/brog
  gecos: Bir Roga
  loginshell: /bin/bash
  mail: brog at xyz.gh
  uidnumber: 15520
  gidnumber: 15520
  nsaccountlock: False
  has_password: True
  has_keytab: False
  mepmanagedentry: cn=brog,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  objectclass: posixAccount
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  objectclass: shadowAccount
  objectclass: mepOriginEntry

==========================================================
this user shows the "memberof" entries as expected.

[root at ipa ~]# ipa user-show --raw --all dwth
  dn: uid=dwth,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
  uid: dwth
  givenname: Dev
  sn: Tho
  cn: Dev  Tho
  homedirectory: /home2/dwth
  gecos: Devin  Tho
  loginshell: /bin/bash
  krbprincipalname: dwth at ABC.DEF.GH
  mail: dwth at xyz.gh
  uidnumber: 15424
  gidnumber: 400
  nsaccountlock: False
  has_password: True
  has_keytab: True
  ipauniqueid: 44f17786-f95c-11e2-b3be-64700200e138
  krbextradata: AAJP6ihScm9vdC9hZG1pbkBQSEFTLlVCQy5DQQA=
  krblastpwdchange: 20130905203215Z
  krbpasswordexpiration: 20131204203215Z
  memberof: cn=ipausers,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  memberof: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  objectclass: krbticketpolicyaux
  objectclass: ipaobject
  objectclass: organizationalperson
  objectclass: top
  objectclass: ipasshuser
  objectclass: inetorgperson
  objectclass: person
  objectclass: inetuser
  objectclass: krbprincipalaux
  objectclass: shadowaccount
  objectclass: posixaccount
  objectclass: ipaSshGroupOfPubKeys

==========================================================
[root at ipa ~]# ipa group-show --all p309-mm
  dn: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  Group name: p309-mm
  Description: p309 lab group mm
  GID: 462
  Member users: halp, jfc, tpr, dwth, brog
  ipauniqueid: b4d0f16e-3a95-11e4-81df-64700200e138
  objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject,
posixgroup

==========================================================

More information about the Freeipa-users mailing list