[Freeipa-users] users in groups but user entry does not show groups

Alexander Bokovoy abokovoy at redhat.com
Wed Sep 17 18:43:09 UTC 2014 

On Wed, 17 Sep 2014, Ron wrote:
>More information that I should have include before is below.  Note that
>I use a perl script to add users to the IPA server using perl->LDAP
>commands (see below).  Could this be the source of the problem?
Yes. If you are creating users not using IPA commands, you need to make
sure you are adding required object classes. Your user below misses
ipaObject and few more.

>
>========================
>snippet from perl createid script:
>
>      $mesg = $ldap->add("uid=$me,".$CONF{"dn_suffix"},
>        attrs => [
>        "objectclass"   => $CONF{"obj_class"},
>        "uidNumber"     => $uid,
>        "gidNumber"     => $gid,
>        "cn"            => $gecos,
>        "gecos"         => $gecos,
>        "sn"            => $lastname,
>        "givenName"     => $firstname,
>        "homeDirectory" => $homedir,
>        "loginShell"    => $shell,
>        "mail"          => $mail,
>        "userPassword"  => $pass
>        ]);
>
>=========================================================
>This user does not show the memberof entries even though user brog is in
>the p309-mm group.
>
>[root at ipa ~]# ipa user-show --raw --all brog
>  dn: uid=brog,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
>  uid: brog
>  givenname: Bir
>  sn: Roga
>  cn: Bir Roga
>  homedirectory: /home2/brog
>  gecos: Bir Roga
>  loginshell: /bin/bash
>  mail: brog at xyz.gh
>  uidnumber: 15520
>  gidnumber: 15520
>  nsaccountlock: False
>  has_password: True
>  has_keytab: False
>  mepmanagedentry: cn=brog,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
>  objectclass: posixAccount
>  objectclass: top
>  objectclass: person
>  objectclass: organizationalPerson
>  objectclass: inetOrgPerson
>  objectclass: shadowAccount
>  objectclass: mepOriginEntry
>
>==========================================================
>this user shows the "memberof" entries as expected.
>
>[root at ipa ~]# ipa user-show --raw --all dwth
>  dn: uid=dwth,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
>  uid: dwth
>  givenname: Dev
>  sn: Tho
>  cn: Dev  Tho
>  homedirectory: /home2/dwth
>  gecos: Devin  Tho
>  loginshell: /bin/bash
>  krbprincipalname: dwth at ABC.DEF.GH
>  mail: dwth at xyz.gh
>  uidnumber: 15424
>  gidnumber: 400
>  nsaccountlock: False
>  has_password: True
>  has_keytab: True
>  ipauniqueid: 44f17786-f95c-11e2-b3be-64700200e138
>  krbextradata: AAJP6ihScm9vdC9hZG1pbkBQSEFTLlVCQy5DQQA=
>  krblastpwdchange: 20130905203215Z
>  krbpasswordexpiration: 20131204203215Z
>  memberof: cn=ipausers,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
>  memberof: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
>  objectclass: krbticketpolicyaux
>  objectclass: ipaobject
>  objectclass: organizationalperson
>  objectclass: top
>  objectclass: ipasshuser
>  objectclass: inetorgperson
>  objectclass: person
>  objectclass: inetuser
>  objectclass: krbprincipalaux
>  objectclass: shadowaccount
>  objectclass: posixaccount
>  objectclass: ipaSshGroupOfPubKeys
>
>==========================================================
>[root at ipa ~]# ipa group-show --all p309-mm
>  dn: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
>  Group name: p309-mm
>  Description: p309 lab group mm
>  GID: 462
>  Member users: halp, jfc, tpr, dwth, brog
>  ipauniqueid: b4d0f16e-3a95-11e4-81df-64700200e138
>  objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject,
>posixgroup
>
>==========================================================
>
>
>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go To http://freeipa.org for more info on the project

-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list