[Freeipa-users] FreeIPA user can't login to linux.

Rob Crittenden rcritten at redhat.com
Thu Nov 19 16:11:04 UTC 2015 

zhiyong xue wrote:
> Rob, where can I get more error information beside the log?
> [16/Nov/2015:02:52:59 +0000] managed-entries-plugin - mep_del_post_op:
> failed to delete managed entry
> (member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com) - error (32)

I can still only assume what you're doing: manually adding the entries
directly by LDAP. To do this you need to follow IPA conventions, or use
the new user lifecycle framework added in 4.2.

I'm guessing it can't delete the managed entry because either it doesn't
exist or it is missing an objectclass/attribute marking it as managed.

rob

> 
> 2015-11-16 13:43 GMT+08:00 zhiyong xue <xuezhiy at gmail.com
> <mailto:xuezhiy at gmail.com>>:
> 
>     I am using IPA 4.1 in CenOS7.  And I can login to system after "id
>     syncopex5", maybe it's cache problem.
> 
>     2015-11-16 11:24 GMT+08:00 Rob Crittenden <rcritten at redhat.com
>     <mailto:rcritten at redhat.com>>:
> 
>         zhiyong xue wrote:
>         > We integrated the Apache Syncope server with FreeIPA server. So user can
>         > self register ID from Apache Syncope then synchronize to FreeIPA. The
>         > problems are:
>         > *1) User created from Apache Syncope can't login to linux. The
>         user
>         > created from FreeIPA web gui works well.*
> 
>         For login issues see
>         https://fedorahosted.org/sssd/wiki/Troubleshooting
>         This is unlikely to fix things but it will help with later
>         debugging.
> 
>         This likely revolves around how you are creating these accounts.
>         We'll
>         need information on what you're doing. The more details the better.
> 
>         > *2) The user also can't be deleted from web UI and CLI. It said
>         > "syncopex5: user not found".*
> 
>         Again, you probably aren't creating the users correctly.
> 
>         I can only assume that you are creating the users directly via
>         an LDAP
>         add. This is working around the IPA framework which does
>         additional work.
> 
>         Knowing what version of IPA this is would help too.
> 
>         You'll probably also want to read this:
>         http://www.freeipa.org/page/V4/User_Life-Cycle_Management . This
>         is in
>         IPA 4.2.
> 
>         rob
>         rob
> 
> 
>

More information about the Freeipa-users mailing list