[Freeipa-users] FreeIPA user can't login to linux.
zhiyong xue
xuezhiy at gmail.com
Fri Nov 20 08:02:16 UTC 2015
The problem still exist after update from 4.1 to 4.2.3.
Rob, how to check the missed manage entry?
2015-11-20 0:11 GMT+08:00 Rob Crittenden <rcritten at redhat.com>:
> zhiyong xue wrote:
> > Rob, where can I get more error information beside the log?
> > [16/Nov/2015:02:52:59 +0000] managed-entries-plugin - mep_del_post_op:
> > failed to delete managed entry
> > (member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com) - error (32)
>
> I can still only assume what you're doing: manually adding the entries
> directly by LDAP. To do this you need to follow IPA conventions, or use
> the new user lifecycle framework added in 4.2.
>
> I'm guessing it can't delete the managed entry because either it doesn't
> exist or it is missing an objectclass/attribute marking it as managed.
>
> rob
>
> >
> > 2015-11-16 13:43 GMT+08:00 zhiyong xue <xuezhiy at gmail.com
> > <mailto:xuezhiy at gmail.com>>:
> >
> > I am using IPA 4.1 in CenOS7. And I can login to system after "id
> > syncopex5", maybe it's cache problem.
> >
> > 2015-11-16 11:24 GMT+08:00 Rob Crittenden <rcritten at redhat.com
> > <mailto:rcritten at redhat.com>>:
> >
> > zhiyong xue wrote:
> > > We integrated the Apache Syncope server with FreeIPA server.
> So user can
> > > self register ID from Apache Syncope then synchronize to
> FreeIPA. The
> > > problems are:
> > > *1) User created from Apache Syncope can't login to linux. The
> > user
> > > created from FreeIPA web gui works well.*
> >
> > For login issues see
> > https://fedorahosted.org/sssd/wiki/Troubleshooting
> > This is unlikely to fix things but it will help with later
> > debugging.
> >
> > This likely revolves around how you are creating these accounts.
> > We'll
> > need information on what you're doing. The more details the
> better.
> >
> > > *2) The user also can't be deleted from web UI and CLI. It said
> > > "syncopex5: user not found".*
> >
> > Again, you probably aren't creating the users correctly.
> >
> > I can only assume that you are creating the users directly via
> > an LDAP
> > add. This is working around the IPA framework which does
> > additional work.
> >
> > Knowing what version of IPA this is would help too.
> >
> > You'll probably also want to read this:
> > http://www.freeipa.org/page/V4/User_Life-Cycle_Management . This
> > is in
> > IPA 4.2.
> >
> > rob
> > rob
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151120/94ef8e4f/attachment.htm>
More information about the Freeipa-users
mailing list