[Freeipa-users] FreeIPA user can't login to linux.

zhiyong xue xuezhiy at gmail.com
Fri Nov 20 08:02:16 UTC 2015 

The problem still exist after update from 4.1 to  4.2.3.

Rob, how to check the missed manage entry?

2015-11-20 0:11 GMT+08:00 Rob Crittenden <rcritten at redhat.com>:

> zhiyong xue wrote:
> > Rob, where can I get more error information beside the log?
> > [16/Nov/2015:02:52:59 +0000] managed-entries-plugin - mep_del_post_op:
> > failed to delete managed entry
> > (member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com) - error (32)
>
> I can still only assume what you're doing: manually adding the entries
> directly by LDAP. To do this you need to follow IPA conventions, or use
> the new user lifecycle framework added in 4.2.
>
> I'm guessing it can't delete the managed entry because either it doesn't
> exist or it is missing an objectclass/attribute marking it as managed.
>
> rob
>
> >
> > 2015-11-16 13:43 GMT+08:00 zhiyong xue <xuezhiy at gmail.com
> > <mailto:xuezhiy at gmail.com>>:
> >
> >     I am using IPA 4.1 in CenOS7.  And I can login to system after "id
> >     syncopex5", maybe it's cache problem.
> >
> >     2015-11-16 11:24 GMT+08:00 Rob Crittenden <rcritten at redhat.com
> >     <mailto:rcritten at redhat.com>>:
> >
> >         zhiyong xue wrote:
> >         > We integrated the Apache Syncope server with FreeIPA server.
> So user can
> >         > self register ID from Apache Syncope then synchronize to
> FreeIPA. The
> >         > problems are:
> >         > *1) User created from Apache Syncope can't login to linux. The
> >         user
> >         > created from FreeIPA web gui works well.*
> >
> >         For login issues see
> >         https://fedorahosted.org/sssd/wiki/Troubleshooting
> >         This is unlikely to fix things but it will help with later
> >         debugging.
> >
> >         This likely revolves around how you are creating these accounts.
> >         We'll
> >         need information on what you're doing. The more details the
> better.
> >
> >         > *2) The user also can't be deleted from web UI and CLI. It said
> >         > "syncopex5: user not found".*
> >
> >         Again, you probably aren't creating the users correctly.
> >
> >         I can only assume that you are creating the users directly via
> >         an LDAP
> >         add. This is working around the IPA framework which does
> >         additional work.
> >
> >         Knowing what version of IPA this is would help too.
> >
> >         You'll probably also want to read this:
> >         http://www.freeipa.org/page/V4/User_Life-Cycle_Management . This
> >         is in
> >         IPA 4.2.
> >
> >         rob
> >         rob
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151120/94ef8e4f/attachment.htm>

More information about the Freeipa-users mailing list