On Аўт, 23 сту 2024, Harald Dunkel via FreeIPA-users wrote:
Hi Soeren,
On 2024-01-23 14:06:11, Sören R. via FreeIPA-users wrote:
Hi Harri,
did you check your admin user, if the attribute is set?
# ipa user-show admin --all | grep ipantsecurityidentifier
The admin user has this attribute set, but my own account used to access
the web interface hasn't. I am still trying to find a way how to add
this ipantsecurityidentifier attribute to all users, but wasn't there
some kind of builtin supposed to fix this automagically?
No, not automatically because it is a task that goes through all user
accounts one by one and fixes them. It also requires to have properly
defined ID ranges that cover all uidNumber/gidNumber in user/group
entries.
One issue we identified today together with Fedora infrastructure team
is that staged users (created with 'ipa stageuser-add') will prevent
sidgen plugin to generate entries.
Still trying to find the right documentation.
All documentation was mentioned already in these threads. Please see at
https://access.redhat.com/articles/7027037 for more details (needs RHEL
subscription, including a free developer subscription).
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
