Steven Jones wrote:


I can do a ldapsearch -x -b "dc=ipa,dc=ac,dc=nz' |more

Which returns LDAP info....that looks fine....the query looks OK....

getent passwd "user" however only returns one line, not the two I should
expect?

Why do you expect two lines? It should only return one, for that user.


It also returns very fast....like its not even looking remotely.

Is the user in /etc/passwd too?


I have run authconfig-tui and that looks OK as far as I can tell....

I have set cli.conf and server.conf but there are no logs any where I
can find........

Ideas please?

Also how to get logging going so I have something to look at!!!!

Logging depends entirely on the context you are in.

For nss data (user, group, etc) you'll need to check system logs. If you are using sssd, the default, then you can try adding debug_level = 9 to /etc/sssd/sssd.conf in the ipa provider (domain/example.com) and restart sssd. Watch the logs in /var/log/sssd.

Since sssd uses LDAP you can also see the queries it makes on your IPA server in /var/log/dirsrv/slapd-REALM/access. This log is buffered.

cli.conf and server.conf are only used by the IPA management framework (the ipa command the webUI). The server-side log is the Apache error log, /var/log/httpd/error_log.

So if the question is "why can't user <x> log in" or "why can't I see user <y>" then look in the sssd error logs.

If you can't manage users using the ipa command, the Apache error log is the place to look.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to