Sigbjorn Lie wrote:
Fantastic! Thanks. I will update my scripts.

Is there any downside to doing this?

One thing I should warn you of though that we've run into from time to time. Some of our LDAP operations are done as post-operations, that is they execute after the data has been returned to the client. Managed Entries (private groups) is one of these. I can definitely see the case where you try to detach a managed group that hasn't quite finished being created yet. I'd probably put a 1 or 2 second sleep after the user creation to be sure, even if it does slow things considerably.

We're working with the 389-ds devs on this. There is the tradeoff of speed vs correctness (users don't like watching a blinking prompt). Some of these post-ops could take a while.



On Mon, March 28, 2011 16:02, Rob Crittenden wrote:
Sigbjorn Lie wrote:


I also noticed that a group with the same GID number as the users UID number is 
created when creating the user account, this is a problem for existing 
environments who's
already used the same ID number for a group.

I see that even after doing a user-mod, changing the GID of the account, the 
group still exists.

I'm missing an option to choose if I want to create or not create a private 
group for the user.

There currently isn't an option for that. You can delete a managed group
this way:

$ ipa user-add --first=Tim --last=Test ttest

You now have a group ttest too, lets delete it.

$ ipa group-detach ttest
$ ipa group-del ttest

The first command detaches it from the user (this is not reversible) and
the second removes it altogether.



On Sat, March 26, 2011 18:21, Dmitri Pal wrote:

On 03/25/2011 03:13 PM, Sigbjorn Lie wrote:


Using --gidnumber when adding a new user with "ipa user-add" does not
seem to have any effect. A gid number with the same value as what I specify in 
with the
parameter is chosen.

I presume this is not the way user-add is intended to work?

We will take a look.

Looks like a bug so I filed a ticket.

# ipa user-add mysql14 --first=MySQL --last=Server
--homedir=/var/lib/mysql --shell=/bin/false --uid=110 --gidnumber=3004
Added user "mysql14"
User login: mysql14
First name: MySQL
Last name: Server
Full name: MySQL Server
Display name: MySQL Server
Initials: MS
Home directory: /var/lib/mysql
GECOS field: mysql14
Login shell: /bin/false
Kerberos principal:
UID: 110
GID: 110


Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to