Rich Megginson wrote:
On 06/21/2012 12:25 PM, george he wrote:
Hello all,

After the server and the client are installed, I run

ipa user-add myname

to add users. The users are added successfully, but each user get his
own GID, which is the same as his UID, even though "ipa config-show
--all" shows
Default users group: ipausers

How do I put all new users to this ipausers group? If I use
--gidnumber=INT, how to find out the GID of the ipausers group?

It would help to know what version and platform of IPA you are using. The method differs by version.

I tried to delete a user using "ipa user-del myname", but the private
group myname is left there. So I did the following:

# ipa group-del myname
ipa: ERROR: Deleting a managed group is not allowed. It must be
detached first.
# ipa group-detach myname
ipa: ERROR: myname: group not found
# ipa user-add myname
First name: myfirstname
Last name: mylastname
ipa: ERROR: Unable to create private group. A group 'myname' already

How do I get out of this loop?

What is your platform and 389-ds-base version?

I'm not familiar with group-detach, but you can manually detach and
remove the private group using ldapsearch and ldapmodify:

assuming you have done kinit admin:
1) ldapsearch -LLL -Y GSSAPI cn=myname dn
This will give you the DN of the group - ignore any entries in the
compat tree

2) ldapmodify -Y GSSAPI <<EOF
dn: DN of the group from ldapsearch
changetype: modify
delete: objectclass
objectclass: mepManagedEntry
delete: mepManagedBy

dn: DN of the group from ldapsearch
changetype: delete

This will remove the private group.


Freeipa-users mailing list

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to