On 06/21/2012 01:10 PM, george he wrote:
it's x86_64 2.2.0-1.fc17.
rpm -qi 389-ds-base
Thanks, George ------------------------------------------------------------------------ *From:* Rob Crittenden <rcrit...@redhat.com> *To:* Rich Megginson <rmegg...@redhat.com> *Cc:* george he <george_...@yahoo.com>; "email@example.com" <firstname.lastname@example.org> *Sent:* Thursday, June 21, 2012 2:54 PM *Subject:* Re: [Freeipa-users] ipa user-add Rich Megginson wrote: > On 06/21/2012 12:25 PM, george he wrote: >> Hello all, >> >> After the server and the client are installed, I run >> >> ipa user-add myname >> >> to add users. The users are added successfully, but each user get his >> own GID, which is the same as his UID, even though "ipa config-show >> --all" shows >> Default users group: ipausers >> >> How do I put all new users to this ipausers group? If I use >> --gidnumber=INT, how to find out the GID of the ipausers group? It would help to know what version and platform of IPA you are using. The method differs by version. >> >> I tried to delete a user using "ipa user-del myname", but the private >> group myname is left there. So I did the following: >> >> # ipa group-del myname >> ipa: ERROR: Deleting a managed group is not allowed. It must be >> detached first. >> # ipa group-detach myname >> ipa: ERROR: myname: group not found >> # ipa user-add myname >> First name: myfirstname >> Last name: mylastname >> ipa: ERROR: Unable to create private group. A group 'myname' already >> exists. >> >> How do I get out of this loop? > > What is your platform and 389-ds-base version? > > I'm not familiar with group-detach, but you can manually detach and > remove the private group using ldapsearch and ldapmodify: > > assuming you have done kinit admin: > 1) ldapsearch -LLL -Y GSSAPI cn=myname dn > This will give you the DN of the group - ignore any entries in the > compat tree > > 2) ldapmodify -Y GSSAPI <<EOF > dn: DN of the group from ldapsearch > changetype: modify > delete: objectclass > objectclass: mepManagedEntry > - > delete: mepManagedBy > - > > dn: DN of the group from ldapsearch > changetype: delete > EOF > > This will remove the private group. >> >> Thanks, >> George >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipaemail@example.com <mailto:Freeipafirstname.lastname@example.org> >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com <mailto:Freeipafirstname.lastname@example.org> > https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users