On 06/21/2012 01:10 PM, george he wrote:
it's x86_64  2.2.0-1.fc17.


rpm -qi 389-ds-base

Thanks,
George

    ------------------------------------------------------------------------
    *From:* Rob Crittenden <rcrit...@redhat.com>
    *To:* Rich Megginson <rmegg...@redhat.com>
    *Cc:* george he <george_...@yahoo.com>; "freeipa-users@redhat.com"
    <freeipa-users@redhat.com>
    *Sent:* Thursday, June 21, 2012 2:54 PM
    *Subject:* Re: [Freeipa-users] ipa user-add

    Rich Megginson wrote:
    > On 06/21/2012 12:25 PM, george he wrote:
    >> Hello all,
    >>
    >> After the server and the client are installed, I run
    >>
    >> ipa user-add myname
    >>
    >> to add users. The users are added successfully, but each user
    get his
    >> own GID, which is the same as his UID, even though "ipa config-show
    >> --all" shows
    >> Default users group: ipausers
    >>
    >> How do I put all new users to this ipausers group? If I use
    >> --gidnumber=INT, how to find out the GID of the ipausers group?

    It would help to know what version and platform of IPA you are using.
    The method differs by version.

    >>
    >> I tried to delete a user using "ipa user-del myname", but the
    private
    >> group myname is left there. So I did the following:
    >>
    >> # ipa group-del myname
    >> ipa: ERROR: Deleting a managed group is not allowed. It must be
    >> detached first.
    >> # ipa group-detach myname
    >> ipa: ERROR: myname: group not found
    >> # ipa user-add myname
    >> First name: myfirstname
    >> Last name: mylastname
    >> ipa: ERROR: Unable to create private group. A group 'myname'
    already
    >> exists.
    >>
    >> How do I get out of this loop?
    >
    > What is your platform and 389-ds-base version?
    >
    > I'm not familiar with group-detach, but you can manually detach and
    > remove the private group using ldapsearch and ldapmodify:
    >
    > assuming you have done kinit admin:
    > 1) ldapsearch -LLL -Y GSSAPI cn=myname dn
    > This will give you the DN of the group - ignore any entries in the
    > compat tree
    >
    > 2) ldapmodify -Y GSSAPI <<EOF
    > dn: DN of the group from ldapsearch
    > changetype: modify
    > delete: objectclass
    > objectclass: mepManagedEntry
    > -
    > delete: mepManagedBy
    > -
    >
    > dn: DN of the group from ldapsearch
    > changetype: delete
    > EOF
    >
    > This will remove the private group.
    >>
    >> Thanks,
    >> George
    >>
    >>
    >>
    >> _______________________________________________
    >> Freeipa-users mailing list
    >> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    >> https://www.redhat.com/mailman/listinfo/freeipa-users
    >
    >
    >
    > _______________________________________________
    > Freeipa-users mailing list
    > Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
    > https://www.redhat.com/mailman/listinfo/freeipa-users




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to