Please ignore this problem, I found the problem, embarrassing as this
is, a host file was in place where I didn't expect it, the user was not
created in the correct system. 

John

On 6/18/14, 9:02 AM, John Moyer wrote:
> Rob,
>
>     That is correct, I just put my ssh key in for that new user and
> was unable to ssh to one of the nodes registered with IPA.  I also
> logged in as myself (which did work) and then ran getent password
> new.user and that yielded nothing, but getent password john.moyer
> yielded all of my information.  
>
>
>
> On 6/17/14, 11:26 AM, Rob Crittenden wrote:
>> John Moyer wrote:
>>> Sorry forgot the second part of your question:
>>>
>>> rpm -qa | grep ipa
>>> libipa_hbac-1.9.2-129.el6_5.4.x86_64
>>> ipa-server-3.0.0-37.el6.x86_64
>>> ipa-pki-ca-theme-9.0.3-7.el6.noarch
>>> python-iniparse-0.3.1-2.1.el6.noarch
>>> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
>>> ipa-python-3.0.0-37.el6.x86_64
>>> ipa-client-3.0.0-37.el6.x86_64
>>> ipa-admintools-3.0.0-37.el6.x86_64
>>> ipa-pki-common-theme-9.0.3-7.el6.noarch
>>> ipa-server-selinux-3.0.0-37.el6.x86_64
>> It's important that we're comparing apples to apples. Is this a search
>> against the same IPA server or do you have multiple masters?
>>
>> I assume that SSSD isn't seeing these new users either which is what
>> lead you to ldapsearch?
>>
>> You might want to do the same search on a working and non-working box
>> and compare the 389-ds access logs to see if there is anything noticeable.
>>
>> rob
>>
>>> John
>>>
>>> On 6/17/14, 8:30 AM, John Moyer wrote:
>>>> I'm using ldapsearch.  The command I was using was like the one below
>>>> (edited to protect creds/users).
>>>>
>>>> ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b
>>>> "dc=digitalreasoning,dc=com" -D
>>>> "uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com" -w
>>>> 'password' uid=first.last
>>>>
>>>>
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <dc=digitalreasoning,dc=com> with scope subtree
>>>> # filter: uid=first.last
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # search result
>>>> search: 3
>>>> result: 0 Success
>>>>
>>>> # numResponses: 1
>>>>
>>>>
>>>> Any help is much appreciated! 
>>>>
>>>> Thanks,
>>>>
>>>> John
>>>>
>>>>
>>>>
>>>> On 6/16/14, 6:22 PM, Rob Crittenden wrote:
>>>>> John Moyer wrote:
>>>>>> Hello All,
>>>>>>
>>>>>>     I'm having a problem querying new users.   
>>>>>>
>>>>>>     I can create the user from the webpage no problem, and I can see
>>>>>> them afterwards via the webpage.  I can then see those users via ipa
>>>>>> user-find, as well as a LOCAL ldapsearch, even remotely from apache
>>>>>> directory studio.  However, if I go to another linux box and do an
>>>>>> ldapsearch the new user (only the new user) is not seen in the search.  
>>>>>> Users created before today work great.   Now I did change stuff, I did a
>>>>>> yum upgrade last weekend and this was not a problem before I did this.  
>>>>>> Any help or guidance to make a remove ldapsearch work on new users would
>>>>>> be greatly appreciated!  
>>>>> What command-line are you using? What rpm version is [free]ipa-python?
>>>>> Do you have multiple masters or is this a single IPA server?
>>>>>
>>>>> rob
>>>>>
>>>>
>>>>
>>>> Thanks,
>>>> ------------------------------------------------------------------------
>>>> John Moyer
>>>>
>>>
>>>
>>> Thanks,
>>> ------------------------------------------------------------------------
>>> John Moyer
>>> Director, IT Operations
>>> 901 N. Stuart St. STE 904A
>>> Arlington,VA 22203
>>> 703.678.2311 Office
>>> 240.460.0023 Cell
>>> 703.678.2312 Fax
>
>
>
>
> Thanks,
> ------------------------------------------------------------------------
> John Moyer
> Director, IT Operations
> 901 N. Stuart St. STE 904A
> Arlington,VA 22203
> 703.678.2311 Office
> 240.460.0023 Cell
> 703.678.2312 Fax




Thanks,
------------------------------------------------------------------------
John Moyer
Director, IT Operations
901 N. Stuart St. STE 904A
Arlington,VA 22203
703.678.2311 Office
240.460.0023 Cell
703.678.2312 Fax
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to