Please ignore this problem, I found the problem, embarrassing as this is, a host file was in place where I didn't expect it, the user was not created in the correct system.
John On 6/18/14, 9:02 AM, John Moyer wrote: > Rob, > > That is correct, I just put my ssh key in for that new user and > was unable to ssh to one of the nodes registered with IPA. I also > logged in as myself (which did work) and then ran getent password > new.user and that yielded nothing, but getent password john.moyer > yielded all of my information. > > > > On 6/17/14, 11:26 AM, Rob Crittenden wrote: >> John Moyer wrote: >>> Sorry forgot the second part of your question: >>> >>> rpm -qa | grep ipa >>> libipa_hbac-1.9.2-129.el6_5.4.x86_64 >>> ipa-server-3.0.0-37.el6.x86_64 >>> ipa-pki-ca-theme-9.0.3-7.el6.noarch >>> python-iniparse-0.3.1-2.1.el6.noarch >>> libipa_hbac-python-1.9.2-129.el6_5.4.x86_64 >>> ipa-python-3.0.0-37.el6.x86_64 >>> ipa-client-3.0.0-37.el6.x86_64 >>> ipa-admintools-3.0.0-37.el6.x86_64 >>> ipa-pki-common-theme-9.0.3-7.el6.noarch >>> ipa-server-selinux-3.0.0-37.el6.x86_64 >> It's important that we're comparing apples to apples. Is this a search >> against the same IPA server or do you have multiple masters? >> >> I assume that SSSD isn't seeing these new users either which is what >> lead you to ldapsearch? >> >> You might want to do the same search on a working and non-working box >> and compare the 389-ds access logs to see if there is anything noticeable. >> >> rob >> >>> John >>> >>> On 6/17/14, 8:30 AM, John Moyer wrote: >>>> I'm using ldapsearch. The command I was using was like the one below >>>> (edited to protect creds/users). >>>> >>>> ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b >>>> "dc=digitalreasoning,dc=com" -D >>>> "uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com" -w >>>> 'password' uid=first.last >>>> >>>> >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base <dc=digitalreasoning,dc=com> with scope subtree >>>> # filter: uid=first.last >>>> # requesting: ALL >>>> # >>>> >>>> # search result >>>> search: 3 >>>> result: 0 Success >>>> >>>> # numResponses: 1 >>>> >>>> >>>> Any help is much appreciated! >>>> >>>> Thanks, >>>> >>>> John >>>> >>>> >>>> >>>> On 6/16/14, 6:22 PM, Rob Crittenden wrote: >>>>> John Moyer wrote: >>>>>> Hello All, >>>>>> >>>>>> I'm having a problem querying new users. >>>>>> >>>>>> I can create the user from the webpage no problem, and I can see >>>>>> them afterwards via the webpage. I can then see those users via ipa >>>>>> user-find, as well as a LOCAL ldapsearch, even remotely from apache >>>>>> directory studio. However, if I go to another linux box and do an >>>>>> ldapsearch the new user (only the new user) is not seen in the search. >>>>>> Users created before today work great. Now I did change stuff, I did a >>>>>> yum upgrade last weekend and this was not a problem before I did this. >>>>>> Any help or guidance to make a remove ldapsearch work on new users would >>>>>> be greatly appreciated! >>>>> What command-line are you using? What rpm version is [free]ipa-python? >>>>> Do you have multiple masters or is this a single IPA server? >>>>> >>>>> rob >>>>> >>>> >>>> >>>> Thanks, >>>> ------------------------------------------------------------------------ >>>> John Moyer >>>> >>> >>> >>> Thanks, >>> ------------------------------------------------------------------------ >>> John Moyer >>> Director, IT Operations >>> 901 N. Stuart St. STE 904A >>> Arlington,VA 22203 >>> 703.678.2311 Office >>> 240.460.0023 Cell >>> 703.678.2312 Fax > > > > > Thanks, > ------------------------------------------------------------------------ > John Moyer > Director, IT Operations > 901 N. Stuart St. STE 904A > Arlington,VA 22203 > 703.678.2311 Office > 240.460.0023 Cell > 703.678.2312 Fax Thanks, ------------------------------------------------------------------------ John Moyer Director, IT Operations 901 N. Stuart St. STE 904A Arlington,VA 22203 703.678.2311 Office 240.460.0023 Cell 703.678.2312 Fax
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
