On 04/30/2015 02:31 PM, Andy Thompson wrote:
It appears that f82 is the user object and f87 is the group object.  So you are
right, I don't think f82 is what we were looking for, it just happened to have
the username in it when I grepped without filtering the uniqueid.  I'm not
sure why it was having problems with the user group object, but I don't have
individual group objects showing up for any local accounts I've created.
You are right. I think the private group of a user is/should be deleted at the
same time when you delete a user.
Is it normal that private groups do not show up in the user group listing or 
with ipa group-find commands?  I thought I remembered seeing them on a freeipa 
3 installation but I've checked a couple 4 installs and they don't show up.

User private groups should not show up in the results of ipa group-* commands. I'm not sure what you meant by "user group listing",
but they should show up when running the "id" command.


I just had a random issue a little bit ago with another account when I checked 
the user groups in the web interface it popped with an unknown error dialog.  I 
have not been able to reproduce it again and don't see anything in the error 
logs or access log which would indicate any problems.

All that being said, I put 389-ds-base-1.3.3.1-16.el7_1.x86_64 on the box
yesterday and the error has not shown since.  So I'm not sure if it was
because of the minor upgrade or cycling the daemon.
The logs gave a lot of information but without a test case it could be difficult
to identify the RC.
Now as I mentioned I hit (with a non systematic test case) an other bug when
deleting a user. It was impossible to remove the entry/group. In this bug I
tested on standalone instance but on replicated topology I wonder if it could
have the same symptom.

I've not been able to reproduce the issue in my sandbox environment so I'm not 
sure.  It is also replicated.

-andy


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to