I too have seen this same unique "bug". My guess is, you have compatibility mode enabled AND you used the GUI to manipulate the group memberships. I have found this to be buggy. Using CLI based commands did not have the same results. However, once the 2 trees - "cn=accounts" and "cn=compat" are no longer in sync, I have found the only way to fix this is with ldapmodify commands, since neither the GUI nor the command line tools believe the users are in the groups in question anymore.

~Janelle

On 8/4/15 2:26 AM, Christopher Lamb wrote:
Markus

Have you checked both the cn=accounts and cn=compat trees?.  Users and
groups are stored in both, and both would need manipulation...

Ciao

Chris



From:   <markus....@mc.ingenico.com>
To:     <freeipa-users@redhat.com>
Date:   04.08.2015 11:14
Subject:        [Freeipa-users] FreeIPA user ID differs
Sent by:        freeipa-users-boun...@redhat.com



Hi @all,

I´ve encountered a strange „error“. I´ve created a user with a generated
UID from the predefined range. After creation I´ve had to manipulate the
UID to fit an old NIS configuration and set the UID to the old NIS value.
FreeIPA shows the correct UID as well as ldapsearch. But if I logon onto a
host and enter `id <username>` I receive the old UID, GID and groups
information instead of the corrected one.

Maybe someone can help me out to pinpoint the error and to fix it.

Cheers,
Markus--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to