Thank you for your help!

Well, my problem is a beginner problem. Not reading enough. :-}
And i used a LDAP browser and saw error messages i misinterpreted.
Sorry for the noise here.

At least i found my answer here:

But i found also, that many other people have the same problem understanding
this behavior.

But i have one suggestion:

It would be nice using the GUI creating new users to have the opportunity
also to insert GID and UID. 

I know, i can edit it later, but why i have to use this small window with
very few entries, when i can’t really use it and have to go to the big one.
Maybe it is also a good idea to resign this small window or to have a switch
in the configuration to stop this small window. (But, of course, this is
not a really big problem.)



  Detlev  | Institut fuer Mikroelektronische Systeme
  Habicht | D-30167 Hannover +49 511 76219662
  --------+-------- Handy    +49 172 5415752  ---------------------------

Am 20.08.2015 um 15:48 schrieb Rob Crittenden <>:

> Martin Kosek wrote:
>> On 08/20/2015 11:57 AM, Detlev Habicht wrote:
>>> Hi all,
>>> i am new using IPA and learning IPA i am also learning some
>>> other things new for me.
>>> Migrating our system to IPA i found some problems with private groups.
>>> We don’t used it up to now.
>>> Trying to disable this feature with
>>> ipa-managed-entries -e „UPG Definition“ -p xxx disable
>>> crashed my database.
>> By crashed, you mean that Directory Server process crashed? If yes, it would 
>> be
>> really interesting to get a stack trace, steps in
>> This would allow 389-DS developers to fix the bug.
>>> I don’t know why. After this i can’t
>>> create new users.
>> IIRC, you would need to turn the default "ipausers" group into POSIX group
>> (group-mod --posix), to let it be used it instead of the user private groups.
>> But this depends on the error you are getting.
>>> For this problem i have no more information.
>>> But i have a question:
>>> Can i delete a private group after creating an user? How can i do this?
>> You can use "group-detach" command and then "group-del" on the detached 
>> managed
>> group.
>>> And can i later create a private group again for this user? How?
>> Hmm... You could do group-add command with the right GID, I do not know about
>> single command doing that.
> There is no way to create the same kind of UPG for an existing user as can be 
> done for a new user. The managed entries plugin manages the linkage between 
> the user and group and IPA currently doesn't provide a way to create a 
> linkage after the fact.
> You can create a group with the same gid with : ipa group-add myuser --gid 
> <uid-of-user>, but this isn't exactly "private". A private group doesn't 
> allow members.
> One of the other features of UPG is that when the user is deleted, the group 
> is also deleted. This would not happen in the case of manually created 
> private groups.
> rob

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to