Thank you for your help! Well, my problem is a beginner problem. Not reading enough. :-} And i used a LDAP browser and saw error messages i misinterpreted. Sorry for the noise here.
At least i found my answer here: https://fedorahosted.org/freeipa/ticket/3949 But i found also, that many other people have the same problem understanding this behavior. But i have one suggestion: It would be nice using the GUI creating new users to have the opportunity also to insert GID and UID. I know, i can edit it later, but why i have to use this small window with very few entries, when i can’t really use it and have to go to the big one. Maybe it is also a good idea to resign this small window or to have a switch in the configuration to stop this small window. (But, of course, this is not a really big problem.) Greetings Detlev -- Detlev | Institut fuer Mikroelektronische Systeme Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de --------+-------- Handy +49 172 5415752 --------------------------- Am 20.08.2015 um 15:48 schrieb Rob Crittenden <rcrit...@redhat.com>: > Martin Kosek wrote: >> On 08/20/2015 11:57 AM, Detlev Habicht wrote: >>> Hi all, >>> >>> i am new using IPA and learning IPA i am also learning some >>> other things new for me. >>> >>> Migrating our system to IPA i found some problems with private groups. >>> We don’t used it up to now. >>> >>> Trying to disable this feature with >>> >>> ipa-managed-entries -e „UPG Definition“ -p xxx disable >>> >>> crashed my database. >> >> By crashed, you mean that Directory Server process crashed? If yes, it would >> be >> really interesting to get a stack trace, steps in >> >> http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes >> >> This would allow 389-DS developers to fix the bug. >> >>> I don’t know why. After this i can’t >>> create new users. >> >> IIRC, you would need to turn the default "ipausers" group into POSIX group >> (group-mod --posix), to let it be used it instead of the user private groups. >> But this depends on the error you are getting. >> >>> >>> For this problem i have no more information. >>> >>> But i have a question: >>> >>> Can i delete a private group after creating an user? How can i do this? >> >> You can use "group-detach" command and then "group-del" on the detached >> managed >> group. >> >>> >>> And can i later create a private group again for this user? How? >> >> Hmm... You could do group-add command with the right GID, I do not know about >> single command doing that. > > There is no way to create the same kind of UPG for an existing user as can be > done for a new user. The managed entries plugin manages the linkage between > the user and group and IPA currently doesn't provide a way to create a > linkage after the fact. > > You can create a group with the same gid with : ipa group-add myuser --gid > <uid-of-user>, but this isn't exactly "private". A private group doesn't > allow members. > > One of the other features of UPG is that when the user is deleted, the group > is also deleted. This would not happen in the case of manually created > private groups. > > rob
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project