Hi Alexander, sorry for the last update directly to you, this was not intended.
Anyway, shouldn't I be able to check the status of task added by
ipa-adtrust-install directly by just issuing a:
ldapsearch -D "cn=Directory Manager" -W -b
All I get is:
Enter LDAP Password:
# extended LDIF
# base <cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# search result
result: 0 Success
# numResponses: 1
----- On Oct 30, 2015, at 11:28 AM, Alexander Bokovoy aboko...@redhat.com wrote:
> Please answer to the list.
> On Fri, 30 Oct 2015, Troels Hansen wrote:
>>> Not sure what you expect.
>>> Modifying attributes for existing users takes time so we don't do it
>>> automatically. When you run ipa-adtrust-install, it does ask you to run
>>> a task that does the work of generating SIDs and adding needed
>>> attributes/object classes.
>>> However, ipaNTHash will not be there until either of two events happens:
>>> - user changes password;
>>> - user authenticates with Kerberos against Samba running on IPA master.
>>No, I'm aware that the NTHash won't be there untill the user changes password.
>>I would however suppose that objectClass ipaNTUserAttrs being added and a
>>ipaNTSecurityIdentifier being added to all of my users.
>>Its added to most objects, but I still need 85 users/objects where its not
>>added, out of a total of ~500 (told by adtrust install script yesterday).
>>Its been 14 hours since I ran it, but still need the remaining, and I have no
>>idear why its not added.
> You can check the task status.
> See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
> how you can organize a task yourself or check the output from existing task.
> The task that is run by the installer has DN
> You can use /usr/share/ipa/ipa-sidgen-task-run.ldif as a basis to add a
> task file.
> / Alexander Bokovoy
Med venlig hilsen
T (+45) 70 20 10 63
M (+45) 22 43 71 57
Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project