We integrated the Apache Syncope server with FreeIPA server. So user can
self register ID from Apache Syncope then synchronize to FreeIPA. The
problems are:
*1) User created from Apache Syncope can't login to linux. The user created
from FreeIPA web gui works well.*
This is the user(syncopex5) information created from Apache Syncope:
# syncopex5, users, compat, example.com
dn: uid=syncopex5,cn=users,cn=compat,dc=example,dc=com
cn: x5syncope
objectClass: posixAccount
objectClass: top
gidNumber: 657600034
gecos: x5syncope
uidNumber: 657600034
loginShell: /bin/sh
homeDirectory: /home/syncopex5
uid: syncopex5
# syncopex5, users, accounts, example.com
dn: uid=syncopex5,cn=users,cn=accounts,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixAccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
cn: x5syncope
displayName: x5syncope
uid: syncopex5
gecos: x5syncope
uidNumber: 657600034
gidNumber: 657600034
loginShell: /bin/sh
homeDirectory: /home/syncopex5
sn: syncope
givenName: x5
initials: xs
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
*2) The user also can't be deleted from web UI and CLI. It said "syncopex5:
user not found".*
*The errors log:*
[13/Nov/2015:07:27:54 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 4130 (rc: 32)
[13/Nov/2015:07:27:54 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 4131 (rc: 32)
[13/Nov/2015:07:27:54 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 4221 (rc: 32)
[13/Nov/2015:07:27:54 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 4222 (rc: 32)
[13/Nov/2015:07:27:55 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 4353 (rc: 32)
[13/Nov/2015:07:27:55 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 4354 (rc: 32)
[15/Nov/2015:07:27:53 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 5129 (rc: 32)
[15/Nov/2015:07:27:53 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 5130 (rc: 32)
[15/Nov/2015:07:27:53 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 5155 (rc: 32)
[15/Nov/2015:07:27:53 +] DSRetroclPlugin - delete_changerecord: could
not delete change record 5156 (rc: 32)
[16/Nov/2015:02:52:59 +] managed-entries-plugin - mep_del_post_op:
failed to delete managed entry
(member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com) - error (32)
[16/Nov/2015:02:52:59 +] managed-entries-plugin - mep_del_post_op:
failed to delete managed entry
(member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com) - error (32)
*The access log:*
[16/Nov/2015:02:52:50 +] conn=5512 op=36 UNBIND
[16/Nov/2015:02:52:50 +] conn=5512 op=36 fd=621 closed - U1
[16/Nov/2015:02:52:59 +] conn=5513 fd=621 slot=621 connection from
192.168.10.39 to 192.168.10.39
[16/Nov/2015:02:52:59 +] conn=5513 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[16/Nov/2015:02:52:59 +] conn=5513 op=0 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress
[16/Nov/2015:02:52:59 +] conn=5513 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[16/Nov/2015:02:52:59 +] conn=5513 op=1 RESULT err=14 tag=97 nentries=0
etime=0, SASL bind in progress
[16/Nov/2015:02:52:59 +] conn=5513 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[16/Nov/2015:02:52:59 +] conn=5513 op=2 RESULT err=0 tag=97 nentries=0
etime=0 dn="uid=admin,cn=users,cn=accounts,dc=example,dc=com"
[16/Nov/2015:02:52:59 +] conn=5513 op=3 SRCH
base="cn=ipaconfig,cn=etc,dc=example,dc=com" scope=0
filter="(objectClass=*)" attrs=ALL
[16/Nov/2015:02:52:59 +] conn=5513 op=3 RESULT err=0 tag=101 nentries=1
etime=0
[16/Nov/2015:02:52:59 +] conn=5513 op=4 SRCH
base="cn=users,cn=accounts,dc=example,dc=com" scope=1
filter="(&(objectClass=posixaccount)(memberOf=cn=admins,cn=groups,cn=accounts,dc=example,dc=com))"
attrs="telephoneNumber sshpubkeyfp uid title loginShell uidNumber gidNumber
sn homeDirectory mail givenName nsAccountLock"
[16/Nov/2015:02:52:59 +] conn=5513 op=4 RESULT err=0 tag=101 nentries=1
etime=0
[16/Nov/2015:02:52:59 +] conn=5513 op=5 SRCH
base="uid=admin,cn=users,cn=accounts,dc=example,dc=com" scope=0
filter="(userPassword=*)" attrs="userPassword"
[16/Nov/2015:02:52:59 +] conn=5513 op=5 RESULT err=0 tag=101 nentries=1
etime=0
[16/Nov/2015:02:52:59 +] conn=5513 op=6 SRCH
base="uid=admin,cn=users,cn=accounts,dc=example,dc=com" scope=0
filter="(krbPrincipalKey=*)" attrs="krbPrincipalKey"
[16/Nov/2015:02:52:59 +] conn=5513 op=6 RESULT err=0 tag=101 nentries=1
etime=0
[16/Nov/2015:02:52:59 +] conn=5513 op=7 SRCH
base="uid=admin,cn=users,cn=accounts,dc=example,dc=com" scope=0