Re: [Freeipa-users] private groups
Thank you for your help! Well, my problem is a beginner problem. Not reading enough. :-} And i used a LDAP browser and saw error messages i misinterpreted. Sorry for the noise here. At least i found my answer here: https://fedorahosted.org/freeipa/ticket/3949 But i found also, that many other people have the same problem understanding this behavior. But i have one suggestion: It would be nice using the GUI creating new users to have the opportunity also to insert GID and UID. I know, i can edit it later, but why i have to use this small window with very few entries, when i can’t really use it and have to go to the big one. Maybe it is also a good idea to resign this small window or to have a switch in the configuration to stop this small window. (But, of course, this is not a really big problem.) Greetings Detlev -- Detlev | Institut fuer Mikroelektronische Systeme Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de + Handy+49 172 5415752 --- Am 20.08.2015 um 15:48 schrieb Rob Crittenden rcrit...@redhat.com: Martin Kosek wrote: On 08/20/2015 11:57 AM, Detlev Habicht wrote: Hi all, i am new using IPA and learning IPA i am also learning some other things new for me. Migrating our system to IPA i found some problems with private groups. We don’t used it up to now. Trying to disable this feature with ipa-managed-entries -e „UPG Definition“ -p xxx disable crashed my database. By crashed, you mean that Directory Server process crashed? If yes, it would be really interesting to get a stack trace, steps in http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes This would allow 389-DS developers to fix the bug. I don’t know why. After this i can’t create new users. IIRC, you would need to turn the default ipausers group into POSIX group (group-mod --posix), to let it be used it instead of the user private groups. But this depends on the error you are getting. For this problem i have no more information. But i have a question: Can i delete a private group after creating an user? How can i do this? You can use group-detach command and then group-del on the detached managed group. And can i later create a private group again for this user? How? Hmm... You could do group-add command with the right GID, I do not know about single command doing that. There is no way to create the same kind of UPG for an existing user as can be done for a new user. The managed entries plugin manages the linkage between the user and group and IPA currently doesn't provide a way to create a linkage after the fact. You can create a group with the same gid with : ipa group-add myuser --gid uid-of-user, but this isn't exactly private. A private group doesn't allow members. One of the other features of UPG is that when the user is deleted, the group is also deleted. This would not happen in the case of manually created private groups. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] private groups
Hi all, i am new using IPA and learning IPA i am also learning some other things new for me. Migrating our system to IPA i found some problems with private groups. We don’t used it up to now. Trying to disable this feature with ipa-managed-entries -e „UPG Definition“ -p xxx disable crashed my database. I don’t know why. After this i can’t create new users. For this problem i have no more information. But i have a question: Can i delete a private group after creating an user? How can i do this? And can i later create a private group again for this user? How? Thanx for any help! Detlev -- Detlev | Institut fuer Mikroelektronische Systeme Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de + Handy+49 172 5415752 --- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] private groups
On 08/20/2015 11:57 AM, Detlev Habicht wrote: Hi all, i am new using IPA and learning IPA i am also learning some other things new for me. Migrating our system to IPA i found some problems with private groups. We don’t used it up to now. Trying to disable this feature with ipa-managed-entries -e „UPG Definition“ -p xxx disable crashed my database. By crashed, you mean that Directory Server process crashed? If yes, it would be really interesting to get a stack trace, steps in http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes This would allow 389-DS developers to fix the bug. I don’t know why. After this i can’t create new users. IIRC, you would need to turn the default ipausers group into POSIX group (group-mod --posix), to let it be used it instead of the user private groups. But this depends on the error you are getting. For this problem i have no more information. But i have a question: Can i delete a private group after creating an user? How can i do this? You can use group-detach command and then group-del on the detached managed group. And can i later create a private group again for this user? How? Hmm... You could do group-add command with the right GID, I do not know about single command doing that. Thanx for any help! Detlev -- Detlev | Institut fuer Mikroelektronische Systeme Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de + Handy+49 172 5415752 --- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] private groups
Well, it is not really a server crash … the server is running, but i cannot create new users. But i will try it again and will send the results. Detlev -- Detlev | Institut fuer Mikroelektronische Systeme Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de + Handy+49 172 5415752 --- Am 20.08.2015 um 12:54 schrieb Martin Kosek mko...@redhat.com: On 08/20/2015 11:57 AM, Detlev Habicht wrote: Hi all, i am new using IPA and learning IPA i am also learning some other things new for me. Migrating our system to IPA i found some problems with private groups. We don’t used it up to now. Trying to disable this feature with ipa-managed-entries -e „UPG Definition“ -p xxx disable crashed my database. By crashed, you mean that Directory Server process crashed? If yes, it would be really interesting to get a stack trace, steps in http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes This would allow 389-DS developers to fix the bug. I don’t know why. After this i can’t create new users. IIRC, you would need to turn the default ipausers group into POSIX group (group-mod --posix), to let it be used it instead of the user private groups. But this depends on the error you are getting. For this problem i have no more information. But i have a question: Can i delete a private group after creating an user? How can i do this? You can use group-detach command and then group-del on the detached managed group. And can i later create a private group again for this user? How? Hmm... You could do group-add command with the right GID, I do not know about single command doing that. Thanx for any help! Detlev -- Detlev | Institut fuer Mikroelektronische Systeme Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de + Handy+49 172 5415752 --- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] private groups
Martin Kosek wrote: On 08/20/2015 11:57 AM, Detlev Habicht wrote: Hi all, i am new using IPA and learning IPA i am also learning some other things new for me. Migrating our system to IPA i found some problems with private groups. We don’t used it up to now. Trying to disable this feature with ipa-managed-entries -e „UPG Definition“ -p xxx disable crashed my database. By crashed, you mean that Directory Server process crashed? If yes, it would be really interesting to get a stack trace, steps in http://directory.fedoraproject.org/docs/389ds/FAQ/faq.html#debug_crashes This would allow 389-DS developers to fix the bug. I don’t know why. After this i can’t create new users. IIRC, you would need to turn the default ipausers group into POSIX group (group-mod --posix), to let it be used it instead of the user private groups. But this depends on the error you are getting. For this problem i have no more information. But i have a question: Can i delete a private group after creating an user? How can i do this? You can use group-detach command and then group-del on the detached managed group. And can i later create a private group again for this user? How? Hmm... You could do group-add command with the right GID, I do not know about single command doing that. There is no way to create the same kind of UPG for an existing user as can be done for a new user. The managed entries plugin manages the linkage between the user and group and IPA currently doesn't provide a way to create a linkage after the fact. You can create a group with the same gid with : ipa group-add myuser --gid uid-of-user, but this isn't exactly private. A private group doesn't allow members. One of the other features of UPG is that when the user is deleted, the group is also deleted. This would not happen in the case of manually created private groups. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
