Re: [Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Simo Sorce 
On Wed, 2016-08-03 at 13:03 -0500, Brad Cesarone wrote:
> Does it just need the objectclass? Does it care if there are any
> values assigned to the attributes underneath the posixaccount object
> class?

The posixAccount, as per schema, requires:
- cn
- uid
- uidNumber
- gidNumber
- homeDirectory

Note also that your warranty is void if you start adding random objects
in the FreeIPA cn=accounts container :-)

Simo.

> 
> 
> 
> -Martin Basti  wrote: - 
> To: Brad Cesarone 
> From: Martin Basti 
> Date: 08/03/2016 01:01PM
> Cc: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population
> 
> 
> 
> 
> 
> 
> On 03.08.2016 19:58, Brad Cesarone wrote:
> 
> 
> Hi Martin
>  
> I've been playing with adding objectclasses to the non-posix user. I have so 
> far added inetuser, ipaobject, ipasshuser. He started with top, person, 
> organizationalPerson, inetOrgPerson and two custom classes. 
> 
> You need this 'posixaccount' according the source code of IPA 3.3.0
> 
> Martin
> 
>  
> Nothing came up in /var/log/dirsrv/slapd-*/access when running the search but 
> in the /var/log/httpd/error_log there is the following entry:  
> user_find{u'', whoami=False, all=False, raw=False, version='2.49', 
> no_members=False, pkey_only=False}: SUCCESS
>  
> The command outputted 
> --
> 0 users matched
> -
> 
> Number of Entries Returned 0
> 
>  
> Thanks
> -Brad
> 
> -Martin Basti  wrote: - 
> To: Brad Cesarone , freeipa-users@redhat.com
> From: Martin Basti 
> Date: 08/03/2016 12:44PM
> Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population
> 
> 
> 
> 
> 
> 
> On 03.08.2016 18:38, Brad Cesarone wrote:
> 
> Hello All
>  
> I'm trying to figure out how the webUI populates the user page. I have a mix 
> of posix users and non-posix users.
> The non-posix users were added using an LDIF and imported fine. I am able to 
> view them using ipa user-show, ldapsearch, and if I navigate to them using 
> the user details URL they show up. Groups are also able to find the non-posix 
> users and verify membership. I am just unable to use ipa user-find or see 
> them in the users page.
> 
> Hello, I'm afraid you may miss an objectclass in imported users.
> 
> Can you please run ipa user-find, and provide SRCH filter from 
> /var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)
> 
> Then please provide all objectclasses that have a random imported user
> 
> regards
> Martin
> 
>  
> I apologize if this has already been answered, I tried google-fu and it 
> didn't return anything useful.
> Using IPA 3.0 on Redhat 6.8
>  
> Thanks
> -Brad
> 
>  
> -- Manage your subscription for the Freeipa-users mailing list: 
> https://www.redhat.com/mailman/listinfo/freeipa-users Go to 
> http://freeipa.org for more info on the project


-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Martin Basti 



On 03.08.2016 20:03, Brad Cesarone wrote:
Does it just need the objectclass? Does it care if there are any 
values assigned to the attributes underneath the posixaccount object 
class?




All must attributes are required.

objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP 
objectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ 
homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) 
X-ORIGIN 'RFC 2307' )


Martin



-Martin Basti  wrote: -
To: Brad Cesarone 
From: Martin Basti 
Date: 08/03/2016 01:01PM
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population



On 03.08.2016 19:58, Brad Cesarone wrote:


Hi Martin
I've been playing with adding objectclasses to the non-posix user. I 
have so far added inetuser, ipaobject, ipasshuser. He started with 
top, person, organizationalPerson, inetOrgPerson and two custom classes.


You need this 'posixaccount' according the source code of IPA 3.3.0

Martin
Nothing came up in /var/log/dirsrv/slapd-*/access when running the 
search but in the /var/log/httpd/error_log there is the 
following entry:  user_find{u'', whoami=False, all=False, 
raw=False, version='2.49', no_members=False, pkey_only=False}: SUCCESS

The command outputted
--
0 users matched
-

Number of Entries Returned 0

Thanks
-Brad

-Martin Basti  wrote: -
To: Brad Cesarone , freeipa-users@redhat.com
From: Martin Basti 
Date: 08/03/2016 12:44PM
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population



On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
I'm trying to figure out how the webUI populates the user page. I 
have a mix of posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am 
able to view them using ipa user-show, ldapsearch, and if I navigate 
to them using the user details URL they show up. Groups are also 
able to find the non-posix users and verify membership. I am just 
unable to use ipa user-find or see them in the users page.


Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from 
/var/log/dirsrv/slapd-*/access (I hope this is the right path on RHEL6.8)


Then please provide all objectclasses that have a random imported user

regards
Martin
I apologize if this has already been answered, I tried google-fu and 
it didn't return anything useful.

Using IPA 3.0 on Redhat 6.8
Thanks
-Brad








-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Brad Cesarone 
Does it just need the objectclass? Does it care if there are any values 
assigned to the attributes underneath the posixaccount object class?




-Martin Basti  wrote: - 
To: Brad Cesarone 
From: Martin Basti 
Date: 08/03/2016 01:01PM
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population






On 03.08.2016 19:58, Brad Cesarone wrote:


Hi Martin
 
I've been playing with adding objectclasses to the non-posix user. I have so 
far added inetuser, ipaobject, ipasshuser. He started with top, person, 
organizationalPerson, inetOrgPerson and two custom classes. 

You need this 'posixaccount' according the source code of IPA 3.3.0

Martin

 
Nothing came up in /var/log/dirsrv/slapd-*/access when running the search but 
in the /var/log/httpd/error_log there is the following entry:  
user_find{u'', whoami=False, all=False, raw=False, version='2.49', 
no_members=False, pkey_only=False}: SUCCESS
 
The command outputted 
--
0 users matched
-

Number of Entries Returned 0

 
Thanks
-Brad

-Martin Basti  wrote: - 
To: Brad Cesarone , freeipa-users@redhat.com
From: Martin Basti 
Date: 08/03/2016 12:44PM
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population






On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
 
I'm trying to figure out how the webUI populates the user page. I have a mix of 
posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am able to 
view them using ipa user-show, ldapsearch, and if I navigate to them using the 
user details URL they show up. Groups are also able to find the non-posix users 
and verify membership. I am just unable to use ipa user-find or see them in the 
users page.

Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from 
/var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)

Then please provide all objectclasses that have a random imported user

regards
Martin

 
I apologize if this has already been answered, I tried google-fu and it didn't 
return anything useful.
Using IPA 3.0 on Redhat 6.8
 
Thanks
-Brad

 -- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Martin Basti 



On 03.08.2016 19:58, Brad Cesarone wrote:


Hi Martin
I've been playing with adding objectclasses to the non-posix user. I 
have so far added inetuser, ipaobject, ipasshuser. He started with 
top, person, organizationalPerson, inetOrgPerson and two custom classes.


You need this 'posixaccount' according the source code of IPA 3.3.0

Martin
Nothing came up in /var/log/dirsrv/slapd-*/access when running the 
search but in the /var/log/httpd/error_log there is the 
following entry:  user_find{u'', whoami=False, all=False, 
raw=False, version='2.49', no_members=False, pkey_only=False}: SUCCESS

The command outputted
--
0 users matched
-

Number of Entries Returned 0

Thanks
-Brad

-Martin Basti  wrote: -
To: Brad Cesarone , freeipa-users@redhat.com
From: Martin Basti 
Date: 08/03/2016 12:44PM
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population



On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
I'm trying to figure out how the webUI populates the user page. I 
have a mix of posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am 
able to view them using ipa user-show, ldapsearch, and if I navigate 
to them using the user details URL they show up. Groups are also able 
to find the non-posix users and verify membership. I am just unable 
to use ipa user-find or see them in the users page.


Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from 
/var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)


Then please provide all objectclasses that have a random imported user

regards
Martin
I apologize if this has already been answered, I tried google-fu and 
it didn't return anything useful.

Using IPA 3.0 on Redhat 6.8
Thanks
-Brad






-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Brad Cesarone 

Hi Martin

I've been playing with adding objectclasses to the non-posix user. I have so 
far added inetuser, ipaobject, ipasshuser. He started with top, person, 
organizationalPerson, inetOrgPerson and two custom classes. 

Nothing came up in /var/log/dirsrv/slapd-*/access when running the search but 
in the /var/log/httpd/error_log there is the following entry:  
user_find{u'', whoami=False, all=False, raw=False, version='2.49', 
no_members=False, pkey_only=False}: SUCCESS

The command outputted 
--
0 users matched
-

Number of Entries Returned 0


Thanks
-Brad

-Martin Basti  wrote: - 
To: Brad Cesarone , freeipa-users@redhat.com
From: Martin Basti 
Date: 08/03/2016 12:44PM
Subject: Re: [Freeipa-users] IPAv3.0 WebUI User Population






On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
 
I'm trying to figure out how the webUI populates the user page. I have a mix of 
posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am able to 
view them using ipa user-show, ldapsearch, and if I navigate to them using the 
user details URL they show up. Groups are also able to find the non-posix users 
and verify membership. I am just unable to use ipa user-find or see them in the 
users page.

Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from 
/var/log/dirsrv/slapd-*/access  (I hope this is the right path on RHEL6.8)

Then please provide all objectclasses that have a random imported user

regards
Martin

 
I apologize if this has already been answered, I tried google-fu and it didn't 
return anything useful.
Using IPA 3.0 on Redhat 6.8
 
Thanks
-Brad

 -- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Rob Crittenden 

Martin Basti wrote:



On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
I'm trying to figure out how the webUI populates the user page. I have
a mix of posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am
able to view them using ipa user-show, ldapsearch, and if I navigate
to them using the user details URL they show up. Groups are also able
to find the non-posix users and verify membership. I am just unable to
use ipa user-find or see them in the users page.


Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from
/var/log/dirsrv/slapd-*/access (I hope this is the right path on RHEL6.8)

Then please provide all objectclasses that have a random imported user


Martin is right, it is due to missing objectclass(es).

IPA knows what objectclasses constitute and IPA user and user-find (and 
therefore the UI) uses those to find all users (in this case 
posixaccount). So since you have non-POSIX users that's why you don't 
see them.


user-show on the other hand knows where users live and how to build a 
user DN which is why that works.


rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Martin Basti 



On 03.08.2016 18:38, Brad Cesarone wrote:

Hello All
I'm trying to figure out how the webUI populates the user page. I have 
a mix of posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am 
able to view them using ipa user-show, ldapsearch, and if I navigate 
to them using the user details URL they show up. Groups are also able 
to find the non-posix users and verify membership. I am just unable to 
use ipa user-find or see them in the users page.


Hello, I'm afraid you may miss an objectclass in imported users.

Can you please run ipa user-find, and provide SRCH filter from 
/var/log/dirsrv/slapd-*/access (I hope this is the right path on RHEL6.8)


Then please provide all objectclasses that have a random imported user

regards
Martin
I apologize if this has already been answered, I tried google-fu and 
it didn't return anything useful.

Using IPA 3.0 on Redhat 6.8
Thanks
-Brad




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] IPAv3.0 WebUI User Population

2016-08-03 Thread Brad Cesarone 
Hello All

I'm trying to figure out how the webUI populates the user page. I have a mix of 
posix users and non-posix users.
The non-posix users were added using an LDIF and imported fine. I am able to 
view them using ipa user-show, ldapsearch, and if I navigate to them using the 
user details URL they show up. Groups are also able to find the non-posix users 
and verify membership. I am just unable to use ipa user-find or see them in the 
users page.

I apologize if this has already been answered, I tried google-fu and it didn't 
return anything useful.
Using IPA 3.0 on Redhat 6.8

Thanks
-Brad-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project