Re: [Freeipa-users] Problem finding new users via command line

2014-06-18 Thread John Moyer
Rob,

That is correct, I just put my ssh key in for that new user and was
unable to ssh to one of the nodes registered with IPA.  I also logged in
as myself (which did work) and then ran getent password new.user and
that yielded nothing, but getent password john.moyer yielded all of my
information.  



On 6/17/14, 11:26 AM, Rob Crittenden wrote:
 John Moyer wrote:
 Sorry forgot the second part of your question:

 rpm -qa | grep ipa
 libipa_hbac-1.9.2-129.el6_5.4.x86_64
 ipa-server-3.0.0-37.el6.x86_64
 ipa-pki-ca-theme-9.0.3-7.el6.noarch
 python-iniparse-0.3.1-2.1.el6.noarch
 libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
 ipa-python-3.0.0-37.el6.x86_64
 ipa-client-3.0.0-37.el6.x86_64
 ipa-admintools-3.0.0-37.el6.x86_64
 ipa-pki-common-theme-9.0.3-7.el6.noarch
 ipa-server-selinux-3.0.0-37.el6.x86_64
 It's important that we're comparing apples to apples. Is this a search
 against the same IPA server or do you have multiple masters?

 I assume that SSSD isn't seeing these new users either which is what
 lead you to ldapsearch?

 You might want to do the same search on a working and non-working box
 and compare the 389-ds access logs to see if there is anything noticeable.

 rob


 John

 On 6/17/14, 8:30 AM, John Moyer wrote:
 I'm using ldapsearch.  The command I was using was like the one below
 (edited to protect creds/users).

 ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b
 dc=digitalreasoning,dc=com -D
 uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com -w
 'password' uid=first.last


 # extended LDIF
 #
 # LDAPv3
 # base dc=digitalreasoning,dc=com with scope subtree
 # filter: uid=first.last
 # requesting: ALL
 #

 # search result
 search: 3
 result: 0 Success

 # numResponses: 1


 Any help is much appreciated! 

 Thanks,

 John



 On 6/16/14, 6:22 PM, Rob Crittenden wrote:
 John Moyer wrote:
 Hello All,

 I'm having a problem querying new users.   

 I can create the user from the webpage no problem, and I can see
 them afterwards via the webpage.  I can then see those users via ipa
 user-find, as well as a LOCAL ldapsearch, even remotely from apache
 directory studio.  However, if I go to another linux box and do an
 ldapsearch the new user (only the new user) is not seen in the search.  
 Users created before today work great.   Now I did change stuff, I did a
 yum upgrade last weekend and this was not a problem before I did this.  
 Any help or guidance to make a remove ldapsearch work on new users would
 be greatly appreciated!  
 What command-line are you using? What rpm version is [free]ipa-python?
 Do you have multiple masters or is this a single IPA server?

 rob




 Thanks,
 
 John Moyer




 Thanks,
 
 John Moyer
 Director, IT Operations
 901 N. Stuart St. STE 904A
 Arlington,VA 22203
 703.678.2311 Office
 240.460.0023 Cell
 703.678.2312 Fax




Thanks,

John Moyer
Director, IT Operations
901 N. Stuart St. STE 904A
Arlington,VA 22203
703.678.2311 Office
240.460.0023 Cell
703.678.2312 Fax
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Problem finding new users via command line

2014-06-17 Thread John Moyer
Sorry forgot the second part of your question:

rpm -qa | grep ipa
libipa_hbac-1.9.2-129.el6_5.4.x86_64
ipa-server-3.0.0-37.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
python-iniparse-0.3.1-2.1.el6.noarch
libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
ipa-python-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
ipa-admintools-3.0.0-37.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-server-selinux-3.0.0-37.el6.x86_64


John

On 6/17/14, 8:30 AM, John Moyer wrote:
 I'm using ldapsearch.  The command I was using was like the one below
 (edited to protect creds/users).

 ldapsearch -x -h ipa.digitalreasoning.com -ZZ -b
 dc=digitalreasoning,dc=com -D
 uid=adminuser,cn=users,cn=accounts,dc=digitalreasoning,dc=com -w
 'password' uid=first.last


 # extended LDIF
 #
 # LDAPv3
 # base dc=digitalreasoning,dc=com with scope subtree
 # filter: uid=first.last
 # requesting: ALL
 #

 # search result
 search: 3
 result: 0 Success

 # numResponses: 1


 Any help is much appreciated! 

 Thanks,

 John



 On 6/16/14, 6:22 PM, Rob Crittenden wrote:
 John Moyer wrote:
 Hello All,

 I'm having a problem querying new users.   

 I can create the user from the webpage no problem, and I can see
 them afterwards via the webpage.  I can then see those users via ipa
 user-find, as well as a LOCAL ldapsearch, even remotely from apache
 directory studio.  However, if I go to another linux box and do an
 ldapsearch the new user (only the new user) is not seen in the search.  
 Users created before today work great.   Now I did change stuff, I did a
 yum upgrade last weekend and this was not a problem before I did this.  
 Any help or guidance to make a remove ldapsearch work on new users would
 be greatly appreciated!  
 What command-line are you using? What rpm version is [free]ipa-python?
 Do you have multiple masters or is this a single IPA server?

 rob





 Thanks,
 
 John Moyer





Thanks,

John Moyer
Director, IT Operations
901 N. Stuart St. STE 904A
Arlington,VA 22203
703.678.2311 Office
240.460.0023 Cell
703.678.2312 Fax
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Problem finding new users via command line

2014-06-16 Thread John Moyer
Hello All,

I'm having a problem querying new users.   

I can create the user from the webpage no problem, and I can see
them afterwards via the webpage.  I can then see those users via ipa
user-find, as well as a LOCAL ldapsearch, even remotely from apache
directory studio.  However, if I go to another linux box and do an
ldapsearch the new user (only the new user) is not seen in the search.  
Users created before today work great.   Now I did change stuff, I did a
yum upgrade last weekend and this was not a problem before I did this.  
Any help or guidance to make a remove ldapsearch work on new users would
be greatly appreciated!  


Thanks,

John Moyer

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Problem finding new users via command line

2014-06-16 Thread Dmitri Pal

On 06/16/2014 04:20 PM, John Moyer wrote:

Hello All,

I'm having a problem querying new users.

I can create the user from the webpage no problem, and I can see 
them afterwards via the webpage.  I can then see those users via ipa 
user-find, as well as a LOCAL ldapsearch, even remotely from apache 
directory studio.  However, if I go to another linux box and do an 
ldapsearch the new user (only the new user) is not seen in the 
search.   Users created before today work great. Now I did change 
stuff, I did a yum upgrade last weekend and this was not a problem 
before I did this.   Any help or guidance to make a remove ldapsearch 
work on new users would be greatly appreciated!


We really need more than that to help.
Please give more details about the client and versions you use.

May be you have different replicas and the communication is broken 
between them and the client access the other replica?





Thanks,

John Moyer



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Problem finding new users via command line

2014-06-16 Thread Rob Crittenden
John Moyer wrote:
 Hello All,
 
 I'm having a problem querying new users.   
 
 I can create the user from the webpage no problem, and I can see
 them afterwards via the webpage.  I can then see those users via ipa
 user-find, as well as a LOCAL ldapsearch, even remotely from apache
 directory studio.  However, if I go to another linux box and do an
 ldapsearch the new user (only the new user) is not seen in the search.  
 Users created before today work great.   Now I did change stuff, I did a
 yum upgrade last weekend and this was not a problem before I did this.  
 Any help or guidance to make a remove ldapsearch work on new users would
 be greatly appreciated!  

What command-line are you using? What rpm version is [free]ipa-python?
Do you have multiple masters or is this a single IPA server?

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users