subject:"Re\: \[Freeipa\-users\] users in groups but user entry does not show groups"

Re: [Freeipa-users] users in groups but user entry does not show groups

2014-09-18 Thread Petr Vobornik


On 17.9.2014 18:41, Ron wrote:

I have created user groups and entered users.

When I view the groups under the "User Groups" heading, I see the group
members.

When I go to the "Users" heading, and click the "User Groups"
sub-heading, IPA does not show any groups (says no entries at bottom).

See attached png screenshots.

Any ideas as to what is going on?

This does not happen for all members of the group.  For some users,
there *are* entries for groups under "Users -> User groups"

Thank you.



Hello Ron,

this is indeed a weird behavior.

First, let's figure out whether the problem is in Web UI or somewhere else.

When you run CLI command:
   ipa user-show brogOBFUSCATED

Does it list 'p309-mm' or any other group name in 'Member of groups' line?

On the second screenshot the obfuscated user login looks like it has 
space in it. I hope it's just an illusion.


HTH
--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] users in groups but user entry does not show groups

2014-09-17 Thread Alexander Bokovoy


On Wed, 17 Sep 2014, Ron wrote:

More information that I should have include before is below.  Note that
I use a perl script to add users to the IPA server using perl->LDAP
commands (see below).  Could this be the source of the problem?

Yes. If you are creating users not using IPA commands, you need to make
sure you are adding required object classes. Your user below misses
ipaObject and few more.




snippet from perl createid script:

 $mesg = $ldap->add("uid=$me,".$CONF{"dn_suffix"},
   attrs => [
   "objectclass"   => $CONF{"obj_class"},
   "uidNumber" => $uid,
   "gidNumber" => $gid,
   "cn"=> $gecos,
   "gecos" => $gecos,
   "sn"=> $lastname,
   "givenName" => $firstname,
   "homeDirectory" => $homedir,
   "loginShell"=> $shell,
   "mail"  => $mail,
   "userPassword"  => $pass
   ]);

=
This user does not show the memberof entries even though user brog is in
the p309-mm group.

[root@ipa ~]# ipa user-show --raw --all brog
 dn: uid=brog,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
 uid: brog
 givenname: Bir
 sn: Roga
 cn: Bir Roga
 homedirectory: /home2/brog
 gecos: Bir Roga
 loginshell: /bin/bash
 mail: b...@xyz.gh
 uidnumber: 15520
 gidnumber: 15520
 nsaccountlock: False
 has_password: True
 has_keytab: False
 mepmanagedentry: cn=brog,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
 objectclass: posixAccount
 objectclass: top
 objectclass: person
 objectclass: organizationalPerson
 objectclass: inetOrgPerson
 objectclass: shadowAccount
 objectclass: mepOriginEntry

==
this user shows the "memberof" entries as expected.

[root@ipa ~]# ipa user-show --raw --all dwth
 dn: uid=dwth,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
 uid: dwth
 givenname: Dev
 sn: Tho
 cn: Dev  Tho
 homedirectory: /home2/dwth
 gecos: Devin  Tho
 loginshell: /bin/bash
 krbprincipalname: d...@abc.def.gh
 mail: d...@xyz.gh
 uidnumber: 15424
 gidnumber: 400
 nsaccountlock: False
 has_password: True
 has_keytab: True
 ipauniqueid: 44f17786-f95c-11e2-b3be-64700200e138
 krbextradata: AAJP6ihScm9vdC9hZG1pbkBQSEFTLlVCQy5DQQA=
 krblastpwdchange: 20130905203215Z
 krbpasswordexpiration: 20131204203215Z
 memberof: cn=ipausers,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
 memberof: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
 objectclass: krbticketpolicyaux
 objectclass: ipaobject
 objectclass: organizationalperson
 objectclass: top
 objectclass: ipasshuser
 objectclass: inetorgperson
 objectclass: person
 objectclass: inetuser
 objectclass: krbprincipalaux
 objectclass: shadowaccount
 objectclass: posixaccount
 objectclass: ipaSshGroupOfPubKeys

==
[root@ipa ~]# ipa group-show --all p309-mm
 dn: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
 Group name: p309-mm
 Description: p309 lab group mm
 GID: 462
 Member users: halp, jfc, tpr, dwth, brog
 ipauniqueid: b4d0f16e-3a95-11e4-81df-64700200e138
 objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject,
posixgroup

==


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] users in groups but user entry does not show groups

2014-09-17 Thread Ron

More information that I should have include before is below.  Note that
I use a perl script to add users to the IPA server using perl->LDAP
commands (see below).  Could this be the source of the problem?


snippet from perl createid script:

  $mesg = $ldap->add("uid=$me,".$CONF{"dn_suffix"},
attrs => [
"objectclass"   => $CONF{"obj_class"},
"uidNumber" => $uid,
"gidNumber" => $gid,
"cn"=> $gecos,
"gecos" => $gecos,
"sn"=> $lastname,
"givenName" => $firstname,
"homeDirectory" => $homedir,
"loginShell"=> $shell,
"mail"  => $mail,
"userPassword"  => $pass
]);

=
This user does not show the memberof entries even though user brog is in
the p309-mm group.

[root@ipa ~]# ipa user-show --raw --all brog
  dn: uid=brog,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
  uid: brog
  givenname: Bir
  sn: Roga
  cn: Bir Roga
  homedirectory: /home2/brog
  gecos: Bir Roga
  loginshell: /bin/bash
  mail: b...@xyz.gh
  uidnumber: 15520
  gidnumber: 15520
  nsaccountlock: False
  has_password: True
  has_keytab: False
  mepmanagedentry: cn=brog,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  objectclass: posixAccount
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  objectclass: shadowAccount
  objectclass: mepOriginEntry

==
this user shows the "memberof" entries as expected.

[root@ipa ~]# ipa user-show --raw --all dwth
  dn: uid=dwth,cn=users,cn=accounts,dc=abc,dc=def,dc=gh
  uid: dwth
  givenname: Dev
  sn: Tho
  cn: Dev  Tho
  homedirectory: /home2/dwth
  gecos: Devin  Tho
  loginshell: /bin/bash
  krbprincipalname: d...@abc.def.gh
  mail: d...@xyz.gh
  uidnumber: 15424
  gidnumber: 400
  nsaccountlock: False
  has_password: True
  has_keytab: True
  ipauniqueid: 44f17786-f95c-11e2-b3be-64700200e138
  krbextradata: AAJP6ihScm9vdC9hZG1pbkBQSEFTLlVCQy5DQQA=
  krblastpwdchange: 20130905203215Z
  krbpasswordexpiration: 20131204203215Z
  memberof: cn=ipausers,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  memberof: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  objectclass: krbticketpolicyaux
  objectclass: ipaobject
  objectclass: organizationalperson
  objectclass: top
  objectclass: ipasshuser
  objectclass: inetorgperson
  objectclass: person
  objectclass: inetuser
  objectclass: krbprincipalaux
  objectclass: shadowaccount
  objectclass: posixaccount
  objectclass: ipaSshGroupOfPubKeys

==
[root@ipa ~]# ipa group-show --all p309-mm
  dn: cn=p309-mm,cn=groups,cn=accounts,dc=abc,dc=def,dc=gh
  Group name: p309-mm
  Description: p309 lab group mm
  GID: 462
  Member users: halp, jfc, tpr, dwth, brog
  ipauniqueid: b4d0f16e-3a95-11e4-81df-64700200e138
  objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject,
posixgroup

==


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] users in groups but user entry does not show groups

Re: [Freeipa-users] users in groups but user entry does not show groups

Re: [Freeipa-users] users in groups but user entry does not show groups

3 matches

Site Navigation

Mail list logo

Footer information