On 03/28/2011 10:50 AM, Rob Crittenden wrote: > Sigbjorn Lie wrote: >> Fantastic! Thanks. I will update my scripts. >> >> Is there any downside to doing this? > > One thing I should warn you of though that we've run into from time to > time. Some of our LDAP operations are done as post-operations, that is > they execute after the data has been returned to the client. Managed > Entries (private groups) is one of these. I can definitely see the > case where you try to detach a managed group that hasn't quite > finished being created yet. I'd probably put a 1 or 2 second sleep > after the user creation to be sure, even if it does slow things > considerably. > > We're working with the 389-ds devs on this. There is the tradeoff of > speed vs correctness (users don't like watching a blinking prompt). > Some of these post-ops could take a while.
I think we should seriously consider a -noprivategroup option > > rob > >> >> >> >> Rgds, >> Siggi >> >> >> >> >> On Mon, March 28, 2011 16:02, Rob Crittenden wrote: >>> Sigbjorn Lie wrote: >>> >>>> Thanks. >>>> >>>> >>>> I also noticed that a group with the same GID number as the users >>>> UID number is automatically >>>> created when creating the user account, this is a problem for >>>> existing environments who's >>>> already used the same ID number for a group. >>>> >>>> I see that even after doing a user-mod, changing the GID of the >>>> account, the private >>>> (invisible) >>>> group still exists. >>>> >>>> I'm missing an option to choose if I want to create or not create a >>>> private group for the user. >>>> >>> >>> There currently isn't an option for that. You can delete a managed >>> group >>> this way: >>> >>> $ ipa user-add --first=Tim --last=Test ttest >>> >>> >>> You now have a group ttest too, lets delete it. >>> >>> >>> $ ipa group-detach ttest >>> $ ipa group-del ttest >>> >>> >>> The first command detaches it from the user (this is not reversible) >>> and >>> the second removes it altogether. >>> >>> rob >>> >>>> >>>> >>>> Rgds, >>>> Siggi >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Sat, March 26, 2011 18:21, Dmitri Pal wrote: >>>> >>>>> On 03/25/2011 03:13 PM, Sigbjorn Lie wrote: >>>>> >>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> >>>>>> Using --gidnumber when adding a new user with "ipa user-add" does >>>>>> not >>>>>> seem to have any effect. A gid number with the same value as what >>>>>> I specify in with the >>>>>> --uid >>>>>> parameter is chosen. >>>>>> >>>>>> I presume this is not the way user-add is intended to work? >>>>>> >>>>>> >>>>> >>>>> We will take a look. >>>>> https://fedorahosted.org/freeipa/ticket/1127 >>>>> >>>>> >>>>> >>>>> Looks like a bug so I filed a ticket. >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>> # ipa user-add mysql14 --first=MySQL --last=Server >>>>>> --homedir=/var/lib/mysql --shell=/bin/false --uid=110 >>>>>> --gidnumber=3004 >>>>>> -------------------- >>>>>> Added user "mysql14" >>>>>> -------------------- >>>>>> User login: mysql14 >>>>>> First name: MySQL >>>>>> Last name: Server >>>>>> Full name: MySQL Server >>>>>> Display name: MySQL Server >>>>>> Initials: MS >>>>>> Home directory: /var/lib/mysql >>>>>> GECOS field: mysql14 >>>>>> Login shell: /bin/false >>>>>> Kerberos principal: [email protected] >>>>>> UID: 110 >>>>>> GID: 110 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Regards, >>>>>> Siggi >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thank you, >>>>> Dmitri Pal >>>>> >>>>> >>>>> >>>>> Sr. Engineering Manager IPA project, >>>>> Red Hat Inc. >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------- >>>>> Looking to carve out IT costs? >>>>> www.redhat.com/carveoutcosts/ >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Freeipa-users mailing list >>>>> [email protected] >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> >>>>> >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>> >>> >> >> > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
