Can you provide a result of a LDAP search run on that entry? As Rob points out, you're probably creating the user in a manner that bypasses the framework.
Tomas On 11/16/2015 06:43 AM, zhiyong xue wrote: > I am using IPA 4.1 in CenOS7. And I can login to system after "id > syncopex5", maybe it's cache problem. > > 2015-11-16 11:24 GMT+08:00 Rob Crittenden <[email protected] > <mailto:[email protected]>>: > > zhiyong xue wrote: > > We integrated the Apache Syncope server with FreeIPA server. So user can > > self register ID from Apache Syncope then synchronize to FreeIPA. The > > problems are: > > *1) User created from Apache Syncope can't login to linux. The user > > created from FreeIPA web gui works well.* > > For login issues see https://fedorahosted.org/sssd/wiki/Troubleshooting > This is unlikely to fix things but it will help with later debugging. > > This likely revolves around how you are creating these accounts. We'll > need information on what you're doing. The more details the better. > > > *2) The user also can't be deleted from web UI and CLI. It said > > "syncopex5: user not found".* > > Again, you probably aren't creating the users correctly. > > I can only assume that you are creating the users directly via an LDAP > add. This is working around the IPA framework which does additional > work. > > Knowing what version of IPA this is would help too. > > You'll probably also want to read this: > http://www.freeipa.org/page/V4/User_Life-Cycle_Management . This is in > IPA 4.2. > > rob > rob > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
