I query a new user syncopex8, it's same created from Apache Syncope server.
*The output of command "ldapsearch -x -h localhost -b dc=exampe,dc=com uid=syncopex8":* # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: uid=syncopex8 # requesting: ALL # # syncopex8, users, compat, example.com dn: uid=syncopex8,cn=users,cn=compat,dc=example,dc=com cn: x8syncope objectClass: posixAccount objectClass: top gidNumber: 657600044 gecos: x8syncope uidNumber: 657600044 loginShell: /bin/sh homeDirectory: /home/syncopex8 uid: syncopex8 # syncopex8, users, accounts, example.com dn: uid=syncopex8,cn=users,cn=accounts,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixAccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry cn: x8syncope displayName: x8syncope uid: syncopex8 gecos: x8syncope uidNumber: 657600044 gidNumber: 657600044 loginShell: /bin/sh homeDirectory: /home/syncopex8 sn: syncope givenName: x8 initials: xs # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 *The output of command "ldapsearch -x -h localhost -b dc=exampe,dc=com cn=syncopex8":* # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: cn=syncopex8 # requesting: ALL # # syncopex8, groups, compat, example.com dn: cn=syncopex8,cn=groups,cn=compat,dc=example,dc=com gidNumber: 657600044 objectClass: posixGroup objectClass: top cn: syncopex8 # syncopex8, groups, accounts, example.com dn: cn=syncopex8,cn=groups,cn=accounts,dc=example,dc=com objectClass: posixgroup objectClass: ipaobject objectClass: mepManagedEntry objectClass: top cn: syncopex8 gidNumber: 657600044 description: User private group for syncopex8 mepManagedBy: uid=syncopex8,cn=users,cn=accounts,dc=example,dc=com ipaUniqueID: 1c07557c-8cce-11e5-8f72-fa163e630e3d # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 *The output of command "ipa user-showsyncopex8 --raw --all"* dn: uid=syncopex8,cn=users,cn=accounts,dc=example,dc=com uid: syncopex8 givenname: x8 sn: syncope cn: x8syncope initials: xs homedirectory: /home/syncopex8 gecos: x8syncope loginshell: /bin/sh mail: [email protected] uidnumber: 657600044 gidnumber: 657600044 nsaccountlock: FALSE has_password: TRUE has_keytab: TRUE displayName: x8syncope ipaUniqueID: 1bffe8b4-8cce-11e5-8f72-fa163e630e3d krbExtraData: AALHiEpWcm9vdC9hZG1pbkBCTVguSUJNLkNPTQA= krbLastPwdChange: 20151117015415Z krbPasswordExpiration: 20151117015415Z krbPrincipalName: [email protected] memberOf: cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com mepManagedEntry: member=syncopex8,cn=groups,cn=accounts,dc=example,dc=com mepManagedEntry: cn=syncopex8,cn=groups,cn=accounts,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixAccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: ipasshuser objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry *The output of command "ipa group-show syncopex8 --raw --all":* dn: cn=syncopex8,cn=groups,cn=accounts,dc=example,dc=com cn: syncopex8 description: User private group for syncopex8 gidnumber: 657600044 ipaUniqueID: 1c07557c-8cce-11e5-8f72-fa163e630e3d mepManagedBy: uid=syncopex8,cn=users,cn=accounts,dc=example,dc=com objectClass: posixgroup objectClass: ipaobject objectClass: mepManagedEntry objectClass: top 2015-11-16 17:49 GMT+08:00 Tomas Babej <[email protected]>: > Can you provide a result of a LDAP search run on that entry? As Rob > points out, you're probably creating the user in a manner that bypasses > the framework. > > Tomas > > On 11/16/2015 06:43 AM, zhiyong xue wrote: > > I am using IPA 4.1 in CenOS7. And I can login to system after "id > > syncopex5", maybe it's cache problem. > > > > 2015-11-16 11:24 GMT+08:00 Rob Crittenden <[email protected] > > <mailto:[email protected]>>: > > > > zhiyong xue wrote: > > > We integrated the Apache Syncope server with FreeIPA server. So > user can > > > self register ID from Apache Syncope then synchronize to FreeIPA. > The > > > problems are: > > > *1) User created from Apache Syncope can't login to linux. The user > > > created from FreeIPA web gui works well.* > > > > For login issues see > https://fedorahosted.org/sssd/wiki/Troubleshooting > > This is unlikely to fix things but it will help with later debugging. > > > > This likely revolves around how you are creating these accounts. > We'll > > need information on what you're doing. The more details the better. > > > > > *2) The user also can't be deleted from web UI and CLI. It said > > > "syncopex5: user not found".* > > > > Again, you probably aren't creating the users correctly. > > > > I can only assume that you are creating the users directly via an > LDAP > > add. This is working around the IPA framework which does additional > > work. > > > > Knowing what version of IPA this is would help too. > > > > You'll probably also want to read this: > > http://www.freeipa.org/page/V4/User_Life-Cycle_Management . This is > in > > IPA 4.2. > > > > rob > > rob > > > > > > > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
