Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

13.3. Adding and Removing User or Host Group Members

To add members to user groups, you can use:
Important
When adding another user group as a member, do not create recursive groups. For example, if Group A is a member of Group B, do not add Group B as a member of Group A. Recursive groups can cause unpredictable behavior.
To remove members from user groups, you can use:
Note
After you add a member to a user or host group, the update may take some time to spread to all clients in your Identity Management environment. This is because when any given host resolves users, groups or netgroups, the System Security Services Daemon (SSSD) first looks into its cache and performs server lookups only for missing or expired records.
To see the changes applied to the host group immediately, update the SSSD cache on your host by using the cache purge utility, sss_cache. Using sss_cache to invalidate the current records in the SSSD cache for a host group forces the SSSD cache to retrieve the updated records from the identity provider, so changes can be realized quickly.
To clear a host group entry in the SSSD cache: 
# sss_cache -n host_group_name

Web UI: Adding a Member to a User or Host Group

  1. Click Identity Groups and select User Groups or Host Groups in the left sidebar.
  2. Click the name of the group.
  3. Select the type of group member you want to add. For example, Users, User Groups, or External for user groups.

    Figure 13.3. Adding User Group Members

    Adding User Group Members
  4. Click Add.
  5. Select the member you want to add, and click Add to confirm.

Command Line: Adding a Member to a User Group

  1. Optional. Use the ipa group-find or ipa hostgroup-find command to find the group.
  2. To add a member to a user group, use the ipa group-add-member command. To add a member to a host group, use the ipa hostgroup-add-member command.
    When adding a user group member, specify the member using these options:
    • --users adds an IdM user
    • --external adds a user that exists outside the IdM domain, in the format of DOMAIN\user_name or user_name@domain
    • --groups adds an IdM user group
    When adding a host group member, specify the member using these options:
    • --hosts adds an IdM host
    • --groups adds an IdM host group

    Example 13.4. Example commands for adding a member to a user group

    To add user1, user2, and group1 to a group named group_name: 
    $ ipa group-add-member group_name --users=user1 --users=user2 --groups=group1
    To add ad_user from a domain named ad_domain to a group named group_name, you can choose how to specify the external user. For example: 
    $ ipa group-add-member group_name --external='AD_DOMAIN\ad_user'
$ ipa group-add-member group_name --external='ad_user@AD_DOMAIN'
$ ipa group-add-member group_name --external='ad_user@AD_DOMAIN.EXAMPLE.COM'

Web UI: Removing a Member from a User Group

  1. Click Identity Groups and select User Groups or Host Groups in the left sidebar.
  2. Click the name of the group.
  3. Select the type of group member you want to remove. For example, Users, User Groups, or External for user groups.

    Figure 13.4. Removing User Group Members

    Removing User Group Members
  4. Select the check box next to the required member.
  5. Click Delete.

Command Line: Removing a Member from a User Group

  1. Optional. Use the ipa group-show or ipa hostgroup-show command to confirm that the group includes the member you want to remove.
  2. To remove a user group member, use the ipa group-remove-member command. To remove a host group member, use the ipa hostgroup-remove-member command.
    When removing a user group member, specify the member using these options:
    • --users removes an IdM user
    • --external removes a user that exists outside the IdM domain, in the format of DOMAIN\user_name or user_name@domain
    • --groups removes an IdM user group
    When removing a host group member, specify the member using these options:
    • --hosts removes an IdM host
    • --groups removes an IdM host group
    For example, to remove user1, user2, and group1 from a group called group_name: 
    $ ipa group-remove-member group_name --users=user1 --users=user2 --groups=group1
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.