{"id":4409,"date":"2019-10-18T22:54:21","date_gmt":"2019-10-18T19:54:21","guid":{"rendered":"https:\/\/kifarunix.com\/?p=4409"},"modified":"2024-05-04T10:43:34","modified_gmt":"2024-05-04T07:43:34","slug":"add-freeipa-user-accounts-via-cli-or-web-interface","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/add-freeipa-user-accounts-via-cli-or-web-interface\/","title":{"rendered":"Add FreeIPA User Accounts via CLI or Web Interface"},"content":{"rendered":"\n<p>In this guide will take you through how to add FreeIPA user accounts via CLI or Web interface. Our previous guide, link provided a stepwise tutorial on how to install and setup FreeIPA server.<\/p>\n\n\n\n<p>First install and Setup FreeIPA server by following the links below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/?s=install+freeipa\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup FreeIPA Server<\/a><\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#add-user-accounts-to-free-ipa-server\">Add User Accounts to FreeIPA Server<\/a><ul><li><a href=\"#add-free-ipa-user-accounts-via-cli\">Add FreeIPA User Accounts via CLI<\/a><\/li><li><a href=\"#list-free-ipa-user-accounts-on-command-line\">List FreeIPA User Accounts on Command Line<\/a><\/li><li><a href=\"#modify-free-ipa-user-accounts-on-command-line\">Modify FreeIPA User Accounts on Command Line<\/a><\/li><li><a href=\"#add-free-ipa-user-accounts-via-web-interface\">Add FreeIPA User Accounts via Web Interface<\/a><\/li><li><a href=\"#other-related-guides\">Other Related guides<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"add-user-accounts-to-free-ipa-server\">Add User Accounts to FreeIPA Server<\/h2>\n\n\n\n<p>There are two ways in which FreeIPA user accounts can be created:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Via command line interface<\/li>\n\n\n\n<li>Via the FreeIPA web user interface.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"add-free-ipa-user-accounts-via-cli\">Add FreeIPA User Accounts via CLI<\/h3>\n\n\n\n<p>FreeIPA user accounts can be created via the command line using the <strong><code>ipa\u00a0user-add<\/code><\/strong> command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ip user-add --help<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>Usage: ipa [global-options] user-add LOGIN [options]\n\nAdd a new user.\nOptions:\n  -h, --help            show this help message and exit\n  --first=STR           First name\n  --last=STR            Last name\n  --cn=STR              Full name\n  --displayname=STR     Display name\n  --initials=STR        Initials\n  --homedir=STR         Home directory\n  --gecos=STR           GECOS\n  --shell=STR           Login shell\n  --principal=PRINCIPAL\n                        Principal alias\n  --principal-expiration=DATETIME\n                        Kerberos principal expiration\n  --password-expiration=DATETIME\n                        User password expiration\n  --email=STR           Email address\n  --password            Prompt to set the user password\n  --random              Generate a random user password\n  --uid=INT             User ID Number (system will assign one if not\n                        provided)\n  --gidnumber=INT       Group ID Number\n  --street=STR          Street address\n  --city=STR            City\n  --state=STR           State\/Province\n  --postalcode=STR      ZIP\n  --phone=STR           Telephone Number\n  --mobile=STR          Mobile Telephone Number\n  --pager=STR           Pager Number\n  --fax=STR             Fax Number\n  --orgunit=STR         Org. Unit\n  --title=STR           Job Title\n  --manager=STR         Manager\n  --carlicense=STR      Car License\n  --sshpubkey=STR       SSH public key\n  --user-auth-type=['password', 'radius', 'otp', 'pkinit', 'hardened', 'idp', 'passkey']\n                        Types of supported user authentication\n  --class=STR           User category (semantics placed on this attribute are\n                        for local interpretation)\n  --radius=STR          RADIUS proxy configuration\n  --radius-username=STR\n                        RADIUS proxy username\n  --idp=STR             External IdP configuration\n  --idp-user-id=STR     A string that identifies the user at external IdP\n  --departmentnumber=STR\n                        Department Number\n  --employeenumber=STR  Employee Number\n  --employeetype=STR    Employee Type\n  --preferredlanguage=STR\n                        Preferred Language\n  --certificate=CERTIFICATE\n                        Base-64 encoded user certificate\n  --setattr=STR         Set an attribute to a name\/value pair. Format is\n                        attr=value. For multi-valued attributes, the command\n                        replaces the values already present.\n  --addattr=STR         Add an attribute\/value pair. Format is attr=value. The\n                        attribute must be part of the schema.\n  --noprivate           Don't create user private group\n  --all                 Retrieve and print all attributes from the server.\n                        Affects command output.\n  --raw                 Print entries as stored on the server. Only affects\n                        output format.\n  --no-members          Suppress processing of membership attributes.\n<\/code><\/pre>\n\n\n\n<p>The command can be run interactively or non-interactively by entering the attributes interactively  or by passing the attributes directly on the command line respectively.<\/p>\n\n\n\n<p>For example, to create a user called <code><strong>bsmith<\/strong><\/code> on the command line using the <strong><code>ipa\u00a0user-add<\/code><\/strong> non-interactively.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ipa user-add bsmith --first=Bill --last=Smith --random<\/pre>\n\n\n\n<p>The command will create the user account with other account default values.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>-------------------\nAdded user \"bsmith\"\n-------------------\n  User login: bsmith\n  First name: Bill\n  Last name: Smith\n  Full name: Bill Smith\n  Display name: Bill Smith\n  Initials: BS\n  Home directory: \/home\/bsmith\n  GECOS: Bill Smith\n  Login shell: \/bin\/sh\n  Principal name: bsmith@KIFARUNIX.COM\n  Principal alias: bsmith@KIFARUNIX.COM\n  User password expiration: 20240504072504Z\n  Email address: bsmith@kifarunix.com\n  Random password: 3Wp<1@.0oOGl~j3Ebmq_,_\n  UID: 1152000004\n  GID: 1152000004\n  Password: True\n  Member of groups: ipausers\n  Kerberos keys available: True\n<\/code><\/pre>\n\n\n\n<p>To interactively create a FreeIPA user account using the <strong><code>ipa user-add<\/code><\/strong> command, simply run the command on the terminal as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ipa user-add --password<\/pre>\n\n\n\n<p>When run, you are prompted to provide the required values. Where the default values can be used, press Enter to accept the defaults or enter your values and proceed.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>First name: Bonnie\nLast name: Parker\nUser login [bparker]: \nPassword: \nEnter Password again to verify: \n--------------------\nAdded user \"bparker\"\n--------------------\n  User login: bparker\n  First name: Bonnie\n  Last name: Parker\n  Full name: Bonnie Parker\n  Display name: Bonnie Parker\n  Initials: BP\n  Home directory: \/home\/bparker\n  GECOS: Bonnie Parker\n  Login shell: \/bin\/sh\n  Principal name: bparker@KIFARUNIX.COM\n  Principal alias: bparker@KIFARUNIX.COM\n  User password expiration: 20240504072646Z\n  Email address: bparker@kifarunix.com\n  UID: 1152000005\n  GID: 1152000005\n  Password: True\n  Member of groups: ipausers\n  Kerberos keys available: True\n<\/code><\/pre>\n\n\n\n<p>Password provided during account setup is temporary and the user is prompted to change the password on the first login.<\/p>\n\n\n\n<p>Read more on, <strong>ipa user-add --help<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"list-free-ipa-user-accounts-on-command-line\">List FreeIPA User Accounts on Command Line<\/h3>\n\n\n\n<p>You can list FreeIPA user accounts using the <code><strong>ipa user-find<\/strong><\/code> command.<\/p>\n\n\n\n<p>To list all created FreeIPA user accounts, simply run the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ipa user-find --all<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>---------------\n3 users matched\n---------------\n  dn: uid=admin,cn=users,cn=accounts,dc=kifarunix,dc=com\n  User login: admin\n  Last name: Administrator\n  Full name: Administrator\n  Home directory: \/home\/admin\n  GECOS: Administrator\n  Login shell: \/bin\/bash\n  Principal alias: admin@KIFARUNIX.COM, root@KIFARUNIX.COM\n  User password expiration: 20240802064123Z\n  UID: 1152000000\n  GID: 1152000000\n  Account disabled: False\n  Preserved user: False\n  Member of groups: admins, trust admins\n  ipantsecurityidentifier: S-1-5-21-4293870940-1827731141-612974734-500\n  ipauniqueid: d8dbfdea-09e0-11ef-9c0d-525400088c21\n  krbextradata: AAKT2DVmcm9vdC9hZG1pbkBLSUZBUlVOSVguQ09NAA==\n  krblastadminunlock: 20240504064123Z\n  krblastfailedauth: 20240504065202Z\n  krblastpwdchange: 20240504064123Z\n  krbloginfailedcount: 0\n  objectclass: top, person, posixaccount, krbprincipalaux, krbticketpolicyaux, inetuser, ipaobject, ipasshuser, ipaSshGroupOfPubKeys, ipaNTUserAttrs\n\n  dn: uid=bparker,cn=users,cn=accounts,dc=kifarunix,dc=com\n  User login: bparker\n  First name: Bonnie\n  Last name: Parker\n  Full name: Bonnie Parker\n  Display name: Bonnie Parker\n  Initials: BP\n  Home directory: \/home\/bparker\n  GECOS: Bonnie Parker\n  Login shell: \/bin\/sh\n  Principal name: bparker@KIFARUNIX.COM\n  Principal alias: bparker@KIFARUNIX.COM\n  User password expiration: 20240504072646Z\n  Email address: bparker@kifarunix.com\n  UID: 1152000005\n  GID: 1152000005\n  Account disabled: False\n  Preserved user: False\n  Member of groups: ipausers\n  ipantsecurityidentifier: S-1-5-21-4293870940-1827731141-612974734-1005\n  ipauniqueid: aa9f4944-09e7-11ef-8ba4-525400088c21\n  krbextradata: AAI24zVmcm9vdC9hZG1pbkBLSUZBUlVOSVguQ09NAA==\n  krblastpwdchange: 20240504072646Z\n  mepmanagedentry: cn=bparker,cn=groups,cn=accounts,dc=kifarunix,dc=com\n  objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser,\n               ipaSshGroupOfPubKeys, mepOriginEntry, ipantuserattrs\n\n  dn: uid=bsmith,cn=users,cn=accounts,dc=kifarunix,dc=com\n  User login: bsmith\n  First name: Bill\n  Last name: Smith\n  Full name: Bill Smith\n  Display name: Bill Smith\n  Initials: BS\n  Home directory: \/home\/bsmith\n  GECOS: Bill Smith\n  Login shell: \/bin\/sh\n  Principal name: bsmith@KIFARUNIX.COM\n  Principal alias: bsmith@KIFARUNIX.COM\n  User password expiration: 20240504072504Z\n  Email address: bsmith@kifarunix.com\n  UID: 1152000004\n  GID: 1152000004\n  Account disabled: False\n  Preserved user: False\n  Member of groups: ipausers\n  ipantsecurityidentifier: S-1-5-21-4293870940-1827731141-612974734-1004\n  ipauniqueid: 6d832300-09e7-11ef-94ea-525400088c21\n  krbextradata: AALQ4jVmcm9vdC9hZG1pbkBLSUZBUlVOSVguQ09NAA==\n  krblastpwdchange: 20240504072504Z\n  mepmanagedentry: cn=bsmith,cn=groups,cn=accounts,dc=kifarunix,dc=com\n  objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser,\n               ipaSshGroupOfPubKeys, mepOriginEntry, ipantuserattrs\n----------------------------\nNumber of entries returned 3\n----------------------------\n\n<\/code><\/pre>\n\n\n\n<p>To list specific user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ipa user-find USERNAME<\/code><\/pre>\n\n\n\n<p>For example;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ipa user-find jdoe<\/code><\/pre>\n\n\n\n<p>Learn more on <strong><code>ipa user-find --help<\/code><\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"modify-free-ipa-user-accounts-on-command-line\">Modify FreeIPA User Accounts on Command Line<\/h3>\n\n\n\n<p>To change the attributes of the FreeIPA user account, use the <strong><code>ipa user-mod<\/code><\/strong> command.<\/p>\n\n\n\n<p>For example, to change the shell for the user, simply run;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ipa user-mod USERNAME --shell=\/bin\/bash<\/code><\/pre>\n\n\n\n<p>Substitute <strong>USERNAME<\/strong> with the user's login ID.<\/p>\n\n\n\n<p>See other options for changing user attributes, <strong><code>ipa user-mod --help<\/code><\/strong>.<\/p>\n\n\n\n<p>To delete the user, use the <strong><code>ipa user-del<\/code><\/strong> command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code><code>ipa user<\/code>-del USERNAME<\/code><\/pre>\n\n\n\n<p>To remove a user from a specific group;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ipa group-remove-member GROUPNAME --users=USERNAME<\/code><\/pre>\n\n\n\n<p>To disable a user;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ipa user-disable USERNAME<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"add-free-ipa-user-accounts-via-web-interface\">Add FreeIPA User Accounts via Web Interface<\/h3>\n\n\n\n<p>To create, view or modify users and their attributes from FreeIPA server web interface, login to FreeIPA as an administrative user.<\/p>\n\n\n\n<p>Once logged in, Under <strong>Identity<\/strong> &gt; <strong>Users<\/strong> tab, you can see multiple user account management options.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1624\" height=\"444\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa.png?v=1714808114\" alt=\"\" class=\"wp-image-22399\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa.png?v=1714808114 1624w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa-768x210.png?v=1714808114 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa-1536x420.png?v=1714808114 1536w\" sizes=\"(max-width: 1624px) 100vw, 1624px\" \/><\/a><\/figure>\n\n\n\n<p>As you can see from the Users tab, there are three types of the user account states;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Stage<\/strong>\u00a0users are not allowed to authenticate. Some of the user account properties required for active users might not yet be set.<\/li>\n\n\n\n<li><strong>Active<\/strong>\u00a0users are allowed to authenticate. All required user account properties must be set in this state.<\/li>\n\n\n\n<li><strong>Preserved<\/strong>\u00a0users are former\u00a0<code>active<\/code>\u00a0users. They are considered inactive and cannot authenticate to IdM.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>To add a user account, click <strong><code>+Add<\/code><\/strong> button. This opens up a screen where you can set the user's username, the first and last names, passwords and other attributes.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1612\" height=\"635\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/add-users-web-interface-freeipa.png?v=1714808332\" alt=\"\" class=\"wp-image-22400\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/add-users-web-interface-freeipa.png?v=1714808332 1612w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/add-users-web-interface-freeipa-768x303.png?v=1714808332 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/add-users-web-interface-freeipa-1536x605.png?v=1714808332 1536w\" sizes=\"(max-width: 1612px) 100vw, 1612px\" \/><\/figure>\n\n\n\n<p>Click <strong>Add<\/strong> to create the user account. You can click on other options like <strong>Add and Add another<\/strong> to add the user and proceed to add another, <strong>Add and Edit <\/strong>to add the edit the user attributes...<\/p>\n\n\n\n<p>To edit FreeIPA user account attributes, click on the user's username.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1626\" height=\"846\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/edit-freeipa-user-attributes.png?v=1714808467\" alt=\"\" class=\"wp-image-22401\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/edit-freeipa-user-attributes.png?v=1714808467 1626w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/edit-freeipa-user-attributes-768x400.png?v=1714808467 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/edit-freeipa-user-attributes-1536x799.png?v=1714808467 1536w\" sizes=\"(max-width: 1626px) 100vw, 1626px\" \/><\/figure>\n\n\n\n<p>Scroll down the screen to see other user's attributes that can be modified. You can also set user roles, user groups from the same screen.<\/p>\n\n\n\n<p>Be sure to hit <strong>Save<\/strong> when you have modified the user attributes.<\/p>\n\n\n\n<p>You can also Delete, Enable or Disable user account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-related-guides\">Other Related guides<\/h3>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/configure-sssd-for-openldap-client-authentication-on-debian-10-9\/\" target=\"_blank\">Configure SSSD for OpenLDAP Client Authentication on Debian 10\/9<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/setup-openldap-server-with-ssl-tls-on-debian-10\/\" target=\"_blank\">Setup OpenLDAP Server with SSL\/TLS on Debian 10<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-configure-openldap-server-on-fedora-29\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Install and Configure OpenLDAP server on Fedora 29<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide will take you through how to add FreeIPA user accounts via CLI or Web interface. Our previous guide, link provided a stepwise<\/p>\n","protected":false},"author":1,"featured_media":22399,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,285,1152],"tags":[1156,1142,1157,247],"class_list":["post-4409","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-directory-server","category-freeipa","tag-add-freeipa-user-accounts","tag-centos-8","tag-create-freeipa-user-accounts","tag-freeipa","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/4409"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=4409"}],"version-history":[{"count":5,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/4409\/revisions"}],"predecessor-version":[{"id":22402,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/4409\/revisions\/22402"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/22399"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=4409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=4409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=4409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}