13.3. Adding and Removing User or Host Group Members

To add members to user groups, you can use:

The IdM web UI (see the section called “Web UI: Adding a Member to a User or Host Group”)
The command line (see the section called “Command Line: Adding a Member to a User Group”)

Important

When adding another user group as a member, do not create recursive groups. For example, if Group A is a member of Group B, do not add Group B as a member of Group A. Recursive groups can cause unpredictable behavior.

To remove members from user groups, you can use:

The IdM web UI (see the section called “Web UI: Removing a Member from a User Group”)
The command line (see the section called “Command Line: Removing a Member from a User Group”)

Note

After you add a member to a user or host group, the update may take some time to spread to all clients in your Identity Management environment. This is because when any given host resolves users, groups or netgroups, the System Security Services Daemon (SSSD) first looks into its cache and performs server lookups only for missing or expired records.

To see the changes applied to the host group immediately, update the SSSD cache on your host by using the cache purge utility, sss_cache. Using sss_cache to invalidate the current records in the SSSD cache for a host group forces the SSSD cache to retrieve the updated records from the identity provider, so changes can be realized quickly.

To clear a host group entry in the SSSD cache:

# sss_cache -n host_group_name

Web UI: Adding a Member to a User or Host Group

Click Identity → Groups and select User Groups or Host Groups in the left sidebar.
Click the name of the group.
Select the type of group member you want to add. For example, Users, User Groups, or External for user groups.
Figure 13.3. Adding User Group Members
Click Add.
Select the member you want to add, and click Add to confirm.

Command Line: Adding a Member to a User Group

Optional. Use the ipa group-find or ipa hostgroup-find command to find the group.
To add a member to a user group, use the ipa group-add-member command. To add a member to a host group, use the ipa hostgroup-add-member command.
When adding a user group member, specify the member using these options:
- --users adds an IdM user
- --external adds a user that exists outside the IdM domain, in the format of DOMAIN\user_name or user_name@domain
- --groups adds an IdM user group
When adding a host group member, specify the member using these options:
- --hosts adds an IdM host
- --groups adds an IdM host group
Example 13.4. Example commands for adding a member to a user group
To add user1, user2, and group1 to a group named group_name:
```
$ ipa group-add-member group_name --users=user1 --users=user2 --groups=group1
```
To add ad_user from a domain named ad_domain to a group named group_name, you can choose how to specify the external user. For example:
```
$ ipa group-add-member group_name --external='AD_DOMAIN\ad_user'
$ ipa group-add-member group_name --external='ad_user@AD_DOMAIN'
$ ipa group-add-member group_name --external='ad_user@AD_DOMAIN.EXAMPLE.COM'
```

Web UI: Removing a Member from a User Group

Click Identity → Groups and select User Groups or Host Groups in the left sidebar.
Click the name of the group.
Select the type of group member you want to remove. For example, Users, User Groups, or External for user groups.
Figure 13.4. Removing User Group Members
Select the check box next to the required member.
Click Delete.

Command Line: Removing a Member from a User Group

Optional. Use the ipa group-show or ipa hostgroup-show command to confirm that the group includes the member you want to remove.
To remove a user group member, use the ipa group-remove-member command. To remove a host group member, use the ipa hostgroup-remove-member command.
When removing a user group member, specify the member using these options:
- --users removes an IdM user
- --external removes a user that exists outside the IdM domain, in the format of DOMAIN\user_name or user_name@domain
- --groups removes an IdM user group
When removing a host group member, specify the member using these options:
- --hosts removes an IdM host
- --groups removes an IdM host group
For example, to remove user1, user2, and group1 from a group called group_name:
```
$ ipa group-remove-member group_name --users=user1 --users=user2 --groups=group1
```

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

13.3. Adding and Removing User or Host Group Members

Web UI: Adding a Member to a User or Host Group

Command Line: Adding a Member to a User Group

Web UI: Removing a Member from a User Group

Command Line: Removing a Member from a User Group

Where did the comment section go?