Performing user sync

When making any kind of user or group-related changes, you need to perform user sync in order for the changes to be synced to FreeIPA.

All user and group related changes with one exception of generating API access keys require user sync. For example all of the following require user sync:

  • Creating machine users
  • Assigning CDP roles or resource roles to users
  • Creating a group, assigning group membership, and deleting a group
  • Setting workload password
  • Managing user SSH keys
During user sync:
  • All control plane actors (users and machine users) with the environments/accessEnvironment right are synced to the FreeIPA.
  • All groups of all synced actors are synced to the FreeIPA.

Steps - CDP web interface

  1. From the CDP web interface, you can perform user sync from the Management Console > Environments.
  2. Navigate to a specific environment.
  3. Do one of the following:
    • Click on Actions > Synchronize Users to FreeIPA
    • Navigate to Summary > FreeIPA > Actions > Synchronize Users to FreeIPA
  4. You can optionally select one or more specific environments to sync users to. Or you can leave the option blank to sync to all environments.
  5. Click Synchronize Users.
  6. Status shown will be Running, then Completed.

Steps - CDP CLI

From the CDP CLI, you can use the following commands:
  • cdp environments sync-all-users - This command synchronizes all users and groups with CDP environments.
  • cdp environments sync-user - This commands only works for syncing the current user with all their CDP environments, so you can use it if you are making changes to your own user, but you can't use it for syncing other users.

Depending on how many users you have in CDP, it may take a few minutes for the user sync to complete. The sync operation times out after 30 minutes.