Performing user sync
When making any kind of user or group-related changes, you need to perform user sync in order for the changes to be synced to FreeIPA.
All user and group related changes with one exception of generating API access keys require user sync. For example all of the following require user sync:
- Creating machine users
- Assigning CDP roles or resource roles to users
- Creating a group, assigning group membership, and deleting a group
- Setting workload password
- Managing user SSH keys
- All control plane actors (users and machine users) with the environments/accessEnvironment right are synced to the FreeIPA.
- All groups of all synced actors are synced to the FreeIPA.
Steps - CDP web interface
From the CDP web interface, you can perform user sync from the Management Console > Environments > navigate to a specific environment > Actions > Synchronize Users to FreeIPA.
Steps - CDP CLI
cdp environments sync-all-users- This command synchronizes all users and groups with CDP environments.
cdp environments sync-user- This commands only works for syncing the current user with all their CDP environments, so you can use it if you are making changes to your own user, but you can't use it for syncing other users.
Depending on how many users you have in CDP, it may take a few minutes for the user sync to complete. The sync operation times out after 30 minutes.