diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-06-25 16:14:46 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-07-06 15:39:34 -0400 |
| commit | ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13 (patch) | |
| tree | f333b0335b3ebdd0d198f3afcd0f274daae5950a /install/share/user_private_groups.ldif | |
| parent | 83fd9ef7cc7823619692a0286cbcec5297245153 (diff) | |
| download | freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.tar.gz freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.tar.xz freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.zip | |
Add support for User-Private Groups
This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.
If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.
The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
Diffstat (limited to 'install/share/user_private_groups.ldif')
| -rw-r--r-- | install/share/user_private_groups.ldif | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/install/share/user_private_groups.ldif b/install/share/user_private_groups.ldif new file mode 100644 index 000000000..070d6e020 --- /dev/null +++ b/install/share/user_private_groups.ldif @@ -0,0 +1,19 @@ +dn: cn=UPG Template,$SUFFIX +changetype: add +objectclass: mepTemplateEntry +cn: UPG Template +mepRDNAttr: cn +mepStaticAttr: objectclass: posixGroup +mepMappedAttr: cn: $$uid +mepMappedAttr: gidNumber: $$uidNumber +mepMappedAttr: description: User private group for $$uid + +dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config +changetype: add +objectclass: extensibleObject +cn: UPG Definition +originScope: cn=users,cn=accounts,$SUFFIX +originFilter: objectclass=posixAccount +managedBase: cn=groups,cn=accounts,$SUFFIX +managedTemplate: cn=UPG Template,$SUFFIX + |