summaryrefslogtreecommitdiffstats
path: root/install/share
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-06-25 16:14:46 -0400
committerRob Crittenden <rcritten@redhat.com>2010-07-06 15:39:34 -0400
commitba59d9d648d7ee9f3e5b03ede9aeccab97f13a13 (patch)
treef333b0335b3ebdd0d198f3afcd0f274daae5950a /install/share
parent83fd9ef7cc7823619692a0286cbcec5297245153 (diff)
downloadfreeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.tar.gz
freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.tar.xz
freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.zip
Add support for User-Private Groups
This uses a new 389-ds plugin, Managed Entries, to automatically create a group entry when a user is created. The DNA plugin ensures that the group has a gidNumber that matches the users uidNumber. When the user is removed the group is automatically removed as well. If the managed entries plugin is not available or if a specific, separate range for gidNumber is passed in at install time then User-Private Groups will not be configured. The code checking for the Managed Entries plugin may be removed at some point. This is there because this plugin is only available in a 389-ds alpha release currently (1.2.6-a4).
Diffstat (limited to 'install/share')
-rw-r--r--install/share/Makefile.am2
-rw-r--r--install/share/dna-upg.ldif16
-rw-r--r--install/share/user_private_groups.ldif19
3 files changed, 37 insertions, 0 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index cb7d98367..5ff62baf6 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -31,6 +31,7 @@ app_DATA = \
preferences.html.template \
referint-conf.ldif \
dna-posix.ldif \
+ dna-upg.ldif \
master-entry.ldif \
memberof-task.ldif \
memberof-conf.ldif \
@@ -39,6 +40,7 @@ app_DATA = \
schema_compat.uldif \
ldapi.ldif \
wsgi.py \
+ user_private_groups.ldif \
$(NULL)
EXTRA_DIST = \
diff --git a/install/share/dna-upg.ldif b/install/share/dna-upg.ldif
new file mode 100644
index 000000000..c4edcfaa4
--- /dev/null
+++ b/install/share/dna-upg.ldif
@@ -0,0 +1,16 @@
+# add plugin configuration for user private groups
+
+dn: cn=User Private Groups,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+changetype: add
+objectclass: top
+objectclass: extensibleObject
+cn: Posix Accounts
+dnaType: uidNumber
+dnaType: gidNumber
+dnaNextValue: eval($UIDSTART+1)
+dnaInterval: 1
+dnaMaxValue: eval($UIDSTART+100000)
+dnaMagicRegen: 999
+dnaFilter: (|(objectclass=posixAccount)(objectClass=posixGroup))
+dnaScope: $SUFFIX
+
diff --git a/install/share/user_private_groups.ldif b/install/share/user_private_groups.ldif
new file mode 100644
index 000000000..070d6e020
--- /dev/null
+++ b/install/share/user_private_groups.ldif
@@ -0,0 +1,19 @@
+dn: cn=UPG Template,$SUFFIX
+changetype: add
+objectclass: mepTemplateEntry
+cn: UPG Template
+mepRDNAttr: cn
+mepStaticAttr: objectclass: posixGroup
+mepMappedAttr: cn: $$uid
+mepMappedAttr: gidNumber: $$uidNumber
+mepMappedAttr: description: User private group for $$uid
+
+dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
+changetype: add
+objectclass: extensibleObject
+cn: UPG Definition
+originScope: cn=users,cn=accounts,$SUFFIX
+originFilter: objectclass=posixAccount
+managedBase: cn=groups,cn=accounts,$SUFFIX
+managedTemplate: cn=UPG Template,$SUFFIX
+