From ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Jun 2010 16:14:46 -0400
Subject: Add support for User-Private Groups

This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.

If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.

The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
---
 install/share/Makefile.am              |  2 ++
 install/share/dna-upg.ldif             | 16 ++++++++++++++++
 install/share/user_private_groups.ldif | 19 +++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 install/share/dna-upg.ldif
 create mode 100644 install/share/user_private_groups.ldif

(limited to 'install/share')

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index cb7d98367..5ff62baf6 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -31,6 +31,7 @@ app_DATA =				\
 	preferences.html.template 	\
 	referint-conf.ldif		\
 	dna-posix.ldif			\
+	dna-upg.ldif			\
 	master-entry.ldif		\
 	memberof-task.ldif		\
 	memberof-conf.ldif		\
@@ -39,6 +40,7 @@ app_DATA =				\
 	schema_compat.uldif		\
 	ldapi.ldif			\
 	wsgi.py				\
+	user_private_groups.ldif	\
 	$(NULL)
 
 EXTRA_DIST =				\
diff --git a/install/share/dna-upg.ldif b/install/share/dna-upg.ldif
new file mode 100644
index 000000000..c4edcfaa4
--- /dev/null
+++ b/install/share/dna-upg.ldif
@@ -0,0 +1,16 @@
+# add plugin configuration for user private groups
+
+dn: cn=User Private Groups,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
+changetype: add
+objectclass: top
+objectclass: extensibleObject
+cn: Posix Accounts
+dnaType: uidNumber
+dnaType: gidNumber
+dnaNextValue: eval($UIDSTART+1)
+dnaInterval: 1
+dnaMaxValue: eval($UIDSTART+100000)
+dnaMagicRegen: 999
+dnaFilter: (|(objectclass=posixAccount)(objectClass=posixGroup))
+dnaScope: $SUFFIX
+
diff --git a/install/share/user_private_groups.ldif b/install/share/user_private_groups.ldif
new file mode 100644
index 000000000..070d6e020
--- /dev/null
+++ b/install/share/user_private_groups.ldif
@@ -0,0 +1,19 @@
+dn: cn=UPG Template,$SUFFIX
+changetype: add
+objectclass: mepTemplateEntry
+cn: UPG Template
+mepRDNAttr: cn
+mepStaticAttr: objectclass: posixGroup
+mepMappedAttr: cn: $$uid
+mepMappedAttr: gidNumber: $$uidNumber
+mepMappedAttr: description: User private group for $$uid
+
+dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
+changetype: add
+objectclass: extensibleObject
+cn: UPG Definition
+originScope: cn=users,cn=accounts,$SUFFIX
+originFilter: objectclass=posixAccount
+managedBase: cn=groups,cn=accounts,$SUFFIX
+managedTemplate: cn=UPG Template,$SUFFIX
+
-- 
cgit