2 files changed, 16 insertions, 1 deletions

diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am
index b103d567..b187b5df 100644
--- a/ipa-server/ipa-install/share/Makefile.am
+++ b/ipa-server/ipa-install/share/Makefile.am
@@ -22,6 +22,7 @@ app_DATA =				\
 	referint-conf.ldif		\
 	dna-posix.ldif			\
 	master-entry.ldif		\
+	memberof-task.ldif		\
 	$(NULL)
 
 EXTRA_DIST =				\
diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py
index 9a539470..0cab1744 100644
--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@@ -35,6 +35,9 @@ def ldap_mod(fd, dn, pwd):
     args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
     run(args)
 
+    text = fd.read()
+    print text
+
 def realm_to_suffix(realm_name):
     s = realm_name.split(".")
     terms = ["dc=" + x.lower() for x in s]
@@ -78,7 +81,7 @@ class DsInstance(service.Service):
         self.dm_password = dm_password
         self.__setup_sub_dict()
 
-        self.start_creation(11, "Configuring directory server:")
+        self.start_creation(15, "Configuring directory server:")
         self.__create_ds_user()
         self.__create_instance()
         self.__add_default_schemas()
@@ -97,6 +100,7 @@ class DsInstance(service.Service):
 	self.__config_uidgid_gen_first_master()
         self.__add_default_layout()
 	self.__add_master_entry_first_master()
+        self.__init_memberof()
 
 
         self.step("configuring directoy to start on boot")
@@ -177,6 +181,16 @@ class DsInstance(service.Service):
             logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
         memberof_fd.close()
 
+    def __init_memberof(self):
+        self.step("initializing group membership")
+        memberof_txt = template_file(SHARE_DIR + "memberof-task.ldif", self.sub_dict)
+        memberof_fd = write_tmp_file(memberof_txt)
+        try:
+            ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password)
+        except subprocess.CalledProcessError, e:
+            logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
+        memberof_fd.close()
+
     def __add_referint_module(self):
         self.step("enabling referential integrity plugin")
         referint_txt = template_file(SHARE_DIR + "referint-conf.ldif", self.sub_dict)