From ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Jun 2010 16:14:46 -0400
Subject: Add support for User-Private Groups

This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.

If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.

The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
---
 install/share/user_private_groups.ldif | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 install/share/user_private_groups.ldif

(limited to 'install/share/user_private_groups.ldif')

diff --git a/install/share/user_private_groups.ldif b/install/share/user_private_groups.ldif
new file mode 100644
index 00000000..070d6e02
--- /dev/null
+++ b/install/share/user_private_groups.ldif
@@ -0,0 +1,19 @@
+dn: cn=UPG Template,$SUFFIX
+changetype: add
+objectclass: mepTemplateEntry
+cn: UPG Template
+mepRDNAttr: cn
+mepStaticAttr: objectclass: posixGroup
+mepMappedAttr: cn: $$uid
+mepMappedAttr: gidNumber: $$uidNumber
+mepMappedAttr: description: User private group for $$uid
+
+dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
+changetype: add
+objectclass: extensibleObject
+cn: UPG Definition
+originScope: cn=users,cn=accounts,$SUFFIX
+originFilter: objectclass=posixAccount
+managedBase: cn=groups,cn=accounts,$SUFFIX
+managedTemplate: cn=UPG Template,$SUFFIX
+
-- 
cgit