From ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Jun 2010 16:14:46 -0400
Subject: Add support for User-Private Groups

This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.

If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.

The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
---
 ipalib/plugins/group.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ipalib/plugins/group.py')

diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 0f374378..9da4fe56 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -145,6 +145,8 @@ class group_add(LDAPCreate):
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         if options['posix'] or 'gidnumber' in options:
             entry_attrs['objectclass'].append('posixgroup')
+            if not 'gidnumber' in options:
+                entry_attrs['gidnumber'] = 999
         return dn
 
 
@@ -200,6 +202,8 @@ class group_mod(LDAPUpdate):
             else:
                 old_entry_attrs['objectclass'].append('posixgroup')
                 entry_attrs['objectclass'] = old_entry_attrs['objectclass']
+                if not 'gidnumber' in options:
+                    entry_attrs['gidnumber'] = 999
         return dn
 
 api.register(group_mod)
-- 
cgit