From ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 25 Jun 2010 16:14:46 -0400
Subject: Add support for User-Private Groups

This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.

If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.

The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
---
 ipalib/plugins/user.py | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

(limited to 'ipalib/plugins/user.py')

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index d72b3bb1..610d85a9 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -122,6 +122,8 @@ class user(LDAPObject):
             cli_name='uid',
             label=_('UID'),
             doc=_('User ID Number (system will assign one if not provided)'),
+            autofill=True,
+            default=999,
         ),
         Str('street?',
             cli_name='street',
@@ -169,16 +171,20 @@ class user_add(LDAPCreate):
             home_dir = home_dir.replace('//', '/').rstrip('/')
             entry_attrs['homedirectory'] = home_dir
 
-        # we're adding new users to a default group, get its gidNumber
-        # get default group name from config
-        def_primary_group = config.get('ipadefaultprimarygroup')
-        group_dn = self.api.Object['group'].get_dn(def_primary_group)
-        try:
-            (group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
-        except errors.NotFound:
-            error_msg = 'Default group for new users not found.'
-            raise errors.NotFound(reason=error_msg)
-        entry_attrs['gidnumber'] = group_attrs['gidnumber']
+        if ldap.has_upg():
+            # User Private Groups - uidNumber == gidNumber
+            entry_attrs['gidnumber'] = entry_attrs['uidnumber']
+        else:
+            # we're adding new users to a default group, get its gidNumber
+            # get default group name from config
+            def_primary_group = config.get('ipadefaultprimarygroup')
+            group_dn = self.api.Object['group'].get_dn(def_primary_group)
+            try:
+                (group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
+            except errors.NotFound:
+                error_msg = 'Default group for new users not found.'
+                raise errors.NotFound(reason=error_msg)
+            entry_attrs['gidnumber'] = group_attrs['gidnumber']
 
         return dn
 
-- 
cgit