diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-06-25 16:14:46 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-07-06 15:39:34 -0400 |
| commit | ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13 (patch) | |
| tree | f333b0335b3ebdd0d198f3afcd0f274daae5950a /ipalib | |
| parent | 83fd9ef7cc7823619692a0286cbcec5297245153 (diff) | |
| download | freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.tar.gz freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.tar.xz freeipa-ba59d9d648d7ee9f3e5b03ede9aeccab97f13a13.zip | |
Add support for User-Private Groups
This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.
If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.
The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/group.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/user.py | 26 |
2 files changed, 20 insertions, 10 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 0f3743784..9da4fe569 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -145,6 +145,8 @@ class group_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): if options['posix'] or 'gidnumber' in options: entry_attrs['objectclass'].append('posixgroup') + if not 'gidnumber' in options: + entry_attrs['gidnumber'] = 999 return dn @@ -200,6 +202,8 @@ class group_mod(LDAPUpdate): else: old_entry_attrs['objectclass'].append('posixgroup') entry_attrs['objectclass'] = old_entry_attrs['objectclass'] + if not 'gidnumber' in options: + entry_attrs['gidnumber'] = 999 return dn api.register(group_mod) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index d72b3bb1b..610d85a95 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -122,6 +122,8 @@ class user(LDAPObject): cli_name='uid', label=_('UID'), doc=_('User ID Number (system will assign one if not provided)'), + autofill=True, + default=999, ), Str('street?', cli_name='street', @@ -169,16 +171,20 @@ class user_add(LDAPCreate): home_dir = home_dir.replace('//', '/').rstrip('/') entry_attrs['homedirectory'] = home_dir - # we're adding new users to a default group, get its gidNumber - # get default group name from config - def_primary_group = config.get('ipadefaultprimarygroup') - group_dn = self.api.Object['group'].get_dn(def_primary_group) - try: - (group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber']) - except errors.NotFound: - error_msg = 'Default group for new users not found.' - raise errors.NotFound(reason=error_msg) - entry_attrs['gidnumber'] = group_attrs['gidnumber'] + if ldap.has_upg(): + # User Private Groups - uidNumber == gidNumber + entry_attrs['gidnumber'] = entry_attrs['uidnumber'] + else: + # we're adding new users to a default group, get its gidNumber + # get default group name from config + def_primary_group = config.get('ipadefaultprimarygroup') + group_dn = self.api.Object['group'].get_dn(def_primary_group) + try: + (group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber']) + except errors.NotFound: + error_msg = 'Default group for new users not found.' + raise errors.NotFound(reason=error_msg) + entry_attrs['gidnumber'] = group_attrs['gidnumber'] return dn |