[Freeipa-devel] [PATCH] Add a new user-add flag param to disable the creation of UPG.

Nathan Kinder nkinder at redhat.com
Mon Mar 28 22:27:46 UTC 2011 

On 03/28/2011 03:20 PM, Dmitri Pal wrote:
> On 03/28/2011 04:38 PM, Pavel Zůna wrote:
>> This patch handles the issue in a kind of stupid way, but I couldn't 
>> think of anything better.
>>
>> It adds a new flag parameter to user-add (--noprivate). With this 
>> flag, the command marks the private group about to be created for 
>> deletion and is deleted after the user is created. The only exception 
>> is when there is a group, that is named the same way as the user, but 
>> isn't a private group - then the group is left there.
>>
>> Private groups are created automatically by the managed entry DS 
>> plugin and I didn't find a way to disable its creation for a specific 
>> user.
>
> The idea that comes to mind is to define some magical attribute that 
> the DS plugin would recognize and skip the creation of the managed 
> entry as well as strip the entry of this magic attribute/value.
> I remember that other plugins might take advantage of the similar 
> approach.
>
> Is something like this possible?
You are probably thinking of the DNA plug-in and it's use of a magic 
value used to tell the plug-in to allocate a value from a range.  I 
would not like to use this approach here, as it requires additional 
coding and complexity that I don't think is needed.

I would prefer that we use the originFilter to deal with this.  We could 
have an auxiliary objectclass that IPA usually adds when creating an IPA 
user.  The originFilter can key off of this objectclass to create 
managed groups.  When a user is added with the --noprivate option, this 
objectclass is not included in the user entry that is added.  Rob and I 
discussed this approach on IRC earlier today.
>
>
>>
>> Ticket #1131
>>
>> Pavel
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
> -- 
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110328/b2ad73f1/attachment.htm>

More information about the Freeipa-devel mailing list