<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Times New Roman, Times, serif">Hello,<br>
<br>
</font>
<blockquote><font face="Times New Roman, Times, serif">In order to
provision staged users (account inactivated) with there initial
values:<br>
</font>
<blockquote><tt>/</tt><tt>usr/bin/ipa user-add tb20 --to-stage
--first=tb20 --last=tb20</tt><tt><br>
</tt><tt>-----------------</tt><tt><br>
</tt><tt>Added user "tb20"</tt><tt><br>
</tt><tt>-----------------</tt><tt><br>
</tt><tt> User login: tb20</tt><tt><br>
</tt><tt> First name: tb20</tt><tt><br>
</tt><tt> Last name: tb20</tt><tt><br>
</tt><tt> Full name: tb20 tb20</tt><tt><br>
</tt><tt> Display name: tb20 tb20</tt><tt><br>
</tt><tt> Initials: tt</tt><tt><br>
</tt><tt> Home directory: /home/tb20</tt><tt><br>
</tt><tt> GECOS: tb20 tb20</tt><tt><br>
</tt><tt> Login shell: /bin/sh</tt><tt><br>
</tt><tt> Kerberos principal: <a class="moz-txt-link-abbreviated" href="mailto:tb20@IDM.LAB.BOS.REDHAT.COM">tb20@IDM.LAB.BOS.REDHAT.COM</a></tt><tt><br>
</tt><tt> Email address: <a class="moz-txt-link-abbreviated" href="mailto:tb20@idm.lab.bos.redhat.com">tb20@idm.lab.bos.redhat.com</a></tt><tt><br>
</tt><tt> UID: -1</tt><tt><br>
</tt><tt> GID: -1</tt><tt><br>
</tt><tt> Account disabled: true</tt><tt><br>
</tt><tt> Password: False</tt><tt><br>
</tt><tt> Kerberos keys available: False<br>
<br>
ldapsearch -LLL -h localhost -p 389 -D "cn=directory manager"
-w Secret123 -b "dc=idm,dc=lab,dc=bos,dc=redhat,dc=com"
uid=tb20<br>
dn: uid=tb20,cn=staged
users,cn=accounts,cn=provisioning,dc=idm,dc=lab,dc=bos,<br>
dc=redhat,dc=com<br>
displayName: tb20 tb20<br>
cn: tb20 tb20<br>
objectClass: top<br>
objectClass: person<br>
objectClass: organizationalperson<br>
objectClass: inetorgperson<br>
objectClass: inetuser<br>
objectClass: posixaccount<br>
objectClass: krbprincipalaux<br>
objectClass: krbticketpolicyaux<br>
objectClass: ipaobject<br>
objectClass: ipasshuser<br>
objectClass: ipaSshGroupOfPubKeys<br>
loginShell: /bin/sh<br>
uidNumber: -1<br>
ipaUniqueID: autogenerate<br>
gidNumber: -1<br>
gecos: tb20 tb20<br>
sn: tb20<br>
homeDirectory: /home/tb20<br>
uid: tb20<br>
mail: <a class="moz-txt-link-abbreviated" href="mailto:tb20@idm.lab.bos.redhat.com">tb20@idm.lab.bos.redhat.com</a><br>
krbPrincipalName: <a class="moz-txt-link-abbreviated" href="mailto:tb20@IDM.LAB.BOS.REDHAT.COM">tb20@IDM.LAB.BOS.REDHAT.COM</a><br>
givenName: tb20<br>
initials: tt<br>
</tt><br>
</blockquote>
<font face="Times New Roman, Times, serif">I needed to resctrict
the scope of the following plugins:<br>
</font>
<blockquote><tt>dn: cn=ipaUniqueID uniqueness,cn=plugins,cn=config</tt><tt><br>
</tt><tt>nsslapd-pluginarg1:
cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com</tt><tt><br>
</tt><tt><br>
</tt><tt>dn: cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=confi</tt><tt><br>
</tt><tt>ipauuidscope:
cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com</tt><tt><br>
</tt><tt><br>
</tt><tt>dn: cn=Posix IDs,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config</tt><tt><br>
</tt><tt>dnaScope:
cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com</tt><tt><br>
</tt><tt><br>
</tt><tt>dn: cn=MemberOf Plugin,cn=plugins,cn=config</tt><tt><br>
</tt><tt>memberofentryscope:
cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com</tt><br>
<br>
</blockquote>
<font face="Times New Roman, Times, serif">In fact I need them to
not modify the added entry when it is added under "</font><tt>cn=staged
users,cn=accounts,cn=provisioning,$SUFFIX".</tt><br>
<font face="Times New Roman, Times, serif">Now is it possible to
limit those plugins scope to the 'cn=accounts' part of the tree
? I guess not.<br>
If it is not possible, a solution is to make the scope
multi-valued attributes or to introduce a new config attribute
'*notInScope' also multi-valued.<br>
A problem is the 'cn=ipaUniqueID uniqueness' that rely on the
'attribute uniqueness' plugin with a argv[ ], not really
convenient to pass 2 multivalued attributes.<br>
<br>
If anyone is having others solutions it would help me a lot <span
class="moz-smiley-s1"><span> :-) </span></span><br>
<br>
thanks<br>
thierry<br>
<br>
<br>
</font><font face="Times New Roman, Times, serif"><br>
</font>
<blockquote><br>
</blockquote>
<font face="Times New Roman, Times, serif"><br>
</font></blockquote>
</body>
</html>