<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div>Hi Rob and all,</div><div> </div><div>The ipa-managed-entries command is not available on freeIPA 2.1.3 version comes with Redhat 6.2. Is there any other comparable ways to disable private user groups generation at global/system wide, instead of ''--noprivate" option to 'ups user-add' which is user by user? Thanks a lot.</div><div> </div><div>--David</div><div> </div> <div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "> <div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "> <div dir="ltr"> <hr size="1"> From: Rob Crittenden <rcritten@redhat.com> To: David Copperfield <cao2dan@yahoo.com> Cc: Petr Spacek <pspacek@redhat.com>; "freeipa-users@redhat.com" <freeipa-users@redhat.com> Sent: Wednesday, May 9, 2012 10:08 AM Subject: Re: [Freeipa-users] Please help: Any way to turn off IPA creation of private user group? </div> David Copperfield wrote: > Hi Petr and all, > > Thanks for your reply. > > After the automatic creation of the private user group is turned off, > does the user creation Web page still show the GID field? and pre-filled > with the same number(or the next available GID) as the UID number? or > the filed is completely disappeared? Thanks. Disabling UPG has no effect on what appears in the UI or CLI. The assignment is done on the server. If either of the UID or GID number is not provided one is assigned. In the case of GID if one is not provided and UPG is enabled then it gets assigned the same value as the UID, otherwise it gets the GID of the default users group if it is POSIX. If it is not POSIX the creation request is denied. In 2.2 anyway. In 2.1.3 it may well allow it and try to create a user with no GID (which should fail). rob > > --David > > ------------------------------------------------------------------------ > *From:* Petr Spacek <<a ymailto="mailto:pspacek@redhat.com" href="mailto:pspacek@redhat.com">pspacek@redhat.com</a>> > *To:* <a ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> > *Sent:* Wednesday, May 9, 2012 4:02 AM > *Subject:* Re: [Freeipa-users] Please help: Any way to turn off IPA > creation of private user group? > > On 05/08/2012 03:29 PM, Rob Crittenden wrote: > > David Copperfield wrote: > >> Hi folks, > >> > >> Are there any way to turn off IPA automatic creation of private user > >> group? We use a common user group like ‘nis-wheel’, and completely > >> disabled private groups in openldap before migration. > > > > If you disable private groups then the primary group of users is > going to be > > the default IPA users group. This group will need to be POSIX. If it > isn't you > > can promote it with: > > > > $ ipa group-mod --posix ipausers > > > > To disable private groups run: > > > > $ ipa-managed-entries disable -e 'UPG Definition' > > > > rob > > For record && Google: > > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#user-private-groups > > Petr^2 Spacek > > _______________________________________________ > Freeipa-users mailing list > <a ymailto="mailto:Freeipa-users@redhat.com" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <mailto:<a ymailto="mailto:Freeipa-users@redhat.com" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> > > > > > _______________________________________________ > Freeipa-users mailing list > <a ymailto="mailto:Freeipa-users@redhat.com" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> </div> </div> </div></body></html>