This patch handles the issue in a kind of stupid way, but I couldn't think of anything better.

It adds a new flag parameter to user-add (--noprivate). With this flag, the command marks the private group about to be created for deletion and is deleted after the user is created. The only exception is when there is a group, that is named the same way as the user, but isn't a private group - then the group is left there.


Private groups are created automatically by the managed entry DS plugin and I didn't find a way to disable its creation for a specific user.

Ticket #1131

Pavel
>From 28d6663b67894f1697e900f7d9518c2f7c168371 Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Mon, 28 Mar 2011 15:10:57 -0400
Subject: [PATCH] Add a new user-add flag param to disable the creation of UPG.

Ticket #1131
---
 ipalib/plugins/user.py |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index c3bcddd..66ca8d8 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -250,10 +250,17 @@ class user_add(LDAPCreate):
     """
     Add a new user.
     """
-
     msg_summary = _('Added user "%(value)s"')
 
+    takes_options = LDAPCreate.takes_args + (
+        Flag('noprivate',
+            cli_name='noprivate',
+            doc=_('don\'t create user private group'),
+        ),
+    )
+
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+        setattr(context, 'delupg', options.get('noprivate', False))
         try:
             # The Managed Entries plugin will allow a user to be created
             # even if a group has a duplicate name. This would leave a user
@@ -263,7 +270,9 @@ class user_add(LDAPCreate):
                 self.api.Command['user_show'](keys[-1])
                 raise errors.DuplicateEntry()
             except errors.NotFound:
-                raise errors.ManagedGroupExistsError(group=keys[-1])
+                if not options.get('noprivate', False):
+                    raise errors.ManagedGroupExistsError(group=keys[-1])
+                setattr(context, 'delupg', False)
         except errors.NotFound:
             pass
         validate_nsaccountlock(entry_attrs)
@@ -291,7 +300,7 @@ class user_add(LDAPCreate):
 
         if 'gidnumber' not in entry_attrs:
             # gidNumber wasn't specified explicity, find out what it should be
-            if ldap.has_upg():
+            if not options.get('noprivate', False) and ldap.has_upg():
                 # User Private Groups - uidNumber == gidNumber
                 entry_attrs['gidnumber'] = entry_attrs['uidnumber']
             else:
@@ -317,6 +326,12 @@ class user_add(LDAPCreate):
         def_primary_group = config.get('ipadefaultprimarygroup')
         group_dn = self.api.Object['group'].get_dn(def_primary_group)
         ldap.add_entry_to_group(dn, group_dn)
+        if getattr(context, 'delupg', False):
+            try:
+                self.api.Command['group_detach'](keys[-1])
+                self.api.Command['group_del'](keys[-1])
+            except errors.NotFound:
+                pass
         return dn
 
 api.register(user_add)
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to