This patch handles the issue in a kind of stupid way, but I couldn't
think of anything better.
It adds a new flag parameter to user-add (--noprivate). With this flag,
the command marks the private group about to be created for deletion and
is deleted after the user is created. The only exception is when there
is a group, that is named the same way as the user, but isn't a private
group - then the group is left there.
Private groups are created automatically by the managed entry DS plugin
and I didn't find a way to disable its creation for a specific user.
Ticket #1131
Pavel
>From 28d6663b67894f1697e900f7d9518c2f7c168371 Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Mon, 28 Mar 2011 15:10:57 -0400
Subject: [PATCH] Add a new user-add flag param to disable the creation of UPG.
Ticket #1131
---
ipalib/plugins/user.py | 21 ++++++++++++++++++---
1 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index c3bcddd..66ca8d8 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -250,10 +250,17 @@ class user_add(LDAPCreate):
"""
Add a new user.
"""
-
msg_summary = _('Added user "%(value)s"')
+ takes_options = LDAPCreate.takes_args + (
+ Flag('noprivate',
+ cli_name='noprivate',
+ doc=_('don\'t create user private group'),
+ ),
+ )
+
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+ setattr(context, 'delupg', options.get('noprivate', False))
try:
# The Managed Entries plugin will allow a user to be created
# even if a group has a duplicate name. This would leave a user
@@ -263,7 +270,9 @@ class user_add(LDAPCreate):
self.api.Command['user_show'](keys[-1])
raise errors.DuplicateEntry()
except errors.NotFound:
- raise errors.ManagedGroupExistsError(group=keys[-1])
+ if not options.get('noprivate', False):
+ raise errors.ManagedGroupExistsError(group=keys[-1])
+ setattr(context, 'delupg', False)
except errors.NotFound:
pass
validate_nsaccountlock(entry_attrs)
@@ -291,7 +300,7 @@ class user_add(LDAPCreate):
if 'gidnumber' not in entry_attrs:
# gidNumber wasn't specified explicity, find out what it should be
- if ldap.has_upg():
+ if not options.get('noprivate', False) and ldap.has_upg():
# User Private Groups - uidNumber == gidNumber
entry_attrs['gidnumber'] = entry_attrs['uidnumber']
else:
@@ -317,6 +326,12 @@ class user_add(LDAPCreate):
def_primary_group = config.get('ipadefaultprimarygroup')
group_dn = self.api.Object['group'].get_dn(def_primary_group)
ldap.add_entry_to_group(dn, group_dn)
+ if getattr(context, 'delupg', False):
+ try:
+ self.api.Command['group_detach'](keys[-1])
+ self.api.Command['group_del'](keys[-1])
+ except errors.NotFound:
+ pass
return dn
api.register(user_add)
--
1.7.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel