The has_upg() check was created during a transition period for 389-ds. It is no longer needed and is actually breaking things. The location of UPG template moved so it thinks the feature is not available. This is making the primary user's group ipausers instead of the UPG.

rob
>From 14f8ee5ab1a5074b9d55e3b7a3cdef001caba5cb Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 12 Oct 2011 17:00:50 -0400
Subject: [PATCH] Disable has_upg() check. This was breaking gid == uid when
 adding users.

The location of the UPG template moved which caused has_upg() to return
False so gid was not being set to uid.

https://fedorahosted.org/freeipa/ticket/1964
https://fedorahosted.org/freeipa/ticket/1242
---
 ipalib/plugins/user.py     |    2 +-
 ipaserver/plugins/ldap2.py |   21 ---------------------
 2 files changed, 1 insertions(+), 22 deletions(-)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 35866d6..b905b7b 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -405,7 +405,7 @@ class user_add(LDAPCreate):
 
         if 'gidnumber' not in entry_attrs:
             # gidNumber wasn't specified explicity, find out what it should be
-            if not options.get('noprivate', False) and ldap.has_upg():
+            if not options.get('noprivate', False):
                 # User Private Groups - uidNumber == gidNumber
                 entry_attrs['gidnumber'] = entry_attrs['uidnumber']
             else:
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index fddfe0f..9df9ce3 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -701,27 +701,6 @@ class ldap2(CrudBackend, Encoder):
         else:
             return self.schema
 
-    def has_upg(self):
-        """Returns True/False whether User-Private Groups are enabled.
-           This is determined based on whether the UPG Template exists.
-           We determine this at module load so we don't have to test for
-           it every time.
-        """
-        global _upg
-
-        if _upg is None:
-            try:
-                upg_entry = self.conn.search_s(
-                    'cn=UPG Template,cn=etc,%s' % api.env.basedn,
-                    _ldap.SCOPE_BASE,
-                    attrlist=['*']
-                )[0]
-                _upg = True
-            except _ldap.NO_SUCH_OBJECT, e:
-                _upg = False
-
-        return _upg
-
     @encode_args(1, 2)
     def get_effective_rights(self, dn, entry_attrs):
         """Returns the rights the currently bound user has for the given DN.
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to