Thanks for the responses, Rob and Dmitri! The solution sounds very elegant.
I await UPG and the next FreeIPA release (whether or not it has UPG) eagerly. --Ryan On 2010-05-06, at 4:16 PM, Rob Crittenden wrote: > Ryan Thomson wrote: >> Wow, I need to improve my search skills: http://freeipa.org/page/IPAv2_alpha2 >> My answer is at the bottom of the page! >> My apologies, everyone. > > No worries. > > We're going to build this on a new feature in 389-ds, Managed Entries > (http://directory.fedoraproject.org/wiki/Managed_Entry_Design) > > We need an enhancement in the DNA plugin to be able to keep the uidNumber and > gidNumber the same but the Managed Entries plugin does most of the heavy > lifting of avoiding race conditions for us already. > > At this point we just need to wait for the next 389-ds release which should > be in the next few weeks. Once that is available we can create our private > groups. > > rob > >> --Ryan >> Ryan Thomson wrote: >>> Hi list, >>> >>> I am wondering if FreeIPA is planning to conform to RHEL's user private >>> group (UPG) scheme? I think having an option to enable the UPG scheme would >>> be beneficial. >>> >>> Adding a user to the v2 beta reveals that the UPG scheme is not currently >>> being followed with all new accounts auto-added to the default "ipausers" >>> group. >>> >>> I noticed an older mailing list post by rob saying that UPG was being >>> investigated. Has there been any progress in that investigation? Any >>> decisions? >>> >>> Thank you, >>> >>> --Ryan >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> Freeipaemail@example.com >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> _______________________________________________ >> Freeipa-users mailing list >> Freeipafirstname.lastname@example.org >> https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users