Hi Rob and all,

The  ipa-managed-entries command is not available on freeIPA 2.1.3 version 
comes with Redhat 6.2. Is there any other comparable ways to disable private 
user groups generation at global/system wide, instead of ''--noprivate" option 
to 'ups user-add' which is user by user?  Thanks a lot.

--David


________________________________
 From: Rob Crittenden <rcrit...@redhat.com>
To: David Copperfield <cao2...@yahoo.com> 
Cc: Petr Spacek <pspa...@redhat.com>; "freeipa-users@redhat.com" 
<freeipa-users@redhat.com> 
Sent: Wednesday, May 9, 2012 10:08 AM
Subject: Re: [Freeipa-users] Please help: Any way to turn off IPA creation of 
private user group?
 
David Copperfield wrote:
> Hi Petr and all,
>
> Thanks for your reply.
>
> After the automatic creation of the private user group is turned off,
> does the user creation Web page still show the GID field? and pre-filled
> with the same number(or the next available GID) as the UID number? or
> the filed is completely disappeared? Thanks.

Disabling UPG has no effect on what appears in the UI or CLI.

The assignment is done on the server. If either of the UID or GID number 
is not provided one is assigned. In the case of GID if one is not 
provided and UPG is enabled then it gets assigned the same value as the 
UID, otherwise it gets the GID of the default users group if it is 
POSIX. If it is not POSIX the creation request is denied. In 2.2 anyway. 
In 2.1.3 it may well allow it and try to create a user with no GID 
(which should fail).

rob

>
> --David
>
> ------------------------------------------------------------------------
> *From:* Petr Spacek <pspa...@redhat.com>
> *To:* freeipa-users@redhat.com
> *Sent:* Wednesday, May 9, 2012 4:02 AM
> *Subject:* Re: [Freeipa-users] Please help: Any way to turn off IPA
> creation of private user group?
>
> On 05/08/2012 03:29 PM, Rob Crittenden wrote:
>  > David Copperfield wrote:
>  >> Hi folks,
>  >>
>  >> Are there any way to turn off IPA automatic creation of private user
>  >> group? We use a common user group like ‘nis-wheel’, and completely
>  >> disabled private groups in openldap before migration.
>  >
>  > If you disable private groups then the primary group of users is
> going to be
>  > the default IPA users group. This group will need to be POSIX. If it
> isn't you
>  > can promote it with:
>  >
>  > $ ipa group-mod --posix ipausers
>  >
>  > To disable private groups run:
>  >
>  > $ ipa-managed-entries disable -e 'UPG Definition'
>  >
>  > rob
>
> For record && Google:
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#user-private-groups
>
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to