[Freeipa-devel] [PATCH] Add a new user-add flag param to disable the creation of UPG.

[Pavel Zůna]

On 2011-03-28 23:05, Rob Crittenden wrote:
> Pavel Zůna wrote:
>> This patch handles the issue in a kind of stupid way, but I couldn't
>> think of anything better.
>>
>> It adds a new flag parameter to user-add (--noprivate). With this flag,
>> the command marks the private group about to be created for deletion and
>> is deleted after the user is created. The only exception is when there
>> is a group, that is named the same way as the user, but isn't a private
>> group - then the group is left there.
>>
>> Private groups are created automatically by the managed entry DS plugin
>> and I didn't find a way to disable its creation for a specific user.
>>
>> Ticket #1131
>>
>> Pavel
>
> I wonder if you can modify the originFilter entry in the Managed Entry
> plugin and set something special so the user gets created w/o a group.
>
> The trick would be getting the filter right. Currently it is
> originFilter: objectclass=posixAccount
>
> I wonder if we could stuff something else in there that would cause it
> to evaluate false when we don't want a managed group.
>
> rob

I thought about it, but changing the filter temporarily isn't an option 
since more user-add operations can be running at the same time and this 
entry is global.

Maybe adding a special object class or temporary attribute to mark users 
to be created without UPG.

Or creating the user without the posixAccount object class and 
attributes and adding them later using user-mod. This might be a bit 
faster than deleting the UPG.

Pavel