[Freeipa-users] Please help: Any way to turn off IPA creation of private user group?
David Copperfield
cao2dan at yahoo.com
Wed May 9 17:21:39 UTC 2012
Hi Rob and all,
The ipa-managed-entries command is not available on freeIPA 2.1.3 version comes with Redhat 6.2. Is there any other comparable ways to disable private user groups generation at global/system wide, instead of ''--noprivate" option to 'ups user-add' which is user by user? Thanks a lot.
--David
________________________________
From: Rob Crittenden <rcritten at redhat.com>
To: David Copperfield <cao2dan at yahoo.com>
Cc: Petr Spacek <pspacek at redhat.com>; "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Sent: Wednesday, May 9, 2012 10:08 AM
Subject: Re: [Freeipa-users] Please help: Any way to turn off IPA creation of private user group?
David Copperfield wrote:
> Hi Petr and all,
>
> Thanks for your reply.
>
> After the automatic creation of the private user group is turned off,
> does the user creation Web page still show the GID field? and pre-filled
> with the same number(or the next available GID) as the UID number? or
> the filed is completely disappeared? Thanks.
Disabling UPG has no effect on what appears in the UI or CLI.
The assignment is done on the server. If either of the UID or GID number
is not provided one is assigned. In the case of GID if one is not
provided and UPG is enabled then it gets assigned the same value as the
UID, otherwise it gets the GID of the default users group if it is
POSIX. If it is not POSIX the creation request is denied. In 2.2 anyway.
In 2.1.3 it may well allow it and try to create a user with no GID
(which should fail).
rob
>
> --David
>
> ------------------------------------------------------------------------
> *From:* Petr Spacek <pspacek at redhat.com>
> *To:* freeipa-users at redhat.com
> *Sent:* Wednesday, May 9, 2012 4:02 AM
> *Subject:* Re: [Freeipa-users] Please help: Any way to turn off IPA
> creation of private user group?
>
> On 05/08/2012 03:29 PM, Rob Crittenden wrote:
> > David Copperfield wrote:
> >> Hi folks,
> >>
> >> Are there any way to turn off IPA automatic creation of private user
> >> group? We use a common user group like ‘nis-wheel’, and completely
> >> disabled private groups in openldap before migration.
> >
> > If you disable private groups then the primary group of users is
> going to be
> > the default IPA users group. This group will need to be POSIX. If it
> isn't you
> > can promote it with:
> >
> > $ ipa group-mod --posix ipausers
> >
> > To disable private groups run:
> >
> > $ ipa-managed-entries disable -e 'UPG Definition'
> >
> > rob
>
> For record && Google:
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#user-private-groups
>
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120509/ef59195a/attachment.htm>
More information about the Freeipa-users
mailing list