Skip to Content.
Sympa Menu

comanage-users - [comanage-users] LDAP posixUser provisioner - no posixGroup

Subject: COmanage Users List

List archive

[comanage-users] LDAP posixUser provisioner - no posixGroup


Chronological Thread 
  • From: Benjeman Meekhof <>
  • To:
  • Subject: [comanage-users] LDAP posixUser provisioner - no posixGroup
  • Date: Tue, 8 Aug 2017 18:18:09 -0400
  • Ironport-phdr: 9a23:Gu75MROqwSqs4VwwSbgl6mtUPXoX/o7sNwtQ0KIMzox0Ivz/rarrMEGX3/hxlliBBdydsKMUzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFLiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkHOTA383zZhNJsg69AvBKtuwZyz5LIbI2JNvdzeL7Wc9MARWpGW8ZcTzFMDZ26b4sNEeUBOPxXr4/grFUJsxSxGwqsBOPoyj9Gm3T72rY10+E/Hg7Y3wwgH9UOsHrPodXoMacSUPy6zKnSwTrdcvxWxC7w5Y7VeR4vpvGMWKh/ccvXyUQ3GAPFj0mQqYz4PzyOzOgCr2+b7+9mWOmyiGAnsxl8riauy8swiITEg4wVx1Pf+illxYs4KsG0RFJ1bNOhDJRcqyCXOo5zT888TWxltyA3waAct5GhZigF0pEnygbfa/OZd4iI5QruVOOLLjd5gHJpYbW/hxeu/US5xezwSMe53VlQoipKldnMsX8N1xjN5cSdVvR9+UKh1S6O1wDV9O5EPVg5mbTaJpI9wLM9k5QTvEfYESPqnUj7g7Oaelkq9+Wt9+vrfrTrq5qZOoNqhAzzPbwimsmlDuQ5NggOUXKb+eO51LD75kL5RatFgeM1kqnZt5DaK98WprO8Aw9Uzokj6wyzACm739QFhXUHNk5KeAqbj4j1PFHDOOz3DfC6g1u2ljdk3f/GMaP4DpXQNXjMjq3hfa1m5k5YyQoz1sxf54lKBr0bIfLzXFPxu8LCDh8/LQO03/jrBM9j2YwDRGLcSpOeZajVtFaO7+0iZvSXaZUOkDf7N/U/4fPy1zk0lUJOU7Ou2M49ZXa6E/FvJQ28bHfvgtAPWTMAuwczT+zthnWfVD9YZzC/U79qtWJzM56vEYqWHtPlu7eGxiruRpA=
Hi,

I'm trying to use the LDAP provisioner to create posixUsers with
COmanage 2.0.1. One of the requirements is that the user has to have
a gidNumber taken from a Comanage identifier. This certainly works
and I am able to provision posixUsers with all the necessary
attributes. However, the LDAP provisioner does not create the
corresponding posixGroup to match the users gidNumber.

One solution might be to set everyone's primary group to gidNumber of
some pre-existing shared group. Most Unix systems don't do this by
default for various reasons and I probably don't want to either. As
implemented you can't do this anyways because Comanage identifiers
have to be unique.
So what I ended up doing to avoid getting too much into the ldap
provisioner code is writing an additional provisioning plugin that
does nothing but create an LDAP posixGroup based on CoPerson
gidNumber. It's pretty simple and has some things hardcoded that may
not work for everyone. It creates the group with objectClasses
posixGroup and groupOfUniqueNames and puts user dn into uniqueMember.

It's probably not the best long-term solution but if it's of any use I
could put in a PR:
https://github.com/MI-OSiRIS/comanage-registry/tree/ldap_user_group/app/AvailablePlugin/LdapUserPosixGroupProvisioner

thanks,
Ben

Archive powered by MHonArc 2.6.19.

Top of Page