COmanage Users List

[Benn Oshrin <>]

Hi Ben,

I think you're referring to this issue:

 https://bugs.internet2.edu/jira/browse/CO-867

In general, we need to make the UNIX account management capabilities
more robust (CO-866). This hovers towards the top of our priority list
but never manages to get quite high enough to get worked on. Hopefully
that will change in the next few months.

Because the design of that project is not yet set, I don't think we're
quite ready to accept a pull request, but please feel free to add a
comment and reference to the ticket (CO-867) as it might help others in
the meantime.

Thanks,

-Benn-

On 8/8/17 6:18 PM, Benjeman Meekhof wrote:
> Hi,
> 
> I'm trying to use the LDAP provisioner to create posixUsers with
> COmanage 2.0.1.  One of the requirements is that the user has to have
> a gidNumber taken from a Comanage identifier.  This certainly works
> and I am able to provision posixUsers with all the necessary
> attributes.  However, the LDAP provisioner does not create the
> corresponding posixGroup to match the users gidNumber.
> 
> One solution might be to set everyone's primary group to gidNumber of
> some pre-existing shared group.  Most Unix systems don't do this by
> default for various reasons and I probably don't want to either.  As
> implemented you can't do this anyways because Comanage identifiers
> have to be unique.
> So what I ended up doing to avoid getting too much into the ldap
> provisioner code is writing an additional provisioning plugin that
> does nothing but create an LDAP posixGroup based on CoPerson
> gidNumber.  It's pretty simple and has some things hardcoded that may
> not work for everyone.  It creates the group with objectClasses
> posixGroup and groupOfUniqueNames and puts user dn into uniqueMember.
> 
> It's probably not the best long-term solution but if it's of any use I
> could put in a PR:
> https://github.com/MI-OSiRIS/comanage-registry/tree/ldap_user_group/app/AvailablePlugin/LdapUserPosixGroupProvisioner
> 
> thanks,
> Ben
>