COmanage Users List

[Benjeman Meekhof <>]

For posixGroup we did exactly as you mentioned:  Wrote a small
provisioning plugin that provisions a posixGroup into the group based
DN as defined in the ldap provisioner config.  For the CN we use the
coperson UID identifier and gidNumber is populated by identifier
assignment.

Being one of the first comanage plugins I ever wrote it may be a
little rough and doesn't have much in the way of config options.  It
seems to work so far for us and I haven't had to make any alterations
to the plugin since we started using it a couple years ago. Here's the
source:
https://github.com/MI-OSiRIS/comanage-registry/tree/ldap_user_group/app/AvailablePlugin/LdapUserPosixGroupProvisioner

I can't offer any advice about the ldapPublicKey question but I will
note that we use the same object class and haven't seen any issue with
provisioning users that do not have a public key.

thanks,
Ben

On Wed, Oct 23, 2019 at 4:55 PM <> wrote:
>
> Couple questions on ldap provisioner (we are currently using version 3.2.2).
> One deals with the ldapPublicKey object class. On the ldap provisioner
> configuration page, if you have that object class enabled the sshPublicKey
> attribute is required. That alone is odd in that the schema shows 
> sshPublicKey
> as a MAY attribute. Not really a problem though. What is an issue is that if
> the object class is enabled, if a Co Person does not have an ssh key, the
> provisioning fails. When I add an ssh key to the person, it works. We want 
> our
> users to be able to add ssh keys or not depending on their needs. Am I 
> missing
> something or is this a defect?
>
> Question two deals with the posixGroup object class, which is not supported,
> but could it be added via a plugin and have it write to either a new base DN
> or the groups base DN? What this would essentially do is create a new entry
> for each person with a cn of first.last and a gidNumber we would populate 
> from
> an identifier assignment.
>
> Any suggestions are most welcome.