mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Groups are now created as POSIX by default.
ticket 241
This commit is contained in:
parent
88bd2a0a45
commit
f906aaf376
@ -20,10 +20,10 @@
|
||||
"""
|
||||
Groups of users
|
||||
|
||||
Manage groups of users. By default, new groups are not POSIX groups. You
|
||||
can add the --posix to the group-add command to mark a new group
|
||||
as POSIX, and you can use the same argument to the group-mod command to
|
||||
convert a non-POSIX group to a POSIX group. POSIX groups cannot be
|
||||
Manage groups of users. By default, new groups are POSIX groups. You
|
||||
can add the --nonposix to the group-add command to mark a new group
|
||||
as non-POSIX, and you can use the same argument to the group-mod command
|
||||
to convert a non-POSIX group to a POSIX group. POSIX groups cannot be
|
||||
converted to non-POSIX groups.
|
||||
|
||||
Every group must have a description.
|
||||
@ -38,17 +38,17 @@ EXAMPLES:
|
||||
Add a new group:
|
||||
ipa group-add --desc='local administrators' localadmins
|
||||
|
||||
Add a new POSIX group:
|
||||
ipa group-add --posix --desc='remote administrators' remoteadmins
|
||||
Add a new non-POSIX group:
|
||||
ipa group-add --nonposix --desc='remote administrators' remoteadmins
|
||||
|
||||
Convert a non-POSIX group to posix:
|
||||
ipa group-mod --posix localadmins
|
||||
ipa group-mod --posix remoteadmins
|
||||
|
||||
Add a new POSIX group with a specific Group ID number:
|
||||
ipa group-add --posix --gid=500 --desc='unix admins' unixadmins
|
||||
ipa group-add --gid=500 --desc='unix admins' unixadmins
|
||||
|
||||
Add a new POSIX group and let IPA assign a Group ID number:
|
||||
ipa group-add --posix --desc='printer admins' printeradmins
|
||||
ipa group-add --desc='printer admins' printeradmins
|
||||
|
||||
Remove a group:
|
||||
ipa group-del unixadmins
|
||||
@ -134,14 +134,15 @@ class group_add(LDAPCreate):
|
||||
msg_summary = _('Added group "%(value)s"')
|
||||
|
||||
takes_options = LDAPCreate.takes_options + (
|
||||
Flag('posix',
|
||||
cli_name='posix',
|
||||
doc=_('Create as posix group?'),
|
||||
Flag('nonposix',
|
||||
cli_name='nonposix',
|
||||
doc=_('Create as a non-POSIX group?'),
|
||||
default=False,
|
||||
),
|
||||
)
|
||||
|
||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||
if options['posix'] or 'gidnumber' in options:
|
||||
if not options['nonposix']:
|
||||
entry_attrs['objectclass'].append('posixgroup')
|
||||
if not 'gidnumber' in options:
|
||||
entry_attrs['gidnumber'] = 999
|
||||
@ -190,7 +191,7 @@ class group_mod(LDAPUpdate):
|
||||
takes_options = LDAPUpdate.takes_options + (
|
||||
Flag('posix',
|
||||
cli_name='posix',
|
||||
doc=_('change to posix group'),
|
||||
doc=_('change to a POSIX group'),
|
||||
),
|
||||
)
|
||||
|
||||
|
@ -66,9 +66,9 @@ class test_group(Declarative):
|
||||
|
||||
|
||||
dict(
|
||||
desc='Create %r' % group1,
|
||||
desc='Create non-POSIX %r' % group1,
|
||||
command=(
|
||||
'group_add', [group1], dict(description=u'Test desc 1')
|
||||
'group_add', [group1], dict(description=u'Test desc 1',nonposix=True)
|
||||
),
|
||||
expected=dict(
|
||||
value=group1,
|
||||
@ -94,7 +94,7 @@ class test_group(Declarative):
|
||||
|
||||
|
||||
dict(
|
||||
desc='Retrieve %r' % group1,
|
||||
desc='Retrieve non-POSIX %r' % group1,
|
||||
command=('group_show', [group1], {}),
|
||||
expected=dict(
|
||||
value=group1,
|
||||
@ -109,7 +109,7 @@ class test_group(Declarative):
|
||||
|
||||
|
||||
dict(
|
||||
desc='Updated %r' % group1,
|
||||
desc='Updated non-POSIX %r' % group1,
|
||||
command=(
|
||||
'group_mod', [group1], dict(description=u'New desc 1')
|
||||
),
|
||||
@ -143,7 +143,7 @@ class test_group(Declarative):
|
||||
# group_mod() test. I think that for all *_mod() commands we should
|
||||
# just return the entry exactly as *_show() does.
|
||||
dict(
|
||||
desc='Updated %r to promote it to a posix group' % group1,
|
||||
desc='Updated %r to promote it to a POSIX group' % group1,
|
||||
command=('group_mod', [group1], dict(posix=True)),
|
||||
expected=dict(
|
||||
result=dict(
|
||||
@ -158,7 +158,7 @@ class test_group(Declarative):
|
||||
|
||||
|
||||
dict(
|
||||
desc="Retrieve %r to verify it's a posix group" % group1,
|
||||
desc="Retrieve %r to verify it's a POSIX group" % group1,
|
||||
command=('group_show', [group1], {}),
|
||||
expected=dict(
|
||||
value=group1,
|
||||
@ -227,7 +227,8 @@ class test_group(Declarative):
|
||||
result=dict(
|
||||
cn=[group2],
|
||||
description=[u'Test desc 2'],
|
||||
objectclass=objectclasses.group,
|
||||
gidnumber=[fuzzy_digits],
|
||||
objectclass=objectclasses.group + [u'posixgroup'],
|
||||
ipauniqueid=[fuzzy_uuid],
|
||||
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
||||
),
|
||||
@ -253,6 +254,7 @@ class test_group(Declarative):
|
||||
result=dict(
|
||||
cn=[group2],
|
||||
description=[u'Test desc 2'],
|
||||
gidnumber=[fuzzy_digits],
|
||||
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
||||
),
|
||||
),
|
||||
@ -267,6 +269,7 @@ class test_group(Declarative):
|
||||
expected=dict(
|
||||
result=dict(
|
||||
cn=[group2],
|
||||
gidnumber=[fuzzy_digits],
|
||||
description=[u'New desc 2'],
|
||||
),
|
||||
summary=u'Modified group "testgroup2"',
|
||||
@ -283,6 +286,7 @@ class test_group(Declarative):
|
||||
result=dict(
|
||||
cn=[group2],
|
||||
description=[u'New desc 2'],
|
||||
gidnumber=[fuzzy_digits],
|
||||
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
||||
),
|
||||
summary=None,
|
||||
@ -301,6 +305,7 @@ class test_group(Declarative):
|
||||
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group2, api.env.basedn),
|
||||
cn=[group2],
|
||||
description=[u'New desc 2'],
|
||||
gidnumber=[fuzzy_digits],
|
||||
),
|
||||
],
|
||||
summary=u'1 group matched',
|
||||
@ -345,6 +350,7 @@ class test_group(Declarative):
|
||||
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group2, api.env.basedn),
|
||||
cn=[group2],
|
||||
description=[u'New desc 2'],
|
||||
gidnumber=[fuzzy_digits],
|
||||
),
|
||||
],
|
||||
),
|
||||
|
Loading…
Reference in New Issue
Block a user