mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Groups are now created as POSIX by default.
ticket 241
This commit is contained in:
parent
88bd2a0a45
commit
f906aaf376
@ -20,10 +20,10 @@
|
|||||||
"""
|
"""
|
||||||
Groups of users
|
Groups of users
|
||||||
|
|
||||||
Manage groups of users. By default, new groups are not POSIX groups. You
|
Manage groups of users. By default, new groups are POSIX groups. You
|
||||||
can add the --posix to the group-add command to mark a new group
|
can add the --nonposix to the group-add command to mark a new group
|
||||||
as POSIX, and you can use the same argument to the group-mod command to
|
as non-POSIX, and you can use the same argument to the group-mod command
|
||||||
convert a non-POSIX group to a POSIX group. POSIX groups cannot be
|
to convert a non-POSIX group to a POSIX group. POSIX groups cannot be
|
||||||
converted to non-POSIX groups.
|
converted to non-POSIX groups.
|
||||||
|
|
||||||
Every group must have a description.
|
Every group must have a description.
|
||||||
@ -38,17 +38,17 @@ EXAMPLES:
|
|||||||
Add a new group:
|
Add a new group:
|
||||||
ipa group-add --desc='local administrators' localadmins
|
ipa group-add --desc='local administrators' localadmins
|
||||||
|
|
||||||
Add a new POSIX group:
|
Add a new non-POSIX group:
|
||||||
ipa group-add --posix --desc='remote administrators' remoteadmins
|
ipa group-add --nonposix --desc='remote administrators' remoteadmins
|
||||||
|
|
||||||
Convert a non-POSIX group to posix:
|
Convert a non-POSIX group to posix:
|
||||||
ipa group-mod --posix localadmins
|
ipa group-mod --posix remoteadmins
|
||||||
|
|
||||||
Add a new POSIX group with a specific Group ID number:
|
Add a new POSIX group with a specific Group ID number:
|
||||||
ipa group-add --posix --gid=500 --desc='unix admins' unixadmins
|
ipa group-add --gid=500 --desc='unix admins' unixadmins
|
||||||
|
|
||||||
Add a new POSIX group and let IPA assign a Group ID number:
|
Add a new POSIX group and let IPA assign a Group ID number:
|
||||||
ipa group-add --posix --desc='printer admins' printeradmins
|
ipa group-add --desc='printer admins' printeradmins
|
||||||
|
|
||||||
Remove a group:
|
Remove a group:
|
||||||
ipa group-del unixadmins
|
ipa group-del unixadmins
|
||||||
@ -134,14 +134,15 @@ class group_add(LDAPCreate):
|
|||||||
msg_summary = _('Added group "%(value)s"')
|
msg_summary = _('Added group "%(value)s"')
|
||||||
|
|
||||||
takes_options = LDAPCreate.takes_options + (
|
takes_options = LDAPCreate.takes_options + (
|
||||||
Flag('posix',
|
Flag('nonposix',
|
||||||
cli_name='posix',
|
cli_name='nonposix',
|
||||||
doc=_('Create as posix group?'),
|
doc=_('Create as a non-POSIX group?'),
|
||||||
|
default=False,
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||||
if options['posix'] or 'gidnumber' in options:
|
if not options['nonposix']:
|
||||||
entry_attrs['objectclass'].append('posixgroup')
|
entry_attrs['objectclass'].append('posixgroup')
|
||||||
if not 'gidnumber' in options:
|
if not 'gidnumber' in options:
|
||||||
entry_attrs['gidnumber'] = 999
|
entry_attrs['gidnumber'] = 999
|
||||||
@ -190,7 +191,7 @@ class group_mod(LDAPUpdate):
|
|||||||
takes_options = LDAPUpdate.takes_options + (
|
takes_options = LDAPUpdate.takes_options + (
|
||||||
Flag('posix',
|
Flag('posix',
|
||||||
cli_name='posix',
|
cli_name='posix',
|
||||||
doc=_('change to posix group'),
|
doc=_('change to a POSIX group'),
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -66,9 +66,9 @@ class test_group(Declarative):
|
|||||||
|
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Create %r' % group1,
|
desc='Create non-POSIX %r' % group1,
|
||||||
command=(
|
command=(
|
||||||
'group_add', [group1], dict(description=u'Test desc 1')
|
'group_add', [group1], dict(description=u'Test desc 1',nonposix=True)
|
||||||
),
|
),
|
||||||
expected=dict(
|
expected=dict(
|
||||||
value=group1,
|
value=group1,
|
||||||
@ -94,7 +94,7 @@ class test_group(Declarative):
|
|||||||
|
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Retrieve %r' % group1,
|
desc='Retrieve non-POSIX %r' % group1,
|
||||||
command=('group_show', [group1], {}),
|
command=('group_show', [group1], {}),
|
||||||
expected=dict(
|
expected=dict(
|
||||||
value=group1,
|
value=group1,
|
||||||
@ -109,7 +109,7 @@ class test_group(Declarative):
|
|||||||
|
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Updated %r' % group1,
|
desc='Updated non-POSIX %r' % group1,
|
||||||
command=(
|
command=(
|
||||||
'group_mod', [group1], dict(description=u'New desc 1')
|
'group_mod', [group1], dict(description=u'New desc 1')
|
||||||
),
|
),
|
||||||
@ -143,7 +143,7 @@ class test_group(Declarative):
|
|||||||
# group_mod() test. I think that for all *_mod() commands we should
|
# group_mod() test. I think that for all *_mod() commands we should
|
||||||
# just return the entry exactly as *_show() does.
|
# just return the entry exactly as *_show() does.
|
||||||
dict(
|
dict(
|
||||||
desc='Updated %r to promote it to a posix group' % group1,
|
desc='Updated %r to promote it to a POSIX group' % group1,
|
||||||
command=('group_mod', [group1], dict(posix=True)),
|
command=('group_mod', [group1], dict(posix=True)),
|
||||||
expected=dict(
|
expected=dict(
|
||||||
result=dict(
|
result=dict(
|
||||||
@ -158,7 +158,7 @@ class test_group(Declarative):
|
|||||||
|
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc="Retrieve %r to verify it's a posix group" % group1,
|
desc="Retrieve %r to verify it's a POSIX group" % group1,
|
||||||
command=('group_show', [group1], {}),
|
command=('group_show', [group1], {}),
|
||||||
expected=dict(
|
expected=dict(
|
||||||
value=group1,
|
value=group1,
|
||||||
@ -227,7 +227,8 @@ class test_group(Declarative):
|
|||||||
result=dict(
|
result=dict(
|
||||||
cn=[group2],
|
cn=[group2],
|
||||||
description=[u'Test desc 2'],
|
description=[u'Test desc 2'],
|
||||||
objectclass=objectclasses.group,
|
gidnumber=[fuzzy_digits],
|
||||||
|
objectclass=objectclasses.group + [u'posixgroup'],
|
||||||
ipauniqueid=[fuzzy_uuid],
|
ipauniqueid=[fuzzy_uuid],
|
||||||
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
||||||
),
|
),
|
||||||
@ -253,6 +254,7 @@ class test_group(Declarative):
|
|||||||
result=dict(
|
result=dict(
|
||||||
cn=[group2],
|
cn=[group2],
|
||||||
description=[u'Test desc 2'],
|
description=[u'Test desc 2'],
|
||||||
|
gidnumber=[fuzzy_digits],
|
||||||
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
@ -267,6 +269,7 @@ class test_group(Declarative):
|
|||||||
expected=dict(
|
expected=dict(
|
||||||
result=dict(
|
result=dict(
|
||||||
cn=[group2],
|
cn=[group2],
|
||||||
|
gidnumber=[fuzzy_digits],
|
||||||
description=[u'New desc 2'],
|
description=[u'New desc 2'],
|
||||||
),
|
),
|
||||||
summary=u'Modified group "testgroup2"',
|
summary=u'Modified group "testgroup2"',
|
||||||
@ -283,6 +286,7 @@ class test_group(Declarative):
|
|||||||
result=dict(
|
result=dict(
|
||||||
cn=[group2],
|
cn=[group2],
|
||||||
description=[u'New desc 2'],
|
description=[u'New desc 2'],
|
||||||
|
gidnumber=[fuzzy_digits],
|
||||||
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
dn=u'cn=testgroup2,cn=groups,cn=accounts,' + api.env.basedn,
|
||||||
),
|
),
|
||||||
summary=None,
|
summary=None,
|
||||||
@ -301,6 +305,7 @@ class test_group(Declarative):
|
|||||||
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group2, api.env.basedn),
|
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group2, api.env.basedn),
|
||||||
cn=[group2],
|
cn=[group2],
|
||||||
description=[u'New desc 2'],
|
description=[u'New desc 2'],
|
||||||
|
gidnumber=[fuzzy_digits],
|
||||||
),
|
),
|
||||||
],
|
],
|
||||||
summary=u'1 group matched',
|
summary=u'1 group matched',
|
||||||
@ -345,6 +350,7 @@ class test_group(Declarative):
|
|||||||
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group2, api.env.basedn),
|
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group2, api.env.basedn),
|
||||||
cn=[group2],
|
cn=[group2],
|
||||||
description=[u'New desc 2'],
|
description=[u'New desc 2'],
|
||||||
|
gidnumber=[fuzzy_digits],
|
||||||
),
|
),
|
||||||
],
|
],
|
||||||
),
|
),
|
||||||
|
Loading…
Reference in New Issue
Block a user