freeipa/install/updates/20-user_private_groups.update

# This is a copy of the definition from user_private_groups.ldif
# This is required for replication. The template entry will get
# replicated but the plugin configuration will not.

dn: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
default:objectclass: mepTemplateEntry
default:cn: UPG Template
default:mepRDNAttr: cn
default:mepStaticAttr: objectclass: posixgroup
default:mepStaticAttr: objectclass: ipaobject
default:mepStaticAttr: ipaUniqueId: autogenerate
default:mepMappedAttr: cn: $$uid
default:mepMappedAttr: gidNumber: $$uidNumber
default:mepMappedAttr: description: User private group for $$uid


dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
default:objectclass: extensibleObject
replace:originFilter:objectclass=posixAccount::(&(objectclass=posixAccount)(!(description=__no_upg__)))
default:cn: UPG Definition
default:originScope: cn=users,cn=accounts,$SUFFIX
default:originFilter: objectclass=posixAccount
default:managedBase: cn=groups,cn=accounts,$SUFFIX
default:managedTemplate: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX