Replies: 2 comments
-
Ah, for the record, I don't need the MEP functionality for my purposes. Per RedHat, when using SSSD for auth, there is a config setting |
Beta Was this translation helpful? Give feedback.
-
Hi @fostermi , managed entry plugin create a "managed entry" only if the origin entry fulfill requirement (scope, filter,..). This is why it is triggered only on ADD/MODRDN. On MOD it is triggered at the condition the targeted entry is already an 'origin entry' (mepManagedEntry). |
Beta Was this translation helpful? Give feedback.
-
I'm setting up the MEP plugin to create User Private Groups for posixAccounts as described here: https://www.port389.org/docs/389ds/design/managed-entry-design.html. I have existing users that I'd like to configure as posixAccounts and have their UPG created.
It works fine when creating new accounts, but supposedly its supposed to work with
modify
operations as well. However, modifying an entry to create their posix attributes (account, loginShell, uidNumber, etc) don't trigger the plugin. Furthermore, I've found that the only attribute that will trigger the plugin and create the user private groups is by changing the RDN (in my caseuid
) of the user, which isn't ideal. I can change theuid
, which triggers the plugin creating the posixGroup, and change it back to the originaluid
, but that's not a great solution as if there is a directory sync in between those two events, then any application configured to useuid
as itsusername
then will probably do something not nice like create a duplicate account.Is changing the
RDN
the only way to trigger the plugin and not any random attribute?Beta Was this translation helpful? Give feedback.
All reactions