On 04/15/2010 05:02 PM, Nathan Kinder wrote: > That's why you need to set a magic value in the DNA config and use them > in the Console. For example, you could configure the value "1" to be a > magic value for your uidNumber and gidNumber DNA ranges. If you then > add a user in Console with the value of "1" for the uidNumber and > gidNumber fields, DNA will generate new values from the ranges and > overwrite the values of "1" you specified with the generated values. >> In other words, via the console, there is no way to have DNA generate >> the uidNumber and gidNumber values when creating a new user. >> > There is a way if you use magic values. So there is ! Unfortunately, i have encountered further issues related to the DNA plugin, and in particular to console interactions with said. Following this reference document : http://directory.fedoraproject.org/wiki/DNA_Plugin The document states : dnaMagicRegen - [...] It also is not required to be a numeric value, so you can use anything you want. [...] This may certainly be true ; however, since the console demands a numeric value for the uidNumber and gidNumber fields, using a non-numeric value as a magic number identifier will make it impossible to create users via the console. Furthermore, once the user has been created (assuming numeric values were used), if you open the user entry in the console directly after creating it, the magic number will be listed instead of the actual uid and gid values. Completely re-starting the console ? fixes ? this (does the console use a cache ?). It's a minor irritation, but it could cause mistakes to be made. Moving on, the example configuration for activating basic DNA functionality states : [...] the uidNumber and gidNumber (primary group) attributes to be assigned by DNA, but you also want them to be the same value. In addition, you want DNA to assign the gidNumber attribute from the same range [...] Sounds perfect ; however, while the expected behaviour is a (magically) generated value for both the uid and gid, the actual result is that only the uid is magically assigned. Consider the following : # cat dna_conf dn: cn=UID and GID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: top objectClass: extensibleObject cn: UID and GID numbers dnatype: uidNumber dnaType: gidNumber dnamagicregen: 99999 dnafilter: (|(objectclass=posixAccount)(objectclass=posixGroup)) dnascope: dc=example,dc=com dnanextvalue: 1000 # /usr/lib64/mozldap/ldapmodify -v -a -D "cn=Directory Manager" -w managerpass -h localhost -f dna_conf ... adding new entry cn=UID and GID numbers,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config modify complete # cat add_user dn: uid=testuser,ou=People, dc=example,dc=com changetype: add givenName: test sn: user uidNumber: 99999 gidNumber: 99999 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: testuser cn: test user homeDirectory: /home/testuser userPassword: {clear}testpass loginShell: /bin/bash # /usr/lib64/mozldap/ldapmodify -v -a -D "cn=Directory Manager" -w managerpass -h localhost -f add_user ... adding new entry uid=testuser,ou=People, dc=example,dc=com modify complete # /usr/lib64/mozldap/ldapsearch -h localhost -b 'dc=france-ix,dc=net' 'uid=testuser' | egrep "(gidNumber|uidNumber)" gidNumber: 99999 uidNumber: 1000 This behaviour occurs (unsurprisingly) for users added via the console as well. Reference : CentOS 5.4 x86_64 389-ds via EPEL (vendorVersion: 389-Directory/1.2.5 B2010.012.2034) -- Daniel Maher <dma + 389users AT witbe DOT net>