2 files changed, 19 insertions, 5 deletions

diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
index 5b4f511..aac9fc0 100644
--- a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
+++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
@@ -3,11 +3,17 @@ description: >
     group name. The users in the group will inherit the privilege mapping of
     the group. The Create method on success creates the object which implements
     xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
-    LDAP, the object path will be /xyz/openbmc_project/user/ldap/<GroupName>.
-    If the privilege mapping already exists then it throws the exception
+    LDAP, the object path will be
+    /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be
+    a unique number generated by the application. If the privilege mapping
+    already exists then it throws the exception
     xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
     privilege for a mapping which already exists, the Privilege property in the
     xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set.
+    Any application consuming the privilege mapping should not cache the object
+    path and use the GetManagedObjects method on the
+    org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object
+    path associated with the group name.
 
 methods:
     - name: Create
@@ -18,8 +24,7 @@ methods:
           type: string
           description: >
               Group Name to which the privilege is to be assigned. In the case
-              of LDAP, the GroupName will be the LDAP group the user is part
-              of.
+              of LDAP, the GroupName will be the LDAP group the user is part of.
         - name: Privilege
           type: string
           description: >
@@ -31,7 +36,7 @@ methods:
               https://github.com/openbmc/docs/blob/master/user_management.md
       returns:
         - name: Path
-          type: string
+          type: path
           description: >
             The path for the created privilege mapping object.
 
diff --git a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml
index a90989d..cea3ca2 100644
--- a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml
+++ b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml
@@ -2,6 +2,15 @@ description: >
     Implement to provide privilege for the group.
 
 properties:
+    - name: GroupName
+      type: string
+      description: >
+          Group Name to which the privilege is to be assigned. In the case of
+          LDAP, the GroupName will be the LDAP group the user is part of.
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+        - xyz.openbmc_project.Common.Error.InvalidArgument
+        - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
     - name: Privilege
       type: string
       description: >