In IPA v2 we are expanding the use of groups to handle relations, HBAC, policies etc ... So far we always equated group of users with posixGroup, but going forward it may make sense to spli the concept of group of users and posix group. The reason being that posix group memberships are limited in some OSs, for example by default Solaris allow only 16 groups per user. We should therefore avoid creating posixGroup when these groups are not related to filesystem access control. I suggest we create groups by default without making them posixGroups. And add a switch in our interfaces to transform a group of users into a posixGroup (this will result in the management program to add the objectclass to the group entry and generate a new GID for it). The switch may be called: "Make this an Operating System Group"
Done, this is the --posix flag when managing groups