diff --git a/.gitignore b/.gitignore
index e9d07d7..64c89c9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 /freeipa-2.0.0GIT442d6ad.tar.gz
 /freeipa-2.0.0.pre2.tar.gz
 /freeipa-2.0.0.rc1.tar.gz
+/freeipa-2.0.0.rc2.tar.gz
diff --git a/freeipa-2.0.0.rc2.tar.gz b/freeipa-2.0.0.rc2.tar.gz
new file mode 100644
index 0000000..82cf966
Binary files /dev/null and b/freeipa-2.0.0.rc2.tar.gz differ
diff --git a/freeipa-rcrit-743-dsgroup.patch b/freeipa-rcrit-743-dsgroup.patch
new file mode 100644
index 0000000..ea83942
--- /dev/null
+++ b/freeipa-rcrit-743-dsgroup.patch
@@ -0,0 +1,60 @@
+From 8b8c7367ce965aeaa3f3051cb1da16ad9ee7310f Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcritten@redhat.com>
+Date: Thu, 24 Feb 2011 14:45:46 -0500
+Subject: [PATCH] Set SuiteSpotGroup when setting up our 389-ds instances.
+
+The group is now required because 389-ds has tightened the permissions
+on /var/run/dirsrv. We use the same group for both our LDAP instances
+and /var/run/dirsrv ends up as root:dirsrv mode 0770.
+
+ticket 1010
+---
+ ipaserver/install/cainstance.py |    4 +++-
+ ipaserver/install/dsinstance.py |    2 ++
+ 2 files changed, 5 insertions(+), 1 deletions(-)
+
+diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
+index 7cdd28d..74d78dc 100644
+--- a/ipaserver/install/cainstance.py
++++ b/ipaserver/install/cainstance.py
+@@ -72,6 +72,7 @@ INF_TEMPLATE = """
+ [General]
+ FullMachineName=   $FQHN
+ SuiteSpotUserID=   $USER
++SuiteSpotGroup=    $GROUP
+ ServerRoot=    $SERVER_ROOT
+ [slapd]
+ ServerPort=   $DSPORT
+@@ -255,7 +256,8 @@ class CADSInstance(service.Service):
+                              PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(),
+                              REALM=self.realm_name, USER=PKI_DS_USER,
+                              SERVER_ROOT=server_root, DOMAIN=self.domain,
+-                             TIME=int(time.time()), DSPORT=self.ds_port)
++                             TIME=int(time.time()), DSPORT=self.ds_port,
++                             GROUP=dsinstance.DS_GROUP)
+ 
+     def __create_ds_user(self):
+         user_exists = True
+diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
+index bf631a6..2bb083f 100644
+--- a/ipaserver/install/dsinstance.py
++++ b/ipaserver/install/dsinstance.py
+@@ -149,6 +149,7 @@ INF_TEMPLATE = """
+ [General]
+ FullMachineName=   $FQHN
+ SuiteSpotUserID=   $USER
++SuiteSpotGroup=    $GROUP
+ ServerRoot=    $SERVER_ROOT
+ [slapd]
+ ServerPort=   389
+@@ -319,6 +320,7 @@ class DsInstance(service.Service):
+                              TIME=int(time.time()), IDSTART=self.idstart,
+                              IDMAX=self.idmax, HOST=self.fqdn,
+                              ESCAPED_SUFFIX= escape_dn_chars(self.suffix.lower()),
++                             GROUP=DS_GROUP,
+                          )
+ 
+     def __create_ds_user(self):
+-- 
+1.7.3.4
+
diff --git a/sources b/sources
index 4b2d4e1..2527491 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b2854edd0ecccc1d0ee784273681e7f4  freeipa-2.0.0.rc1.tar.gz
+eb9427212d5de4fa957343491e770ce5  freeipa-2.0.0.rc2.tar.gz