Great, thanks! On Aug 4, 2017 11:58 PM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:
> On pe, 04 elo 2017, Kristian Petersen via FreeIPA-users wrote: > >> Alexander, >> >> That was it! I had seen this before at a previous place of employment, >> but >> couldn't recall enough of what we'd done there to fix it. You're a >> lifesaver, really. Thank you very much to *everyone* who chimed in to lend >> a hand. >> >> PS: We're still running FreeIPA 4.4.0 and were affected by this change >> that >> occurred in where the plugins files get stored. That may be something to >> pass on to others. >> > You are right, a split in plugins for server and client side happened > during 4.4 release: > $ git tag --contains 6e44557b601f769d23ee74555a72e8b5cc62c0c9 > alpha_1-4-4-0 > release-4-4-0 > release-4-4-1 > release-4-4-2 > release-4-4-3 > release-4-4-4 > release-4-5-0 > release-4-5-1 > release-4-5-2 > release-4-5-3 > > $ git show -s 6e44557b601f769d23ee74555a72e8b5cc62c0c9 > commit 6e44557b601f769d23ee74555a72e8b5cc62c0c9 > Author: Jan Cholasta <jchol...@redhat.com> > Date: Thu Apr 28 10:30:05 2016 +0200 > > ipalib: move server-side plugins to ipaserver > Move the remaining plugin code from ipalib.plugins to > ipaserver.plugins. > Remove the now unused ipalib.plugins package. > https://fedorahosted.org/freeipa/ticket/4739 > Reviewed-By: David Kupka <dku...@redhat.com> > > > It is more complex than that, you can see > https://pagure.io/freeipa/issue/4739 for a history of commits that went > in to implement the split. > > I think I need to rewrite my plugin guide but one can use > https://github.com/abbra/freeipa-desktop-profile/ now as an example how > both client and server side plugins should look like these days. It also > shows how to integrate well new LDAP schema definitions with FreeIPA > server upgrade code. > > >> On Fri, Aug 4, 2017 at 9:41 AM, Alexander Bokovoy <aboko...@redhat.com> >> wrote: >> >> On pe, 04 elo 2017, Kristian Petersen wrote: >>> >>> If it helps, the python file where we customized things is included >>>> below: >>>> >>>> # Place in /usr/lib/python2.7/site-packages/ipalib/plugins/ >>>> >>>> Ok, this is location for pre-4.5 plugins. With FreeIPA 4.5 we split them >>> into ipaserver/plugins and ipaclient/plugins, to allow clear separation >>> between server and client side plugins and to make thin client operation >>> possible. >>> >>> Move your plugin Python code to ipaserver/plugins/ subdirectory instead >>> of ipalib/plugins. Also replace 'from ipalib.plugins' by 'from >>> ipaserver.plugins ..'. >>> >>> >>> >>> >>> import re >>>> >>>> from ipalib import api >>>> from ipalib.plugins import user, stageuser, group >>>> from ipalib.parameters import Str >>>> from ipalib import _ >>>> >>>> >>>> FILESERVER = "fileserver.chem.byu.edu" >>>> GIDS = [ >>>> ("csr", '1000'), >>>> ("staff", '3000'), >>>> ("faculty", '4000'), >>>> ("adjunct", '4010'), >>>> ("visiting", '4020'), >>>> ("emeritus", '4100'), >>>> ("graduate", '5000'), >>>> ("researcher", '6000'), >>>> ("ugrad", '8000'), >>>> ] >>>> GROUP_TO_GID = {x: y for x, y in GIDS} >>>> GID_TO_GROUP = {y: x for x, y in GIDS} >>>> # Locations of home directories for different groups. >>>> HOME_DIR_LOCATION = { >>>> '1000': "/home/csr", # csr >>>> '3000': "/home/staff", # staff >>>> '4000': "/home/faculty", # faculty >>>> '4010': "/home/faculty", # adjunct >>>> '4020': "/home/postdoc", # visiting >>>> '4100': "/home/faculty", # emeritus >>>> '5000': "/home/research", # graduate >>>> '6000': "/home/research", # researcher >>>> '8000': "/home/students", # ugrad >>>> } >>>> >>>> >>>> ############################ >>>> # Expose attributes to CLI # >>>> ############################ >>>> def __check_netid(ugettext, netid): >>>> ''' >>>> Checks if netid is already assigned to an existing account. >>>> ''' >>>> >>>> # Search for users with given NetID >>>> result = api.Command.user_find(netid=netid) >>>> >>>> # Throw error if NetID is already assigned to a user account >>>> if result['count'] > 0: >>>> uid = result['result'][0]['uid'][0] >>>> return _("NetID is already assigned to user \"{}\".".format(uid)) >>>> >>>> >>>> def __validate_student_id(ugettext, studentid): >>>> ''' >>>> Checks if studentid string is all numbers and nine digits long. >>>> Also checks if studentid is already assigned to an existing account. >>>> ''' >>>> >>>> if not (studentid.isdigit() and len(studentid) == 9): >>>> return _("Student ID must be 9 digits") >>>> >>>> # Check if ID number is already assigned to another account >>>> result = api.Command.user_find(studentid=studentid) >>>> if result['count'] > 0: >>>> uid = result['result'][0]['uid'][0] >>>> return _("Student ID is alread assigned to user >>>> \"{}\".".format(uid)) >>>> >>>> >>>> chem_params = ( >>>> Str('netid', __check_netid, >>>> cli_name='netid', >>>> label=_('BYU Net ID'), >>>> ), >>>> Str('studentid', __validate_student_id, >>>> cli_name='studentid', >>>> label=_('BYU Student ID Number'), >>>> ), >>>> ) >>>> >>>> user.user.takes_params = user.user.takes_params + chem_params >>>> user.user.default_attributes.append('netid') >>>> user.user.default_attributes.append('studentid') >>>> >>>> stageuser.stageuser.takes_params = stageuser.stageuser.takes_params + \ >>>> chem_params >>>> stageuser.stageuser.default_attributes.append('netid') >>>> stageuser.stageuser.default_attributes.append('studentid') >>>> >>>> >>>> ##################### >>>> # Add pre-callbacks # >>>> ##################### >>>> def __get_homedir(uid, homedir_base): >>>> ''' >>>> Determines the location of a user's home directory. >>>> ''' >>>> >>>> if 'students' in homedir_base: >>>> return "{}/{}/{}".format(homedir_base, uid[0], uid) >>>> else: >>>> return "{}/{}".format(homedir_base, uid) >>>> >>>> >>>> def __get_uid_from_dn(dn): >>>> ''' >>>> Returns uid from dn. >>>> ''' >>>> if 'uid' not in str(dn): >>>> return _("\'uid\' not in given dn: \'{}\'".format(str(dn))) >>>> >>>> uid = str(dn).split(',')[0] # gets 'uid=<username>' >>>> uid = re.sub('^uid=', '', uid) # gets '<username>' >>>> return uid >>>> >>>> >>>> ####################### >>>> # Stageuser Callbacks # >>>> ####################### >>>> def stageuseradd_precallback(self, ldap, dn, entry, attrs_list, >>>> *keys, **options): >>>> if 'homedirectory' in entry: >>>> entry['homedirectory'] = __get_homedir(entry['uid'], >>>> entry['homedirectory']) >>>> return dn >>>> >>>> >>>> def stageusermod_precallback(self, ldap, dn, entry, attrs_list, >>>> *keys, **options): >>>> if 'homedirectory' in entry: >>>> entry['homedirectory'] = __get_homedir(__get_uid_from_dn(dn), >>>> entry['homedirectory']) >>>> return dn >>>> >>>> stageuser.stageuser_add.register_pre_callback(stageuseradd_precallback) >>>> stageuser.stageuser_mod.register_pre_callback(stageusermod_precallback) >>>> >>>> >>>> ################## >>>> # User Callbacks # >>>> ################## >>>> def useradd_precallback(self, ldap, dn, entry, attrs_list, >>>> *keys, **options): >>>> if 'homedirectory' in entry: >>>> entry['homedirectory'] = __get_homedir(entry['uid'], >>>> entry['homedirectory']) >>>> return dn >>>> >>>> >>>> def useradd_postcallback(self, ldap, dn, entry, attrs_list, >>>> *keys, **options): >>>> # TODO: add user to one of the default groups (ugrad, grad, etc.) >>>> # NOTE: Since the groups Graduate and Faculty share home >>>> directories >>>> # with other groups, there's no way to determine group based >>>> on >>>> # home directory. >>>> return dn >>>> >>>> >>>> def usermod_precallback(self, ldap, dn, entry, attrs_list, >>>> *keys, **options): >>>> if 'homedirectory' in entry: >>>> entry['homedirectory'] = __get_homedir(__get_uid_from_dn(dn), >>>> entry['homedirectory']) >>>> return dn >>>> >>>> user.user_add.register_pre_callback(useradd_precallback) >>>> user.user_mod.register_pre_callback(usermod_precallback) >>>> >>>> >>>> ################### >>>> # Group Callbacks # >>>> ################### >>>> def groupadd_postcallback(self, ldap, dn, entry, attrs_list, >>>> *keys, **options): >>>> # TODO: Create management role >>>> return dn >>>> >>>> >>>> def groupdel_precallback(self, ldap, dn, entry, attrs_list, >>>> *keys, **options): >>>> # TODO: Remove managment role >>>> return dn >>>> >>>> group.group_add.register_post_callback(groupadd_postcallback) >>>> group.group_del.register_pre_callback(groupdel_precallback) >>>> >>>> >>>> On Fri, Aug 4, 2017 at 8:57 AM, Pavel Vomacka <pvoma...@redhat.com> >>>> wrote: >>>> >>>> Hello, >>>> >>>>> >>>>> On 08/03/2017 10:12 PM, Kristian Petersen via FreeIPA-users wrote: >>>>> >>>>> The customizations that define the additions to the schema appear to be >>>>> in >>>>> the javascript file /usr/share/ipa/ui/js/plugins/chemuser/chemuser.js. >>>>> It defines the additional fields we use that are causing us so much >>>>> trouble. I have included it below. >>>>> >>>>> // Place in /usr/share/ipa/ui/js/plugins/chemuser/ >>>>> define([ >>>>> 'freeipa/phases', >>>>> 'freeipa/user'], >>>>> function(phases, user_mod) { >>>>> >>>>> // helper function >>>>> function get_item(array, attr, value) { >>>>> for (var i=0,l=array.length; i<l; i++) { >>>>> if (array[i][attr] === value) return array[i]; >>>>> } >>>>> return null; >>>>> } >>>>> >>>>> var chem_user_plugin = {}; >>>>> chem_user_plugin.add_chemistry_fields_pre_op = function() { >>>>> >>>>> // Adds extra fields into user details facet. >>>>> var facet = get_item(user_mod.entity_spec.facets, '$type', >>>>> 'details'); >>>>> var section = get_item(facet.sections, 'name', 'identity'); >>>>> section.fields.push({ >>>>> name: 'netid', >>>>> label: 'BYU Net ID', >>>>> required: 0, >>>>> }, { >>>>> name: 'studentid', >>>>> label: 'BYU Student ID Number', >>>>> required: 0, >>>>> } >>>>> ); >>>>> >>>>> // Adds extra fields to add user form. >>>>> var add_user_fields = user_mod.entity_spec.adder_dia >>>>> log.sections[0].fields; >>>>> >>>>> add_user_fields.splice(3, 1) // Remove 'Class' field >>>>> add_user_fields.splice(3, 0, { >>>>> name: 'netid', >>>>> required: 0, >>>>> }, { >>>>> name: 'studentid', >>>>> required: 0, >>>>> }, { >>>>> name: 'mail', >>>>> required: 1, >>>>> }, { >>>>> $type: "combobox", >>>>> name: "homedirectory", >>>>> required: 1, >>>>> editable: 0, >>>>> options: [{ >>>>> label: "CSR", >>>>> value: "/home/csr" >>>>> }, { >>>>> label: "Staff", >>>>> value: "/home/staff" >>>>> }, { >>>>> label: "Faculty", >>>>> value: "/home/faculty" >>>>> }, { >>>>> label: "Visiting/Postdoc", >>>>> value: "/home/postdoc" >>>>> }, { >>>>> label: "Graduate", >>>>> value: "/home/research", >>>>> }, { >>>>> label: "Researcher", >>>>> value: "/home/research" >>>>> }, { >>>>> label: "Undergrad", >>>>> value: "/home/students" >>>>> } >>>>> ] >>>>> } >>>>> ); >>>>> return true; >>>>> }; >>>>> >>>>> phases.on('customization', chem_user_plugin.add_chemistry >>>>> _fields_pre_op); >>>>> return chem_user_plugin; >>>>> }); >>>>> >>>>> This worked just fine prior to the update that Randy spoke of, but for >>>>> whatever reason it's not working now. When adding a user through the >>>>> web >>>>> UI, the fields that are for the netid and studentid have no labels on >>>>> them >>>>> and if you try and add the person with data in them it gives an error: >>>>> "IPA >>>>> Error 3005: Option Error. Unknown option: studentid" or the same for >>>>> the >>>>> netid. >>>>> >>>>> The file appears to be in the right place in the filesystem. Any >>>>> ideas? >>>>> >>>>> From what I can see here, I would say that your Python changes stopped >>>>> working. The reason why you don't see any labels of your custom fields >>>>> is >>>>> that they are not in metadata, which are send to WebUI. Therefore WebUI >>>>> cannot show them. And then when you send a request to the server with >>>>> those >>>>> custom options, the server does not understand those options (therefore >>>>> the >>>>> error message). >>>>> >>>>> I don't know how you changed Python code. In case you do it directly in >>>>> code then the upgrade probably overrode your changes (as Rob mentioned >>>>> before). Or maybe your changes are not properly loaded or run. >>>>> >>>>> You can try to call API by running: >>>>> $ ipa console >>>>> on your server. Then write something like: >>>>> >>>> api.Command.user_add(u'tuser', givenname=u'test', sn=u'user') >>>>> just add your new options and you will most likely get the same error. >>>>> (This is just the way how to test API calls which are used by WebUI >>>>> somewhere else than in WebUI, then you can say whether the bug is in >>>>> WebUI >>>>> or not). >>>>> >>>>> From my point of view, WebUI plugin looks correct and it works, because >>>>> you can see some changes in WebUI. >>>>> >>>>> >>>>> On Thu, Aug 3, 2017 at 1:27 PM, Alexander Bokovoy <aboko...@redhat.com >>>>> > >>>>> wrote: >>>>> >>>>> On to, 03 elo 2017, Kristian Petersen via FreeIPA-users wrote: >>>>> >>>>>> >>>>>> The customizations are in separate files and are still there, but seem >>>>>> >>>>>>> to >>>>>>> be getting ignored for lack of a better description. >>>>>>> >>>>>>> You'd need to describe more and in more detail. Look at >>>>>>> >>>>>> https://github.com/abbra/freeipa-desktop-profile/ as an example of an >>>>>> external plugin that works and integrates with existing FreeIPA >>>>>> upgrade >>>>>> code properly. >>>>>> >>>>>> You can look at that one to see what's different on your side. >>>>>> >>>>>> -- >>>>>> / Alexander Bokovoy >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> Kristian Petersen >>>>> System Administrator >>>>> Dept. of Chemistry and Biochemistry >>>>> >>>>> >>>>> _______________________________________________ >>>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>>>> To unsubscribe send an email to freeipa-users-le...@lists.fedo >>>>> rahosted.org >>>>> >>>>> >>>>> -- >>>>> Pavel^3 Vomacka >>>>> >>>>> >>>>> >>>>> >>>> -- >>>> Kristian Petersen >>>> System Administrator >>>> Dept. of Chemistry and Biochemistry >>>> >>>> >>> -- >>> / Alexander Bokovoy >>> >>> >> >> >> -- >> Kristian Petersen >> System Administrator >> Dept. of Chemistry and Biochemistry >> > > _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedo >> rahosted.org >> > > > -- > / Alexander Bokovoy >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org