Ugh, on further testing; the ipa python console is giving different responses that the code I'm using in a python script.
In the ipa console, the additional attributes are listed. In the script I'm setting up a python-freeipa.Client object (called client)and passing the following call: client.user_find(all=True) and the user records that are returned are still only the 'default' attributes, even though the attributes are set and have values. This is the code I'm testing, it's loading all the variables from a configuration file provided by the config object. # First two lines import the project's configuration and logging objects from this.configuration import config, args from this.log import base_logger from python_freeipa import Client logger = base_logger.getChild(__name__) if config['freeipa'].getboolean('enabled') is True: if config['freeipa'].getboolean('verify_ssl') is not True: logger.warning( 'Verifying TLS connection to %s disabled.' % config['freeipa']['server'] ) logger.info('freeIPA startup') client = Client( config['freeipa']['server'], version=config['freeipa']['version'], verify_ssl=config['freeipa'].getboolean('verify_ssl') ) client.login( config['freeipa']['user'], config['freeipa']['password'] ) else: logger.info('freeIPA disabled') def ipa_query(*dargs, **kwargs): if config['freeipa'].getboolean('enabled') is True: return client.user_find(*dargs, **kwargs) else: logger.info('freeIPA disabled') return None ipa_query(all=True) Regards, Aaron -----Original Message----- From: Alexander Bokovoy [mailto:aboko...@redhat.com] Sent: Friday, 3 November 2017 7:10 PM To: FreeIPA users list <email@example.com> Cc: Aaron Hicks <aaron.hi...@nesi.org.nz> Subject: Re: [Freeipa-users] Searching for user by extended attribute On pe, 03 marras 2017, Aaron Hicks via FreeIPA-users wrote: >Hi all, > > > >We've added two objectclasses to the default user in our FreeIPA instance. >We're able to set and modify them fine, however we need two additional >functions. > > > >We need two additional attributes auedupersonsharedtoken and >edupersonprinciplename to be included in the user attributes when >executing user-find with the python-freeipa module. It works fine from >the command line by adding the --all argument, but there's no >equivalent to --all the python-freeipa module. It is all there. $ ipa console (Custom IPA interactive Python console) >>> len(api.Command.user_find()['result']) 11 >>> len(api.Command.user_find(all=True)['result']) 24 >We need to be able to user-find to search for users by these >attributes, both from the command line and the python-freeipa module. >There does not seem to be an equivalent of the --setattr command on the >find function to search by attributes provided by additional objectclass schema. This is a bit different. You need to make sure you injected those attributes into existing object definitions if you want to see them used by the baseldap.py machinery. Can you show a code you use to extend IPA classes? -- / Alexander Bokovoy _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org