On Пят, 26 сне 2025, Данила Скачедубов via FreeIPA-users wrote:
I think I have figured out that plugin loading can indeed be skipped using errors.SkipPluginModule. However, my question is whether it is possible to check the LDAP schema for the required objects within the plugin before registering it with register = Registry(). From what I understand, at this stage api.Backend.ldap2 or other LDAP API objects are not yet available, so direct access to the LDAP connection for schema verification isn’t possible. Is there a recommended approach to perform such a check safely before full plugin initialization, so the plugin can be skipped if the required objectClasses are missing?
I think you only can realistically check a presence of something in the file system. For example, in ipaserver/plugins/trust.py we do a check that we can import Samba Python API and otherwise deny operations. The check happens when the module is imported and then reused for every API call that relies on the corresponding API. Additionally we see if `adtrust_is_enabled` command returns True. This one is a runtime check. See `verify_samba_component_presence()` for more details. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
