Sigbjorn Lie wrote:
On Fri, September 16, 2011 23:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 09/16/2011 10:29 AM, Alexander Bokovoy wrote:
On Fri, 16 Sep 2011, Dmitri Pal wrote:
On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
On 09/15/2011 09:59 PM, Dmitri Pal wrote:
On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
Hi,
Is there a custom script hook for when a user account is added using
either the cli, webui, or the winsync module?
I have a custom script I run when creating a user account, and having
this run automatically by IPA would make my life a lot easier.
Can you describe what kind of operations you need to do?
Have you looked at the automembership plugin?
I'm doing a SSH login on to a filer, creating a home folder ZFS
dataset for the new user, setting quota and ACL on the newly created dataset,
and adding
files from a skeleton folder into the home folder.
It might be a stupid question but... you seem to do all the operation
described above on the filer. I am not quite clear what part of it, if any,
needs to be run
on the server side, I mean on the IPA. Or you actually want to be able to
create an account
on the server side and make it trapped and send the event to the filer and run
a script
there?
We can't do it now. AFAIR there was a ticket about something like this
in the deferred bucket... Could not find it... But I remember a discussion. We
might need to
file a ticket to track this but sound like something that will take a lot of
time to
accomplish.
Attached untested patch is a proof of concept. If /etc/ipa/server.conf
has following setting:
ipa_user_script=/path/to/script
then during add/delete/modify of an user, it will be called with add/del/mod as
first
parameter and user's dn as second. Result of the call is ignored but return
from IPA server is
blocked by the execution so be quick in ipa_user_script!
I got the patch installed OK, env variable set, and the script is being
run when do user modifications. Great! :) But the action (add/del/mod) and the
dn is not being
supplied as arguments.
For testing's sake I've made a very simple script just to capture the
env variables.
Do you have any suggestion to why the arguments is not getting supplied
to the script?
#!/bin/bash
echo "a:$1 u:$2">> /tmp/ipa_custom_$$ env>> /tmp/ipa_custom_$$
The ipautil.run invocation should be:
ipautil.run([self.api.env.ipa_user_script,"add", dn])
In other words, the whole thing needs to be in the list.
Note that a cleaner way of adding this without having to modify
ipa-provided files would be to write an extension plugin that does this
(untested):
from ipalib.plugins.user import user_add
def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
inst.log.info('User
added') if 'ipa_user_script' in inst.api.env: try:
ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except:
pass
return dn
user_add.register_post_callback(script_post_add_callback)
Stick that into a file and drop it into the directory with the other
plugins and restart Apache and that should do it.
rob
I reverted the patched user.py file back to tbe unpatched user.py file.
I called the script you provided custom.py, and I've tried copying it to
/usr/lib/python2.7/site-packages/ipalib/plugins and
/usr/lib/python2.7/site-packages/ipaserver/plugins. Then I restarted httpd and
tomcat6. Now the
script is not called anymore.
Should the script be put anywhere else? Anything I didnt do?
It needs to be in ipalib/plugins.
Add:
from ipapython import ipautil
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
