Sigbjorn Lie wrote:

On Fri, September 16, 2011 23:18, Rob Crittenden wrote:
Sigbjorn Lie wrote:

On 09/16/2011 10:29 AM, Alexander Bokovoy wrote:

On Fri, 16 Sep 2011, Dmitri Pal wrote:

On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:

On 09/15/2011 09:59 PM, Dmitri Pal wrote:

On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:


Is there a custom script hook for when a user account is added using
either the cli, webui, or the winsync module?

I have a custom script I run when creating a user account, and having
this run automatically by IPA would make my life a lot easier.

Can you describe what kind of operations you need to do?
Have you looked at the automembership plugin?

I'm doing a SSH login on to a filer, creating a home folder ZFS
dataset for the new user, setting quota and ACL on the newly created dataset, 
and adding
files from a skeleton folder into the home folder.

It might be a stupid question but... you seem to do all the operation
described above on the filer. I am not quite clear what part of it, if any, 
needs to be run
on the server side, I mean on the IPA. Or you actually want to be able to 
create an account
on the server side and make it trapped and send the event to the filer and run 
a script

We can't do it now. AFAIR there was a ticket about something like this
in the deferred bucket... Could not find it... But I remember a discussion. We 
might need to
file a ticket to track this but sound like something that will take a lot of 
time to
Attached untested patch is a proof of concept. If /etc/ipa/server.conf
has following setting:


then during add/delete/modify of an user, it will be called with add/del/mod as 
parameter and user's dn as second. Result of the call is ignored but return 
from IPA server is
blocked by the execution so be quick in ipa_user_script!

I got the patch installed OK, env variable set, and the script is being
run when do user modifications. Great! :) But the action (add/del/mod) and the 
dn is not being
supplied as arguments.

For testing's sake I've made a very simple script just to capture the
env variables.

Do you have any suggestion to why the arguments is not getting supplied
to the script?


echo "a:$1 u:$2">>  /tmp/ipa_custom_$$ env>>  /tmp/ipa_custom_$$

The invocation should be:[self.api.env.ipa_user_script,"add", dn])

In other words, the whole thing needs to be in the list.

Note that a cleaner way of adding this without having to modify
ipa-provided files would be to write an extension plugin that does this 

from ipalib.plugins.user import user_add

def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):'User
added') if 'ipa_user_script' in inst.api.env: try:[inst.api.env.ipa_user_script,"add", dn]) except:

return dn


Stick that into a file and drop it into the directory with the other
plugins and restart Apache and that should do it.


I reverted the patched file back to tbe unpatched file.

I called the script you provided, and I've tried copying it to
/usr/lib/python2.7/site-packages/ipalib/plugins and
/usr/lib/python2.7/site-packages/ipaserver/plugins. Then I restarted httpd and 
tomcat6. Now the
script is not called anymore.

Should the script be put anywhere else? Anything I didnt do?

It needs to be in ipalib/plugins.


from ipapython import ipautil


Freeipa-users mailing list

Reply via email to