On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
Hi,

A while back I got some help writing a python script who extends the user 
classes in ipalib to run
a custom command when a user is added/modified/deleted. This has been working 
perfectly in our
production environment for a few years now, until I upgraded to IPA 3.0 last 
week. The custom
script is no longer executed.

Did the libraries change since 2.2?

Hello,
Yes, IPA did change, though not in the callback registration API. See comment below.



The script sits in 
/usr/lib/python2.6/site-packages/ipalib/plugins/user-custom.py and looks like:


#
# Extension to provide user-customizable script when a user id 
added/modified/deleted
#

from ipapython import ipautil

# Extend add

from ipalib.plugins.user import user_add

def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
      inst.log.info('User added')
      if 'ipa_user_script' in inst.api.env:
          try:
              ipautil.run([inst.api.env.ipa_user_script,"add", dn])
          except:
               pass

First of all, you can add better logging so you can diagnose errors more easily, e.g.:

         try:
             ipautil.run([inst.api.env.ipa_user_script,"add", dn])
         except Exception, e:
             inst.log.error("ipa_user_script: Exception: %s", e)

With this change, I can see the following line in the server log:

ipa: ERROR: ipa_user_script: Exception: sequence item 2: expected string or Unicode, DN found

The error is due to DN refactoring (https://fedorahosted.org/freeipa/ticket/1670). All DNs throughout IPA are now represented by DN objects. To use them as strings you need to convert them explicitly:

             ipautil.run([inst.api.env.ipa_user_script, "add", str(dn)])

The same change is needed in the other three cases.
The modified code should still work under IPA 2.2.
Let me know if you're having more trouble.

      return dn

user_add.register_post_callback(script_post_add_callback)


# Extend delete

from ipalib.plugins.user import user_del

def script_post_del_callback(inst, ldap, dn, attrs_list, *keys, **options):
      inst.log.info('User deleted')
      if 'ipa_user_script' in inst.api.env:
          try:
              ipautil.run([inst.api.env.ipa_user_script,"del", dn])
          except:
               pass

      return dn

user_del.register_post_callback(script_post_del_callback)


# Extend modify

from ipalib.plugins.user import user_mod

def script_post_mod_callback(inst, ldap, dn, attrs_list, *keys, **options):
      inst.log.info('User modified')
      if 'ipa_user_script' in inst.api.env:
          try:
              ipautil.run([inst.api.env.ipa_user_script,"mod", dn])
          except:
               pass

      return dn

user_mod.register_post_callback(script_post_mod_callback)





--
PetrĀ³

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to