On 28.7.2014 16:21, mohammad sereshki wrote:
Dear

yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP
then we can add it as default parameter of user and configure it to set RBAC 
(role access)
if you want I can share the commands with you.
but I want to know how can we change  WEBUI to configure solarisuserattr 
through web interface.
anyway I had done it through command line.

Which version of FreeIPA or IdM are we talking about? In older version it's quite difficult. Web UI in IPA 3.3+ has a new plugin system. The slides [3] which Martin sent in the first reply covers how to extend existing page, but one can also add completely new page and a menu item.

Some time ago I wrote example plugin [1] (not sure if it still works) which replaces user details page in self-service mode with new more simple one. It shows how to add/delete menu items.

To implement new pages, one can take inspiration from core FreeIPA code. The simplest page is probably Radius Server Proxy [2]. The only differences are that core plugins have menu items defined on one place somewhere else and that, when one refers to UI module, he has to use absolute module name ('freeipa/text/') instead of a relative one ('./text').

[1] https://pvoborni.fedorapeople.org/plugins/simpleuser/simpleuser.js
[2] https://git.fedorahosted.org/cgit/freeipa.git/tree/install/ui/src/freeipa/radiusproxy.js

Other sources:
[3] http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
[4]  http://pvoborni.fedorapeople.org/doc/#!/guide/Plugins




________________________________
  From: Rob Crittenden <rcrit...@redhat.com>
To: mohammad sereshki <mohammadseres...@yahoo.com>; "freeipa-users@redhat.com" 
<freeipa-users@redhat.com>
Sent: Monday, July 28, 2014 6:45 PM
Subject: Re: [Freeipa-users] add solaris attribiutes to IPA


mohammad sereshki wrote:



hi
Would you please let me know who can i add
/etc/user_attr,prof_attr,projet,auth_attr to IPA ?
Iwant to configure RBAC solaris on IPA .
Thanks

There is probably a way to do this in LDAP but it isn't something that
IPA provides.

When IPA started there was no common access control mechanism across
*nixes. We looked at the available options and ended up rolling our own
which we called HBAC.

rob





--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to