One more issue. Service user cannot see the new attribute. It does see the 
objectclass. 

ldif: 
dn: cn=schema 
changetype: modify 
add: objectclasses 
objectclasses: ( 1.3.6.1.4.1.49232.1.1 
NAME 'groupMail' 
SUP top 
STRUCTURAL 
MAY ( mail $ displayname ) 
X-ORIGIN 'Extending FreeIPA' ) 

Service user: 
uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 

Regular user: 
uid=admin,cn=users,cn=accounts,dc=test,dc=tld 

They both see objectclass=groupmail, but uid=googlesync does not birng back 
mail and displyaname, while using ldapsearch. 


Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuh...@chemaxon.com> 
To: "Petr Vobornik" <pvobo...@redhat.com> 
Cc: freeipa-users@redhat.com 
Sent: Wednesday, January 11, 2017 3:26:41 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

It is fixed. The location was fine. We had to do some digging there. 
The group module works different than the user and is giving 
var section = get_item(facet.sections, 'name', 'details'); 
instead of 
var section = get_item(facet.sections, 'name', 'identity'); 
as the user would do. 

Yup figured that index generation is auto. 

So all check, all happy in the end. 
Thx. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Petr Vobornik" <pvobo...@redhat.com> 
To: "Sandor Juhasz" <sjuh...@chemaxon.com>, "Ludwig Krispenz" 
<lkris...@redhat.com> 
Cc: freeipa-users@redhat.com 
Sent: Wednesday, January 11, 2017 3:04:09 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

On 01/11/2017 01:58 PM, Sandor Juhasz wrote: 
> Ok, 
> 
> OID - check 
> ldapmodify - check 
> python scripts - check 
> These works on both ipa 3.x and ipa 4.x. 
> So the basic functionality is there for the new object class. 
> 
> js - i am stuck with, i have created the js files for the plugin, see below. 
> 
> But i don't know how to generate the the index. Also i might be completely 
> wrong. 
> 
> On ipa 3.x the js files are there, most probably the groups.js would exist as 
> i 
> expect it. 
> But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is 
> there. 

You don't need to generate plugin index, it is generated automatically. 

Just: 
mkdir /usr/share/ipa/ui/js/plugins/myplugin 
cp myplugin.js /usr/share/ipa/ui/js/plugins/myplugin 

It should be automatically picked up by Web UI. 

It will work only in RHEL 7/CentOS 7(FreeIPA 3.3+). Not RHEL 6(sort of 
3.0/3.1/3.2) 

On RHEL 6, there is /usr/share/ipa/ui/ext/extension.js which can contain 
custom content to extend UI, but writing a plugin for it is much more 
complicated so I'd rather avoid it. 

> 
> Here is the plugin, i am trying to use: 
> define([ 
> 'freeipa/phases', 
> 'freeipa/group'], 
> function(phases, group_mod) { 
> // helper function 
> function get_item(array, attr, value) { 
> for (var i=0,l=array.length; i<l; i++) { 
> if (array[i][attr] === value) return array[i]; 
> } 
> return null; 
> } 
> var groupmail_plugin = {}; 
> // adds 'mail' field into group details facet 
> groupmail_plugin.add_group_mail_pre_op = function() { 
> var facet = get_item(group_mod.entity_spec.facets, '$type', 'details'); 
> var section = get_item(facet.sections, 'name', 'identity'); 
> section.fields.push({ 
> name: 'mail', 
> label: 'Mail' 
> }); 
> return true; 
> }; 
> phases.on('customization', groupmail_plugin.add_group_mail_pre_op); 
> return groupmail_plugin; 
> }); 
> 
> 
> *Sándor Juhász* 
> System Administrator 
> *ChemAxon**Ltd*. 
> Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
> Cell: +36704258964 
> 
> --------------------------------------------------------------------------------
>  
> *From: *"Brian Candler" <b.cand...@pobox.com> 
> *To: *"Sandor Juhasz" <sjuh...@chemaxon.com> 
> *Cc: *freeipa-users@redhat.com 
> *Sent: *Monday, January 2, 2017 6:41:02 PM 
> *Subject: *Re: [Freeipa-users] modify schema - add group email and display 
> attribute 
> 
> On 02/01/2017 11:53, Sandor Juhasz wrote: 
> > I would be really happy if anybody could assign an OID for the new 
> > objectcalss 
> 
> You can get your own enterprise OID for free from here: 
> 
> http://pen.iana.org/pen/PenApplication.page 
> 
> Note that you only get one, so it's up to you to subdivide the space. 
> For example: if you get 1.3.6.1.4.1.99999, then you might decide to use: 
> 
> 1.3.6.1.4.1.99999.1 = LDAP object classes 
> 
> 1.3.6.1.4.1.99999.1.1 = myMailObjectClass 
> 
> 1.3.6.1.4.1.99999.1.2 = someOtherObjectClass 
> 
> 1.3.6.1.4.1.99999.2 = LDAP attributes 
> 
> 1.3.6.1.4.1.99999.2.1 = mySpecialAttribute 
> 
> then later you can assign under 1.3.6.1.4.1.99999.3 for something else 
> that needs OIDs (e.g. SNMP MIBs) and so on. 
> 
> 
> 


-- 
Petr Vobornik 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to