Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Awesome! Thank you. On Wed, Feb 1, 2017 at 12:05 PM, Florence Blanc-Renaudwrote: > On 02/01/2017 05:47 PM, Steve Huston wrote: >> >> Would it be better to file this as a new bug, or reopen 4291? >> > Hi, > > we are already aware of the problem and working on a fix (please see > https://bugzilla.redhat.com/show_bug.cgi?id=1398600 and > https://fedorahosted.org/freeipa/ticket/6575). > > HTH, > Flo. > > >> On Tue, Jan 31, 2017 at 5:00 PM, Steve Huston >> wrote: >>> >>> Seems like this is to blame: >>> https://fedorahosted.org/freeipa/ticket/4291 >>> >>> The checkin says, "Installation in pure IPv6 environment failed >>> because pki-tomcat tried to use >>> IPv4 loopback. Configuring tomcat to use IPv6 loopback instead of IPv4 >>> fixes this issue." However it would seem that in a pure IPv4 >>> environment, this is causing tomcat to fail to load. >>> >>> On Tue, Jan 31, 2017 at 4:36 PM, Steve Huston >>> wrote: What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml? >>> address="::1" /> Doesn't work so well on a host without IPv6 turned on... Jan 31 14:26:59 ipa server: PKIListener: org.apache.catalina.core.StandardServer[before_init] Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end point associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8009"] Jan 31 14:27:00 ipa server: java.net.SocketException: Protocol family unavailable On Fri, Jan 27, 2017 at 4:23 PM, Steve Huston wrote: > > Stranger, I did an install on a different VM with the CentOS 7 minimal > ISO, then installed ipa-server and enough things to get X11 and > Firefox, ran ipa-server-install and it worked fine. I tested with > Firefox (and Safari) against my failing installation and it still > fails. So there's something else different that's causing it to > break. Will continue investigating, but if someone knows why the UI > would break this way it would be helpful to know where to look! > > On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston > wrote: >> >> Just did it again with the same result. Reinstalled the machine, then >> did a 'yum install ipa-server python2-ipaserver httpd' which pulled in >> version 4.4.0-14.el7_3.4 and a bunch of other packages. Next was the >> ipa-server-install as I used before, only without --mkhomedir this >> time. After entering the passwords for directory administrator and >> the admin user, I then logged in to the web interface, immediately >> clicked "add" and added a user 'foobar'. When I clicked "add and >> edit" and was brought to the user information page, it looks like this >> at the bottom: >> >> >> https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0 >> >> I then entered an employee number of '0001' just to give something to >> save, and clicked save. The screen now shows this (I've clicked the >> drop-down on the manager field so the choices are visible): >> >> >> https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0 >> >> Holding shift and clicking reload, the page now looks like this (the >> employee number field is also blank again): >> >> >> https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0 >> >> Since we do run a repackaged distribution here (Springdale Linux), I >> just unpacked ipa-server-common from our repository with the above >> version, and >> http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm, >> and 'diff' found zero differences between them. Unlikely, but I >> wanted to rule out a packaging error causing the problem. >> >> On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston >> wrote: >>> >>> No, that should be all of the major changes; the puppet module that >>> installs things only puts the two plugin files in their respective >>> places. The client part of the IPA module makes changes to have the >>> machine join the domain and whatnot, but those shouldn't affect the >>> webui. >>> >>> I do modify the schema by adding some attribute types for Puppet, >>> namely puppetClass, parentNode, environment, puppetVar, and the >>> object >>> class puppetClient. That's basically right from one of the Puppet >>> webpages and also worked in the past - and is one of the things the >>> python plugin does, add the appropriate objectclass to host entries >>> if >>> puppetVar is added to a host entry. >>> >>> My steps to install: >>> * ipa-server-install --realm= --domain= --mkhomedir >>> --hostname=
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
On 02/01/2017 05:47 PM, Steve Huston wrote: Would it be better to file this as a new bug, or reopen 4291? Hi, we are already aware of the problem and working on a fix (please see https://bugzilla.redhat.com/show_bug.cgi?id=1398600 and https://fedorahosted.org/freeipa/ticket/6575). HTH, Flo. On Tue, Jan 31, 2017 at 5:00 PM, Steve Hustonwrote: Seems like this is to blame: https://fedorahosted.org/freeipa/ticket/4291 The checkin says, "Installation in pure IPv6 environment failed because pki-tomcat tried to use IPv4 loopback. Configuring tomcat to use IPv6 loopback instead of IPv4 fixes this issue." However it would seem that in a pure IPv4 environment, this is causing tomcat to fail to load. On Tue, Jan 31, 2017 at 4:36 PM, Steve Huston wrote: What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml? Doesn't work so well on a host without IPv6 turned on... Jan 31 14:26:59 ipa server: PKIListener: org.apache.catalina.core.StandardServer[before_init] Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end point associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8009"] Jan 31 14:27:00 ipa server: java.net.SocketException: Protocol family unavailable On Fri, Jan 27, 2017 at 4:23 PM, Steve Huston wrote: Stranger, I did an install on a different VM with the CentOS 7 minimal ISO, then installed ipa-server and enough things to get X11 and Firefox, ran ipa-server-install and it worked fine. I tested with Firefox (and Safari) against my failing installation and it still fails. So there's something else different that's causing it to break. Will continue investigating, but if someone knows why the UI would break this way it would be helpful to know where to look! On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston wrote: Just did it again with the same result. Reinstalled the machine, then did a 'yum install ipa-server python2-ipaserver httpd' which pulled in version 4.4.0-14.el7_3.4 and a bunch of other packages. Next was the ipa-server-install as I used before, only without --mkhomedir this time. After entering the passwords for directory administrator and the admin user, I then logged in to the web interface, immediately clicked "add" and added a user 'foobar'. When I clicked "add and edit" and was brought to the user information page, it looks like this at the bottom: https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0 I then entered an employee number of '0001' just to give something to save, and clicked save. The screen now shows this (I've clicked the drop-down on the manager field so the choices are visible): https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0 Holding shift and clicking reload, the page now looks like this (the employee number field is also blank again): https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0 Since we do run a repackaged distribution here (Springdale Linux), I just unpacked ipa-server-common from our repository with the above version, and http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm, and 'diff' found zero differences between them. Unlikely, but I wanted to rule out a packaging error causing the problem. On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston wrote: No, that should be all of the major changes; the puppet module that installs things only puts the two plugin files in their respective places. The client part of the IPA module makes changes to have the machine join the domain and whatnot, but those shouldn't affect the webui. I do modify the schema by adding some attribute types for Puppet, namely puppetClass, parentNode, environment, puppetVar, and the object class puppetClient. That's basically right from one of the Puppet webpages and also worked in the past - and is one of the things the python plugin does, add the appropriate objectclass to host entries if puppetVar is added to a host entry. My steps to install: * ipa-server-install --realm= --domain= --mkhomedir --hostname= --no-host-dns * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W < paste puppet schema changes> < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a service account used by puppet for adding hosts to IPA > * login to web UI * * Change home directory base, default shell, default SELinux user * * Add SELinux user map for staff/sysadmin users * * Add "user adder" permission/privilege/role for users who will be able to create stageusers That's about as far as I got before I realized some of the plugin pieces weren't working, and then fixed the python plugin followed by working on the UI plugin and finding this problem. I'll go wipe and reinstall the system again and walk through the steps, but test
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Would it be better to file this as a new bug, or reopen 4291? On Tue, Jan 31, 2017 at 5:00 PM, Steve Hustonwrote: > Seems like this is to blame: https://fedorahosted.org/freeipa/ticket/4291 > > The checkin says, "Installation in pure IPv6 environment failed > because pki-tomcat tried to use > IPv4 loopback. Configuring tomcat to use IPv6 loopback instead of IPv4 > fixes this issue." However it would seem that in a pure IPv4 > environment, this is causing tomcat to fail to load. > > On Tue, Jan 31, 2017 at 4:36 PM, Steve Huston > wrote: >> What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml? >> >> >> >> > address="::1" /> >> >> Doesn't work so well on a host without IPv6 turned on... >> >> Jan 31 14:26:59 ipa server: PKIListener: >> org.apache.catalina.core.StandardServer[before_init] >> Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end point >> associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8009"] >> Jan 31 14:27:00 ipa server: java.net.SocketException: Protocol family >> unavailable >> >> On Fri, Jan 27, 2017 at 4:23 PM, Steve Huston >> wrote: >>> Stranger, I did an install on a different VM with the CentOS 7 minimal >>> ISO, then installed ipa-server and enough things to get X11 and >>> Firefox, ran ipa-server-install and it worked fine. I tested with >>> Firefox (and Safari) against my failing installation and it still >>> fails. So there's something else different that's causing it to >>> break. Will continue investigating, but if someone knows why the UI >>> would break this way it would be helpful to know where to look! >>> >>> On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston >>> wrote: Just did it again with the same result. Reinstalled the machine, then did a 'yum install ipa-server python2-ipaserver httpd' which pulled in version 4.4.0-14.el7_3.4 and a bunch of other packages. Next was the ipa-server-install as I used before, only without --mkhomedir this time. After entering the passwords for directory administrator and the admin user, I then logged in to the web interface, immediately clicked "add" and added a user 'foobar'. When I clicked "add and edit" and was brought to the user information page, it looks like this at the bottom: https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0 I then entered an employee number of '0001' just to give something to save, and clicked save. The screen now shows this (I've clicked the drop-down on the manager field so the choices are visible): https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0 Holding shift and clicking reload, the page now looks like this (the employee number field is also blank again): https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0 Since we do run a repackaged distribution here (Springdale Linux), I just unpacked ipa-server-common from our repository with the above version, and http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm, and 'diff' found zero differences between them. Unlikely, but I wanted to rule out a packaging error causing the problem. On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston wrote: > No, that should be all of the major changes; the puppet module that > installs things only puts the two plugin files in their respective > places. The client part of the IPA module makes changes to have the > machine join the domain and whatnot, but those shouldn't affect the > webui. > > I do modify the schema by adding some attribute types for Puppet, > namely puppetClass, parentNode, environment, puppetVar, and the object > class puppetClient. That's basically right from one of the Puppet > webpages and also worked in the past - and is one of the things the > python plugin does, add the appropriate objectclass to host entries if > puppetVar is added to a host entry. > > My steps to install: > * ipa-server-install --realm= --domain= --mkhomedir > --hostname= --no-host-dns > * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W > < paste puppet schema changes> > < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a > service account used by puppet for adding hosts to IPA > > * login to web UI > * * Change home directory base, default shell, default SELinux user > * * Add SELinux user map for staff/sysadmin users > * * Add "user adder" permission/privilege/role for users who will be > able to create stageusers > > That's about as far as I got before I realized some of the plugin > pieces
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Seems like this is to blame: https://fedorahosted.org/freeipa/ticket/4291 The checkin says, "Installation in pure IPv6 environment failed because pki-tomcat tried to use IPv4 loopback. Configuring tomcat to use IPv6 loopback instead of IPv4 fixes this issue." However it would seem that in a pure IPv4 environment, this is causing tomcat to fail to load. On Tue, Jan 31, 2017 at 4:36 PM, Steve Hustonwrote: > What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml? > > > > address="::1" /> > > Doesn't work so well on a host without IPv6 turned on... > > Jan 31 14:26:59 ipa server: PKIListener: > org.apache.catalina.core.StandardServer[before_init] > Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end point > associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8009"] > Jan 31 14:27:00 ipa server: java.net.SocketException: Protocol family > unavailable > > On Fri, Jan 27, 2017 at 4:23 PM, Steve Huston > wrote: >> Stranger, I did an install on a different VM with the CentOS 7 minimal >> ISO, then installed ipa-server and enough things to get X11 and >> Firefox, ran ipa-server-install and it worked fine. I tested with >> Firefox (and Safari) against my failing installation and it still >> fails. So there's something else different that's causing it to >> break. Will continue investigating, but if someone knows why the UI >> would break this way it would be helpful to know where to look! >> >> On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston >> wrote: >>> Just did it again with the same result. Reinstalled the machine, then >>> did a 'yum install ipa-server python2-ipaserver httpd' which pulled in >>> version 4.4.0-14.el7_3.4 and a bunch of other packages. Next was the >>> ipa-server-install as I used before, only without --mkhomedir this >>> time. After entering the passwords for directory administrator and >>> the admin user, I then logged in to the web interface, immediately >>> clicked "add" and added a user 'foobar'. When I clicked "add and >>> edit" and was brought to the user information page, it looks like this >>> at the bottom: >>> >>> https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0 >>> >>> I then entered an employee number of '0001' just to give something to >>> save, and clicked save. The screen now shows this (I've clicked the >>> drop-down on the manager field so the choices are visible): >>> >>> https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0 >>> >>> Holding shift and clicking reload, the page now looks like this (the >>> employee number field is also blank again): >>> >>> https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0 >>> >>> Since we do run a repackaged distribution here (Springdale Linux), I >>> just unpacked ipa-server-common from our repository with the above >>> version, and >>> http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm, >>> and 'diff' found zero differences between them. Unlikely, but I >>> wanted to rule out a packaging error causing the problem. >>> >>> On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston >>> wrote: No, that should be all of the major changes; the puppet module that installs things only puts the two plugin files in their respective places. The client part of the IPA module makes changes to have the machine join the domain and whatnot, but those shouldn't affect the webui. I do modify the schema by adding some attribute types for Puppet, namely puppetClass, parentNode, environment, puppetVar, and the object class puppetClient. That's basically right from one of the Puppet webpages and also worked in the past - and is one of the things the python plugin does, add the appropriate objectclass to host entries if puppetVar is added to a host entry. My steps to install: * ipa-server-install --realm= --domain= --mkhomedir --hostname= --no-host-dns * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W < paste puppet schema changes> < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a service account used by puppet for adding hosts to IPA > * login to web UI * * Change home directory base, default shell, default SELinux user * * Add SELinux user map for staff/sysadmin users * * Add "user adder" permission/privilege/role for users who will be able to create stageusers That's about as far as I got before I realized some of the plugin pieces weren't working, and then fixed the python plugin followed by working on the UI plugin and finding this problem. I'll go wipe and reinstall the system again and walk through the steps, but test the UI first and in between to see if I
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml? Doesn't work so well on a host without IPv6 turned on... Jan 31 14:26:59 ipa server: PKIListener: org.apache.catalina.core.StandardServer[before_init] Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end point associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8009"] Jan 31 14:27:00 ipa server: java.net.SocketException: Protocol family unavailable On Fri, Jan 27, 2017 at 4:23 PM, Steve Hustonwrote: > Stranger, I did an install on a different VM with the CentOS 7 minimal > ISO, then installed ipa-server and enough things to get X11 and > Firefox, ran ipa-server-install and it worked fine. I tested with > Firefox (and Safari) against my failing installation and it still > fails. So there's something else different that's causing it to > break. Will continue investigating, but if someone knows why the UI > would break this way it would be helpful to know where to look! > > On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston > wrote: >> Just did it again with the same result. Reinstalled the machine, then >> did a 'yum install ipa-server python2-ipaserver httpd' which pulled in >> version 4.4.0-14.el7_3.4 and a bunch of other packages. Next was the >> ipa-server-install as I used before, only without --mkhomedir this >> time. After entering the passwords for directory administrator and >> the admin user, I then logged in to the web interface, immediately >> clicked "add" and added a user 'foobar'. When I clicked "add and >> edit" and was brought to the user information page, it looks like this >> at the bottom: >> >> https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0 >> >> I then entered an employee number of '0001' just to give something to >> save, and clicked save. The screen now shows this (I've clicked the >> drop-down on the manager field so the choices are visible): >> >> https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0 >> >> Holding shift and clicking reload, the page now looks like this (the >> employee number field is also blank again): >> >> https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0 >> >> Since we do run a repackaged distribution here (Springdale Linux), I >> just unpacked ipa-server-common from our repository with the above >> version, and >> http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm, >> and 'diff' found zero differences between them. Unlikely, but I >> wanted to rule out a packaging error causing the problem. >> >> On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston >> wrote: >>> No, that should be all of the major changes; the puppet module that >>> installs things only puts the two plugin files in their respective >>> places. The client part of the IPA module makes changes to have the >>> machine join the domain and whatnot, but those shouldn't affect the >>> webui. >>> >>> I do modify the schema by adding some attribute types for Puppet, >>> namely puppetClass, parentNode, environment, puppetVar, and the object >>> class puppetClient. That's basically right from one of the Puppet >>> webpages and also worked in the past - and is one of the things the >>> python plugin does, add the appropriate objectclass to host entries if >>> puppetVar is added to a host entry. >>> >>> My steps to install: >>> * ipa-server-install --realm= --domain= --mkhomedir >>> --hostname= --no-host-dns >>> * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W >>> < paste puppet schema changes> >>> < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a >>> service account used by puppet for adding hosts to IPA > >>> * login to web UI >>> * * Change home directory base, default shell, default SELinux user >>> * * Add SELinux user map for staff/sysadmin users >>> * * Add "user adder" permission/privilege/role for users who will be >>> able to create stageusers >>> >>> That's about as far as I got before I realized some of the plugin >>> pieces weren't working, and then fixed the python plugin followed by >>> working on the UI plugin and finding this problem. I'll go wipe and >>> reinstall the system again and walk through the steps, but test the UI >>> first and in between to see if I can find which of the steps might be >>> causing things to hiccup. >>> >>> On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka wrote: Hello Steve, I tried to reproduce what you described on the very same version of ipa-server and I was not successful. Actually I was not used your back-end plugin. I tried it with no plugin and then with your UI plugin and both worked correctly. Did you do any other changes somewhere in your installation? I will try it again also with your Python plugin and we'll
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Stranger, I did an install on a different VM with the CentOS 7 minimal ISO, then installed ipa-server and enough things to get X11 and Firefox, ran ipa-server-install and it worked fine. I tested with Firefox (and Safari) against my failing installation and it still fails. So there's something else different that's causing it to break. Will continue investigating, but if someone knows why the UI would break this way it would be helpful to know where to look! On Thu, Jan 26, 2017 at 11:53 AM, Steve Hustonwrote: > Just did it again with the same result. Reinstalled the machine, then > did a 'yum install ipa-server python2-ipaserver httpd' which pulled in > version 4.4.0-14.el7_3.4 and a bunch of other packages. Next was the > ipa-server-install as I used before, only without --mkhomedir this > time. After entering the passwords for directory administrator and > the admin user, I then logged in to the web interface, immediately > clicked "add" and added a user 'foobar'. When I clicked "add and > edit" and was brought to the user information page, it looks like this > at the bottom: > > https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0 > > I then entered an employee number of '0001' just to give something to > save, and clicked save. The screen now shows this (I've clicked the > drop-down on the manager field so the choices are visible): > > https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0 > > Holding shift and clicking reload, the page now looks like this (the > employee number field is also blank again): > > https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0 > > Since we do run a repackaged distribution here (Springdale Linux), I > just unpacked ipa-server-common from our repository with the above > version, and > http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm, > and 'diff' found zero differences between them. Unlikely, but I > wanted to rule out a packaging error causing the problem. > > On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston > wrote: >> No, that should be all of the major changes; the puppet module that >> installs things only puts the two plugin files in their respective >> places. The client part of the IPA module makes changes to have the >> machine join the domain and whatnot, but those shouldn't affect the >> webui. >> >> I do modify the schema by adding some attribute types for Puppet, >> namely puppetClass, parentNode, environment, puppetVar, and the object >> class puppetClient. That's basically right from one of the Puppet >> webpages and also worked in the past - and is one of the things the >> python plugin does, add the appropriate objectclass to host entries if >> puppetVar is added to a host entry. >> >> My steps to install: >> * ipa-server-install --realm= --domain= --mkhomedir >> --hostname= --no-host-dns >> * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W >> < paste puppet schema changes> >> < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a >> service account used by puppet for adding hosts to IPA > >> * login to web UI >> * * Change home directory base, default shell, default SELinux user >> * * Add SELinux user map for staff/sysadmin users >> * * Add "user adder" permission/privilege/role for users who will be >> able to create stageusers >> >> That's about as far as I got before I realized some of the plugin >> pieces weren't working, and then fixed the python plugin followed by >> working on the UI plugin and finding this problem. I'll go wipe and >> reinstall the system again and walk through the steps, but test the UI >> first and in between to see if I can find which of the steps might be >> causing things to hiccup. >> >> On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka wrote: >>> Hello Steve, >>> >>> I tried to reproduce what you described on the very same version of >>> ipa-server and I was not successful. Actually I was not used your back-end >>> plugin. I tried it with no plugin and then with your UI plugin and both >>> worked correctly. Did you do any other changes somewhere in your >>> installation? >>> >>> I will try it again also with your Python plugin and we'll see. >>> >>> >>> On 01/24/2017 08:59 PM, Steve Huston wrote: And now I'm convinced this has nothing to do with my plugin and instead is a bug somewhere in FreeIPA. I removed the entirety of the "astrocustom" plugin that I wrote, restarted httpd, and force reloaded the page in chrome. I clicked to add a new user, gave the basic information, and clicked "add and edit". The bottom of the page shows the "Employee information" on the left side bottom, and the manager drop-down is empty. I entered '1' in the "employee type" field and clicked save, and now "Employee
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Just did it again with the same result. Reinstalled the machine, then did a 'yum install ipa-server python2-ipaserver httpd' which pulled in version 4.4.0-14.el7_3.4 and a bunch of other packages. Next was the ipa-server-install as I used before, only without --mkhomedir this time. After entering the passwords for directory administrator and the admin user, I then logged in to the web interface, immediately clicked "add" and added a user 'foobar'. When I clicked "add and edit" and was brought to the user information page, it looks like this at the bottom: https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0 I then entered an employee number of '0001' just to give something to save, and clicked save. The screen now shows this (I've clicked the drop-down on the manager field so the choices are visible): https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0 Holding shift and clicking reload, the page now looks like this (the employee number field is also blank again): https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0 Since we do run a repackaged distribution here (Springdale Linux), I just unpacked ipa-server-common from our repository with the above version, and http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm, and 'diff' found zero differences between them. Unlikely, but I wanted to rule out a packaging error causing the problem. On Wed, Jan 25, 2017 at 4:12 PM, Steve Hustonwrote: > No, that should be all of the major changes; the puppet module that > installs things only puts the two plugin files in their respective > places. The client part of the IPA module makes changes to have the > machine join the domain and whatnot, but those shouldn't affect the > webui. > > I do modify the schema by adding some attribute types for Puppet, > namely puppetClass, parentNode, environment, puppetVar, and the object > class puppetClient. That's basically right from one of the Puppet > webpages and also worked in the past - and is one of the things the > python plugin does, add the appropriate objectclass to host entries if > puppetVar is added to a host entry. > > My steps to install: > * ipa-server-install --realm= --domain= --mkhomedir > --hostname= --no-host-dns > * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W > < paste puppet schema changes> > < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a > service account used by puppet for adding hosts to IPA > > * login to web UI > * * Change home directory base, default shell, default SELinux user > * * Add SELinux user map for staff/sysadmin users > * * Add "user adder" permission/privilege/role for users who will be > able to create stageusers > > That's about as far as I got before I realized some of the plugin > pieces weren't working, and then fixed the python plugin followed by > working on the UI plugin and finding this problem. I'll go wipe and > reinstall the system again and walk through the steps, but test the UI > first and in between to see if I can find which of the steps might be > causing things to hiccup. > > On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka wrote: >> Hello Steve, >> >> I tried to reproduce what you described on the very same version of >> ipa-server and I was not successful. Actually I was not used your back-end >> plugin. I tried it with no plugin and then with your UI plugin and both >> worked correctly. Did you do any other changes somewhere in your >> installation? >> >> I will try it again also with your Python plugin and we'll see. >> >> >> On 01/24/2017 08:59 PM, Steve Huston wrote: >>> >>> And now I'm convinced this has nothing to do with my plugin and >>> instead is a bug somewhere in FreeIPA. >>> >>> I removed the entirety of the "astrocustom" plugin that I wrote, >>> restarted httpd, and force reloaded the page in chrome. I clicked to >>> add a new user, gave the basic information, and clicked "add and >>> edit". The bottom of the page shows the "Employee information" on the >>> left side bottom, and the manager drop-down is empty. I entered '1' >>> in the "employee type" field and clicked save, and now "Employee >>> Information" is on the right side directly under "Contact settings", >>> and the manager drop-down is populated with the list of UIDs on the >>> system. >>> >>> When the UI is in the failed state, the "email address" field is also >>> blank, but when things switch to how they should be (after submitting >>> a change) it is populated with the email address in the record. I >>> just tested by adding a telephone number to the record, and that also >>> made the contact information and employee information facets refresh >>> with the proper data. Pressing shift-reload again makes all the >>> information disappear (including the telephone number I just entered).
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
No, that should be all of the major changes; the puppet module that installs things only puts the two plugin files in their respective places. The client part of the IPA module makes changes to have the machine join the domain and whatnot, but those shouldn't affect the webui. I do modify the schema by adding some attribute types for Puppet, namely puppetClass, parentNode, environment, puppetVar, and the object class puppetClient. That's basically right from one of the Puppet webpages and also worked in the past - and is one of the things the python plugin does, add the appropriate objectclass to host entries if puppetVar is added to a host entry. My steps to install: * ipa-server-install --realm= --domain= --mkhomedir --hostname= --no-host-dns * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W < paste puppet schema changes> < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a service account used by puppet for adding hosts to IPA > * login to web UI * * Change home directory base, default shell, default SELinux user * * Add SELinux user map for staff/sysadmin users * * Add "user adder" permission/privilege/role for users who will be able to create stageusers That's about as far as I got before I realized some of the plugin pieces weren't working, and then fixed the python plugin followed by working on the UI plugin and finding this problem. I'll go wipe and reinstall the system again and walk through the steps, but test the UI first and in between to see if I can find which of the steps might be causing things to hiccup. On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomackawrote: > Hello Steve, > > I tried to reproduce what you described on the very same version of > ipa-server and I was not successful. Actually I was not used your back-end > plugin. I tried it with no plugin and then with your UI plugin and both > worked correctly. Did you do any other changes somewhere in your > installation? > > I will try it again also with your Python plugin and we'll see. > > > On 01/24/2017 08:59 PM, Steve Huston wrote: >> >> And now I'm convinced this has nothing to do with my plugin and >> instead is a bug somewhere in FreeIPA. >> >> I removed the entirety of the "astrocustom" plugin that I wrote, >> restarted httpd, and force reloaded the page in chrome. I clicked to >> add a new user, gave the basic information, and clicked "add and >> edit". The bottom of the page shows the "Employee information" on the >> left side bottom, and the manager drop-down is empty. I entered '1' >> in the "employee type" field and clicked save, and now "Employee >> Information" is on the right side directly under "Contact settings", >> and the manager drop-down is populated with the list of UIDs on the >> system. >> >> When the UI is in the failed state, the "email address" field is also >> blank, but when things switch to how they should be (after submitting >> a change) it is populated with the email address in the record. I >> just tested by adding a telephone number to the record, and that also >> made the contact information and employee information facets refresh >> with the proper data. Pressing shift-reload again makes all the >> information disappear (including the telephone number I just entered). >> >> This is with ipa-server-4.4.0-14.el7_3.4 >> >> >> On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston >> wrote: >>> >>> Just tested again, and this is still baffling: >>> >>> * Create a stage user with the right data, works fine, can be edited. >>> * Enable that user, and now the two fields ('manager' and >>> 'employeeType') appear to have bogus data in the UI, and I cannot save >>> the page without changing them to something else. >>> * Once that user is saved, the "Employee Information" facet moves to >>> the right side of the page, and now shows not only the current data in >>> the manager drop down but also the other choices (uids). Change the >>> value of manager and employeetype back to what they were previously >>> and it saves. >>> * An ldapsearch run when the user is first created (as the directory >>> manager), and after having two edits (one to change the values to >>> something else to let the webui save them, and one to change them back >>> to what they should be and were the first time) produce completely >>> identical results. >>> * The output of "ipa user-show --all --raw" is also identical at >>> those same steps. >>> >>> So something, somewhere, is being saved in a way that prevents the >>> webui from displaying them properly, that gets fixed when those values >>> are manually changed via the webui. >>> >>> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston >>> wrote: Even more interesting... I tried to modify one of the records that was not displaying properly in the "active users" group, and sure enough the webui complained that the "Requested By" (relabeled "manager")
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Hello Steve, I tried to reproduce what you described on the very same version of ipa-server and I was not successful. Actually I was not used your back-end plugin. I tried it with no plugin and then with your UI plugin and both worked correctly. Did you do any other changes somewhere in your installation? I will try it again also with your Python plugin and we'll see. On 01/24/2017 08:59 PM, Steve Huston wrote: And now I'm convinced this has nothing to do with my plugin and instead is a bug somewhere in FreeIPA. I removed the entirety of the "astrocustom" plugin that I wrote, restarted httpd, and force reloaded the page in chrome. I clicked to add a new user, gave the basic information, and clicked "add and edit". The bottom of the page shows the "Employee information" on the left side bottom, and the manager drop-down is empty. I entered '1' in the "employee type" field and clicked save, and now "Employee Information" is on the right side directly under "Contact settings", and the manager drop-down is populated with the list of UIDs on the system. When the UI is in the failed state, the "email address" field is also blank, but when things switch to how they should be (after submitting a change) it is populated with the email address in the record. I just tested by adding a telephone number to the record, and that also made the contact information and employee information facets refresh with the proper data. Pressing shift-reload again makes all the information disappear (including the telephone number I just entered). This is with ipa-server-4.4.0-14.el7_3.4 On Mon, Jan 23, 2017 at 1:55 PM, Steve Hustonwrote: Just tested again, and this is still baffling: * Create a stage user with the right data, works fine, can be edited. * Enable that user, and now the two fields ('manager' and 'employeeType') appear to have bogus data in the UI, and I cannot save the page without changing them to something else. * Once that user is saved, the "Employee Information" facet moves to the right side of the page, and now shows not only the current data in the manager drop down but also the other choices (uids). Change the value of manager and employeetype back to what they were previously and it saves. * An ldapsearch run when the user is first created (as the directory manager), and after having two edits (one to change the values to something else to let the webui save them, and one to change them back to what they should be and were the first time) produce completely identical results. * The output of "ipa user-show --all --raw" is also identical at those same steps. So something, somewhere, is being saved in a way that prevents the webui from displaying them properly, that gets fixed when those values are manually changed via the webui. On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston wrote: Even more interesting... I tried to modify one of the records that was not displaying properly in the "active users" group, and sure enough the webui complained that the "Requested By" (relabeled "manager") field was not filled in since it was blank. It also, however, complained that the "User tier" (relabeled "employeetype") was incorrect, even though it showed the label associated with the value 1. I clicked the search drop-down for manager, typed in my own uid, and even though everything had been blank in the drop down before now my uid showed up. I clicked on it, and my uid was now in the manager field. I then clicked the drop down for employeetype, and chose one of the other options. I was now able to save the changes to the record. Upon reloading the page, the "Employee Information" facet now shoed up on the right side bottom, instead of the left side bottom where it was appearing. I was also now able to change the drop-down fields for manager and employeetype to another value, and save them, and they worked fine even filling in all the data that should have been there. This almost seemed like the data being returned by the server was flawed somehow, and confusing the webui, but once it was forced to have the right data and re-saved it worked fine subsequently. I looked at the output of "ipa user-show --all --raw" both before and after making such changes on a user, and can detect no difference between them. On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy wrote: On to, 19 tammi 2017, Steve Huston wrote: On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy wrote: In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client side plugins into different paths (ipaserver/plugins and ipaclient/plugins instead of being common in ipalib/plugins). The client code was also changed to always read metadata about API from the server side. This means the client can adopt to any server version that supports API metadata. Right, and I think that the most of the plugin I had belongs
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
And now I'm convinced this has nothing to do with my plugin and instead is a bug somewhere in FreeIPA. I removed the entirety of the "astrocustom" plugin that I wrote, restarted httpd, and force reloaded the page in chrome. I clicked to add a new user, gave the basic information, and clicked "add and edit". The bottom of the page shows the "Employee information" on the left side bottom, and the manager drop-down is empty. I entered '1' in the "employee type" field and clicked save, and now "Employee Information" is on the right side directly under "Contact settings", and the manager drop-down is populated with the list of UIDs on the system. When the UI is in the failed state, the "email address" field is also blank, but when things switch to how they should be (after submitting a change) it is populated with the email address in the record. I just tested by adding a telephone number to the record, and that also made the contact information and employee information facets refresh with the proper data. Pressing shift-reload again makes all the information disappear (including the telephone number I just entered). This is with ipa-server-4.4.0-14.el7_3.4 On Mon, Jan 23, 2017 at 1:55 PM, Steve Hustonwrote: > Just tested again, and this is still baffling: > > * Create a stage user with the right data, works fine, can be edited. > * Enable that user, and now the two fields ('manager' and > 'employeeType') appear to have bogus data in the UI, and I cannot save > the page without changing them to something else. > * Once that user is saved, the "Employee Information" facet moves to > the right side of the page, and now shows not only the current data in > the manager drop down but also the other choices (uids). Change the > value of manager and employeetype back to what they were previously > and it saves. > * An ldapsearch run when the user is first created (as the directory > manager), and after having two edits (one to change the values to > something else to let the webui save them, and one to change them back > to what they should be and were the first time) produce completely > identical results. > * The output of "ipa user-show --all --raw" is also identical at > those same steps. > > So something, somewhere, is being saved in a way that prevents the > webui from displaying them properly, that gets fixed when those values > are manually changed via the webui. > > On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston > wrote: >> Even more interesting... >> >> I tried to modify one of the records that was not displaying properly >> in the "active users" group, and sure enough the webui complained that >> the "Requested By" (relabeled "manager") field was not filled in since >> it was blank. It also, however, complained that the "User tier" >> (relabeled "employeetype") was incorrect, even though it showed the >> label associated with the value 1. I clicked the search drop-down for >> manager, typed in my own uid, and even though everything had been >> blank in the drop down before now my uid showed up. I clicked on it, >> and my uid was now in the manager field. I then clicked the drop down >> for employeetype, and chose one of the other options. I was now able >> to save the changes to the record. >> >> Upon reloading the page, the "Employee Information" facet now shoed up >> on the right side bottom, instead of the left side bottom where it was >> appearing. I was also now able to change the drop-down fields for >> manager and employeetype to another value, and save them, and they >> worked fine even filling in all the data that should have been there. >> This almost seemed like the data being returned by the server was >> flawed somehow, and confusing the webui, but once it was forced to >> have the right data and re-saved it worked fine subsequently. >> >> I looked at the output of "ipa user-show --all --raw" both >> before and after making such changes on a user, and can detect no >> difference between them. >> >> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy >> wrote: >>> On to, 19 tammi 2017, Steve Huston wrote: On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy wrote: > > In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client > side plugins into different paths (ipaserver/plugins and > ipaclient/plugins instead of being common in ipalib/plugins). The client > code was also changed to always read metadata about API from the server > side. This means the client can adopt to any server version that > supports API metadata. Right, and I think that the most of the plugin I had belongs server-side; in fact, that's where I migrated it to, and things work fine. I haven't tested if I can change those values with the cli, but I'm less concerned about that at the moment. > In my sample external
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Just tested again, and this is still baffling: * Create a stage user with the right data, works fine, can be edited. * Enable that user, and now the two fields ('manager' and 'employeeType') appear to have bogus data in the UI, and I cannot save the page without changing them to something else. * Once that user is saved, the "Employee Information" facet moves to the right side of the page, and now shows not only the current data in the manager drop down but also the other choices (uids). Change the value of manager and employeetype back to what they were previously and it saves. * An ldapsearch run when the user is first created (as the directory manager), and after having two edits (one to change the values to something else to let the webui save them, and one to change them back to what they should be and were the first time) produce completely identical results. * The output of "ipa user-show --all --raw" is also identical at those same steps. So something, somewhere, is being saved in a way that prevents the webui from displaying them properly, that gets fixed when those values are manually changed via the webui. On Thu, Jan 19, 2017 at 2:44 PM, Steve Hustonwrote: > Even more interesting... > > I tried to modify one of the records that was not displaying properly > in the "active users" group, and sure enough the webui complained that > the "Requested By" (relabeled "manager") field was not filled in since > it was blank. It also, however, complained that the "User tier" > (relabeled "employeetype") was incorrect, even though it showed the > label associated with the value 1. I clicked the search drop-down for > manager, typed in my own uid, and even though everything had been > blank in the drop down before now my uid showed up. I clicked on it, > and my uid was now in the manager field. I then clicked the drop down > for employeetype, and chose one of the other options. I was now able > to save the changes to the record. > > Upon reloading the page, the "Employee Information" facet now shoed up > on the right side bottom, instead of the left side bottom where it was > appearing. I was also now able to change the drop-down fields for > manager and employeetype to another value, and save them, and they > worked fine even filling in all the data that should have been there. > This almost seemed like the data being returned by the server was > flawed somehow, and confusing the webui, but once it was forced to > have the right data and re-saved it worked fine subsequently. > > I looked at the output of "ipa user-show --all --raw" both > before and after making such changes on a user, and can detect no > difference between them. > > On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy > wrote: >> On to, 19 tammi 2017, Steve Huston wrote: >>> >>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy >>> wrote: In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client side plugins into different paths (ipaserver/plugins and ipaclient/plugins instead of being common in ipalib/plugins). The client code was also changed to always read metadata about API from the server side. This means the client can adopt to any server version that supports API metadata. >>> >>> >>> Right, and I think that the most of the plugin I had belongs >>> server-side; in fact, that's where I migrated it to, and things work >>> fine. I haven't tested if I can change those values with the cli, but >>> I'm less concerned about that at the moment. >>> In my sample external plugin you referenced above you can see that I have client-side change that replaces an input string by a file reference so that a file can supplied instead of typing the content of the file on the command line. This is one of most used patterns for client side plugins. >>> >>> >>> In this case, my biggest problem is with the web UI. The 'manager' >>> drop down (which I have renamed through the UI plugins to "Requested >>> By" to show what user requested and is responsible for this account) >>> works fine in the 'add/modify stageuser' context, but not at all in >>> the adduser/moduser context, and I can't seem to find out why. >> >> I'll defer answer for this to our web UI wizards but they would need to >> see your code to help, I'd guess. >> >> -- >> / Alexander Bokovoy > > > > -- > Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci > Princeton University |ICBM Address: 40.346344 -74.652242 > 345 Lewis Library |"On my ship, the Rocinante, wheeling through > Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, > (267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1' -- Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci Princeton University |ICBM Address: 40.346344 -74.652242 345 Lewis Library |"On my ship,
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Even more interesting... I tried to modify one of the records that was not displaying properly in the "active users" group, and sure enough the webui complained that the "Requested By" (relabeled "manager") field was not filled in since it was blank. It also, however, complained that the "User tier" (relabeled "employeetype") was incorrect, even though it showed the label associated with the value 1. I clicked the search drop-down for manager, typed in my own uid, and even though everything had been blank in the drop down before now my uid showed up. I clicked on it, and my uid was now in the manager field. I then clicked the drop down for employeetype, and chose one of the other options. I was now able to save the changes to the record. Upon reloading the page, the "Employee Information" facet now shoed up on the right side bottom, instead of the left side bottom where it was appearing. I was also now able to change the drop-down fields for manager and employeetype to another value, and save them, and they worked fine even filling in all the data that should have been there. This almost seemed like the data being returned by the server was flawed somehow, and confusing the webui, but once it was forced to have the right data and re-saved it worked fine subsequently. I looked at the output of "ipa user-show --all --raw" both before and after making such changes on a user, and can detect no difference between them. On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoywrote: > On to, 19 tammi 2017, Steve Huston wrote: >> >> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy >> wrote: >>> >>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client >>> side plugins into different paths (ipaserver/plugins and >>> ipaclient/plugins instead of being common in ipalib/plugins). The client >>> code was also changed to always read metadata about API from the server >>> side. This means the client can adopt to any server version that >>> supports API metadata. >> >> >> Right, and I think that the most of the plugin I had belongs >> server-side; in fact, that's where I migrated it to, and things work >> fine. I haven't tested if I can change those values with the cli, but >> I'm less concerned about that at the moment. >> >>> In my sample external plugin you referenced above you can see that I >>> have client-side change that replaces an input string by a file >>> reference so that a file can supplied instead of typing the content of >>> the file on the command line. This is one of most used patterns for >>> client side plugins. >> >> >> In this case, my biggest problem is with the web UI. The 'manager' >> drop down (which I have renamed through the UI plugins to "Requested >> By" to show what user requested and is responsible for this account) >> works fine in the 'add/modify stageuser' context, but not at all in >> the adduser/moduser context, and I can't seem to find out why. > > I'll defer answer for this to our web UI wizards but they would need to > see your code to help, I'd guess. > > -- > / Alexander Bokovoy -- Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci Princeton University |ICBM Address: 40.346344 -74.652242 345 Lewis Library |"On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1' -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
On to, 19 tammi 2017, Steve Huston wrote: On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoywrote: In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client side plugins into different paths (ipaserver/plugins and ipaclient/plugins instead of being common in ipalib/plugins). The client code was also changed to always read metadata about API from the server side. This means the client can adopt to any server version that supports API metadata. Right, and I think that the most of the plugin I had belongs server-side; in fact, that's where I migrated it to, and things work fine. I haven't tested if I can change those values with the cli, but I'm less concerned about that at the moment. In my sample external plugin you referenced above you can see that I have client-side change that replaces an input string by a file reference so that a file can supplied instead of typing the content of the file on the command line. This is one of most used patterns for client side plugins. In this case, my biggest problem is with the web UI. The 'manager' drop down (which I have renamed through the UI plugins to "Requested By" to show what user requested and is responsible for this account) works fine in the 'add/modify stageuser' context, but not at all in the adduser/moduser context, and I can't seem to find out why. I'll defer answer for this to our web UI wizards but they would need to see your code to help, I'd guess. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoywrote: > In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client > side plugins into different paths (ipaserver/plugins and > ipaclient/plugins instead of being common in ipalib/plugins). The client > code was also changed to always read metadata about API from the server > side. This means the client can adopt to any server version that > supports API metadata. Right, and I think that the most of the plugin I had belongs server-side; in fact, that's where I migrated it to, and things work fine. I haven't tested if I can change those values with the cli, but I'm less concerned about that at the moment. > In my sample external plugin you referenced above you can see that I > have client-side change that replaces an input string by a file > reference so that a file can supplied instead of typing the content of > the file on the command line. This is one of most used patterns for > client side plugins. In this case, my biggest problem is with the web UI. The 'manager' drop down (which I have renamed through the UI plugins to "Requested By" to show what user requested and is responsible for this account) works fine in the 'add/modify stageuser' context, but not at all in the adduser/moduser context, and I can't seem to find out why. -- Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci Princeton University |ICBM Address: 40.346344 -74.652242 345 Lewis Library |"On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1' -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Backend & UI plugin update for 4.4.x
Steve, On to, 19 tammi 2017, Steve Huston wrote: I'm running a RHEL derivative (Springdale Linux) and discovered that between 7.2 and 7.3 there were quite a few changes, one of which was the version of FreeIPA installed. Fortunately my server is still in the testing phase, and I hadn't finished things for deployment yet. I discovered that plugins changed drastically some time in 4.4.x, and seemed to have found how to modify the plugin I wrote to function again: http://www.astro.princeton.edu/~huston/astrocustom/ The basics are that we add puppetvar and owner to hosts, and the majority of changes are rebranding existing attributes to fit our environment better for the AAs that will have access to add stage users. So far, that is all working fine - on the add stage user pop-up, everything looks as expected, and on the mod stageuser page everything works there as well. However, I am trying to copy some of these changes to the regular user page, and finding they're not working at all; for example, the "manager" field works fine on the adduser pop-up, but on the moduser page it is blank and errors for not having a proper value set when trying to save changes. Interestingly the "employee type" (renamed "User tier") shows up fine, and it too was basically a copy from the mod stageuser section so I'm not sure why one works and one doesn't. It also seems most of the documentation I'd found previously to talk about writing plugins hasn't been updated for the new systems - I did find the pages at https://github.com/abbra/freeipa-desktop-profile/ but I wasn't able to follow them well or figure out how/if they applied to my case. In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client side plugins into different paths (ipaserver/plugins and ipaclient/plugins instead of being common in ipalib/plugins). The client code was also changed to always read metadata about API from the server side. This means the client can adopt to any server version that supports API metadata. In my sample external plugin you referenced above you can see that I have client-side change that replaces an input string by a file reference so that a file can supplied instead of typing the content of the file on the command line. This is one of most used patterns for client side plugins. We haven't yet qualified FreeIPA Python API for plugins as supported one. One of reasons is that we continue shaping it up and we still lack proper documentation for them. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project