Re: [Freeipa-users] add solaris attribiutes to IPA
On 28.7.2014 18:23, mohammad sereshki wrote:
Dear Petr
I'm using below rpm, in redhat/centos linux
ipa-server-3.0.0-25.el6.x86_64
In 3.0 it is possible, but quite difficult. You would have to add new
entity (ipa object code to /share/ipa/ui/ext/extension.js and somehow
hack navigation. I don't have any examples. It is slightly easier if you
don't mind changing files owned by ipa-server rpm but that is usually a
bad thing to do.
These inconveniences were the reason to implement the new plugin system
along with refactorization of navigation. IPA 3.3+ is present in Fedora
and RHEL/CentOS 7.
From: Petr Vobornik
To: mohammad sereshki ; Rob Crittenden ;
"freeipa-users@redhat.com"
Sent: Monday, July 28, 2014 8:10 PM
Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
On 28.7.2014 16:21, mohammad sereshki wrote:
Dear
yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP
then we can add it as default parameter of user and configure it to set RBAC
(role access)
if you want I can share the commands with you.
but I want to know how can we change WEBUI to configure solarisuserattr
through web interface.
anyway I had done it through command line.
Which version of FreeIPA or IdM are we talking about? In older version
it's quite difficult. Web UI in IPA 3.3+ has a new plugin system. The
slides [3] which Martin sent in the first reply covers how to extend
existing page, but one can also add completely new page and a menu item.
Some time ago I wrote example plugin [1] (not sure if it still works)
which replaces user details page in self-service mode with new more
simple one. It shows how to add/delete menu items.
To implement new pages, one can take inspiration from core FreeIPA code.
The simplest page is probably Radius Server Proxy [2]. The only
differences are that core plugins have menu items defined on one place
somewhere else and that, when one refers to UI module, he has to use
absolute module name ('freeipa/text/') instead of a relative one ('./text').
[1] https://pvoborni.fedorapeople.org/plugins/simpleuser/simpleuser.js
[2]
https://git.fedorahosted.org/cgit/freeipa.git/tree/install/ui/src/freeipa/radiusproxy.js
Other sources:
[3] http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
[4] http://pvoborni.fedorapeople.org/doc/#!/guide/Plugins
From: Rob Crittenden
To: mohammad sereshki ; "freeipa-users@redhat.com"
Sent: Monday, July 28, 2014 6:45 PM
Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
mohammad sereshki wrote:
hi
Would you please let me know who can i add
/etc/user_attr,prof_attr,projet,auth_attr to IPA ?
Iwant to configure RBAC solaris on IPA .
Thanks
There is probably a way to do this in LDAP but it isn't something that
IPA provides.
When IPA started there was no common access control mechanism across
*nixes. We looked at the available options and ended up rolling our own
which we called HBAC.
rob
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
Dear Petr
I'm using below rpm, in redhat/centos linux
ipa-server-3.0.0-25.el6.x86_64
From: Petr Vobornik
To: mohammad sereshki ; Rob Crittenden
; "freeipa-users@redhat.com"
Sent: Monday, July 28, 2014 8:10 PM
Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
On 28.7.2014 16:21, mohammad sereshki wrote:
> Dear
>
> yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP
> then we can add it as default parameter of user and configure it to set RBAC
> (role access)
> if you want I can share the commands with you.
> but I want to know how can we change WEBUI to configure solarisuserattr
> through web interface.
> anyway I had done it through command line.
Which version of FreeIPA or IdM are we talking about? In older version
it's quite difficult. Web UI in IPA 3.3+ has a new plugin system. The
slides [3] which Martin sent in the first reply covers how to extend
existing page, but one can also add completely new page and a menu item.
Some time ago I wrote example plugin [1] (not sure if it still works)
which replaces user details page in self-service mode with new more
simple one. It shows how to add/delete menu items.
To implement new pages, one can take inspiration from core FreeIPA code.
The simplest page is probably Radius Server Proxy [2]. The only
differences are that core plugins have menu items defined on one place
somewhere else and that, when one refers to UI module, he has to use
absolute module name ('freeipa/text/') instead of a relative one ('./text').
[1] https://pvoborni.fedorapeople.org/plugins/simpleuser/simpleuser.js
[2]
https://git.fedorahosted.org/cgit/freeipa.git/tree/install/ui/src/freeipa/radiusproxy.js
Other sources:
[3] http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
[4] http://pvoborni.fedorapeople.org/doc/#!/guide/Plugins
>
>
>
>
> From: Rob Crittenden
> To: mohammad sereshki ;
> "freeipa-users@redhat.com"
> Sent: Monday, July 28, 2014 6:45 PM
> Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
>
>
> mohammad sereshki wrote:
>
>
>
>> hi
>> Would you please let me know who can i add
>> /etc/user_attr,prof_attr,projet,auth_attr to IPA ?
>> Iwant to configure RBAC solaris on IPA .
>> Thanks
>
> There is probably a way to do this in LDAP but it isn't something that
> IPA provides.
>
> When IPA started there was no common access control mechanism across
> *nixes. We looked at the available options and ended up rolling our own
> which we called HBAC.
>
> rob
>
>
>
--
Petr Vobornik--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
On 28.7.2014 16:21, mohammad sereshki wrote:
Dear
yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP
then we can add it as default parameter of user and configure it to set RBAC
(role access)
if you want I can share the commands with you.
but I want to know how can we change WEBUI to configure solarisuserattr
through web interface.
anyway I had done it through command line.
Which version of FreeIPA or IdM are we talking about? In older version
it's quite difficult. Web UI in IPA 3.3+ has a new plugin system. The
slides [3] which Martin sent in the first reply covers how to extend
existing page, but one can also add completely new page and a menu item.
Some time ago I wrote example plugin [1] (not sure if it still works)
which replaces user details page in self-service mode with new more
simple one. It shows how to add/delete menu items.
To implement new pages, one can take inspiration from core FreeIPA code.
The simplest page is probably Radius Server Proxy [2]. The only
differences are that core plugins have menu items defined on one place
somewhere else and that, when one refers to UI module, he has to use
absolute module name ('freeipa/text/') instead of a relative one ('./text').
[1] https://pvoborni.fedorapeople.org/plugins/simpleuser/simpleuser.js
[2]
https://git.fedorahosted.org/cgit/freeipa.git/tree/install/ui/src/freeipa/radiusproxy.js
Other sources:
[3] http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
[4] http://pvoborni.fedorapeople.org/doc/#!/guide/Plugins
From: Rob Crittenden
To: mohammad sereshki ; "freeipa-users@redhat.com"
Sent: Monday, July 28, 2014 6:45 PM
Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
mohammad sereshki wrote:
hi
Would you please let me know who can i add
/etc/user_attr,prof_attr,projet,auth_attr to IPA ?
Iwant to configure RBAC solaris on IPA .
Thanks
There is probably a way to do this in LDAP but it isn't something that
IPA provides.
When IPA started there was no common access control mechanism across
*nixes. We looked at the available options and ended up rolling our own
which we called HBAC.
rob
--
Petr Vobornik
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
Dear yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP then we can add it as default parameter of user and configure it to set RBAC (role access) if you want I can share the commands with you. but I want to know how can we change WEBUI to configure solarisuserattr through web interface. anyway I had done it through command line. From: Rob Crittenden To: mohammad sereshki ; "freeipa-users@redhat.com" Sent: Monday, July 28, 2014 6:45 PM Subject: Re: [Freeipa-users] add solaris attribiutes to IPA mohammad sereshki wrote: > hi > Would you please let me know who can i add > /etc/user_attr,prof_attr,projet,auth_attr to IPA ? > Iwant to configure RBAC solaris on IPA . > Thanks There is probably a way to do this in LDAP but it isn't something that IPA provides. When IPA started there was no common access control mechanism across *nixes. We looked at the available options and ended up rolling our own which we called HBAC. rob-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
thanks Martin From: Martin Kosek To: mohammad sereshki ; "freeipa-users@redhat.com" Sent: Monday, July 28, 2014 6:28 PM Subject: Re: [Freeipa-users] add solaris attribiutes to IPA Ok. There was a pretty long discussion in Feb 2013, people talking about the schema and required development work: http://www.redhat.com/archives/freeipa-users/2013-February/msg00216.html Good reading. Though AFAIK, it did not end up in a finished FreeIPA plugin that would resolve your request. Maybe other Solaris users on this list have other some advise how to integrate Solaris RBAC. Martin On 07/28/2014 03:48 PM, mohammad sereshki wrote: > thanks, but Iwant to know how can Iimplement solaris RBAC in IPA. > Also how can Icreate new plugin to do it through webUI not through LDAP > command line. > > > > > From: Martin Kosek > To: mohammad sereshki ; > "freeipa-users@redhat.com" > Sent: Monday, July 28, 2014 6:06 PM > Subject: Re: [Freeipa-users] add solaris attribiutes to IPA > > > On 07/27/2014 10:36 PM, mohammad sereshki wrote: > > > >> hi >> Would you please let me know who can i add >> /etc/user_attr,prof_attr,projet,auth_attr to IPA ? >> Iwant to configure RBAC solaris on IPA . >> Thanks > > Would upstream documentation on how to extend FreeIPA server&CLI&WebUI help? > > http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf > > Martin > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
mohammad sereshki wrote: > hi > Would you please let me know who can i add > /etc/user_attr,prof_attr,projet,auth_attr to IPA ? > Iwant to configure RBAC solaris on IPA . > Thanks There is probably a way to do this in LDAP but it isn't something that IPA provides. When IPA started there was no common access control mechanism across *nixes. We looked at the available options and ended up rolling our own which we called HBAC. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
thanks, but Iwant to know how can Iimplement solaris RBAC in IPA. Also how can Icreate new plugin to do it through webUI not through LDAP command line. From: Martin Kosek To: mohammad sereshki ; "freeipa-users@redhat.com" Sent: Monday, July 28, 2014 6:06 PM Subject: Re: [Freeipa-users] add solaris attribiutes to IPA On 07/27/2014 10:36 PM, mohammad sereshki wrote: > hi > Would you please let me know who can i add > /etc/user_attr,prof_attr,projet,auth_attr to IPA ? > Iwant to configure RBAC solaris on IPA . > Thanks Would upstream documentation on how to extend FreeIPA server&CLI&WebUI help? http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf Martin-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
Ok. There was a pretty long discussion in Feb 2013, people talking about the schema and required development work: http://www.redhat.com/archives/freeipa-users/2013-February/msg00216.html Good reading. Though AFAIK, it did not end up in a finished FreeIPA plugin that would resolve your request. Maybe other Solaris users on this list have other some advise how to integrate Solaris RBAC. Martin On 07/28/2014 03:48 PM, mohammad sereshki wrote: > thanks, but Iwant to know how can Iimplement solaris RBAC in IPA. > Also how can Icreate new plugin to do it through webUI not through LDAP > command line. > > > > > From: Martin Kosek > To: mohammad sereshki ; > "freeipa-users@redhat.com" > Sent: Monday, July 28, 2014 6:06 PM > Subject: Re: [Freeipa-users] add solaris attribiutes to IPA > > > On 07/27/2014 10:36 PM, mohammad sereshki wrote: > > > >> hi >> Would you please let me know who can i add >> /etc/user_attr,prof_attr,projet,auth_attr to IPA ? >> Iwant to configure RBAC solaris on IPA . >> Thanks > > Would upstream documentation on how to extend FreeIPA server&CLI&WebUI help? > > http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf > > Martin > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] add solaris attribiutes to IPA
On 07/27/2014 10:36 PM, mohammad sereshki wrote: > hi > Would you please let me know who can i add > /etc/user_attr,prof_attr,projet,auth_attr to IPA ? > Iwant to configure RBAC solaris on IPA . > Thanks Would upstream documentation on how to extend FreeIPA server&CLI&WebUI help? http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
