Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-19 Thread Alexander Bokovoy 

On to, 19 tammi 2017, Sandor Juhasz wrote:

I think
ipa permission-mod "System: Read Groups" --includedattrs=mail 
--includedattrs=displayname
solved my issue.

Yep, that's one solution.


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-19 Thread Sandor Juhasz 
I think 
ipa permission-mod "System: Read Groups" --includedattrs=mail 
--includedattrs=displayname 
solved my issue. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuh...@chemaxon.com> 
To: "Alexander Bokovoy" <aboko...@redhat.com> 
Cc: freeipa-users@redhat.com 
Sent: Thursday, January 19, 2017 3:31:58 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

Most probably i don't. At least i have never created one, neither did this 
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
refer anything like that. 

How do i do it? 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Alexander Bokovoy" <aboko...@redhat.com> 
To: "Sandor Juhasz" <sjuh...@chemaxon.com> 
Cc: freeipa-users@redhat.com 
Sent: Thursday, January 19, 2017 3:22:34 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

On to, 19 tammi 2017, Sandor Juhasz wrote: 
>One more issue. Service user cannot see the new attribute. It does see the 
>objectclass. 
> 
>ldif: 
>dn: cn=schema 
>changetype: modify 
>add: objectclasses 
>objectclasses: ( 1.3.6.1.4.1.49232.1.1 
>NAME 'groupMail' 
>SUP top 
>STRUCTURAL 
>MAY ( mail $ displayname ) 
>X-ORIGIN 'Extending FreeIPA' ) 
> 
>Service user: 
>uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 
> 
>Regular user: 
>uid=admin,cn=users,cn=accounts,dc=test,dc=tld 
admin is not a regular user. 

>They both see objectclass=groupmail, but uid=googlesync does not birng back 
>mail and displyaname, while using ldapsearch. 
Do you have an ACI that allows to actually see the attribute? 

-- 
/ Alexander Bokovoy 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-19 Thread Sandor Juhasz 
Most probably i don't. At least i have never created one, neither did this 
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
refer anything like that. 

How do i do it? 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Alexander Bokovoy" <aboko...@redhat.com> 
To: "Sandor Juhasz" <sjuh...@chemaxon.com> 
Cc: freeipa-users@redhat.com 
Sent: Thursday, January 19, 2017 3:22:34 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

On to, 19 tammi 2017, Sandor Juhasz wrote: 
>One more issue. Service user cannot see the new attribute. It does see the 
>objectclass. 
> 
>ldif: 
>dn: cn=schema 
>changetype: modify 
>add: objectclasses 
>objectclasses: ( 1.3.6.1.4.1.49232.1.1 
>NAME 'groupMail' 
>SUP top 
>STRUCTURAL 
>MAY ( mail $ displayname ) 
>X-ORIGIN 'Extending FreeIPA' ) 
> 
>Service user: 
>uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 
> 
>Regular user: 
>uid=admin,cn=users,cn=accounts,dc=test,dc=tld 
admin is not a regular user. 

>They both see objectclass=groupmail, but uid=googlesync does not birng back 
>mail and displyaname, while using ldapsearch. 
Do you have an ACI that allows to actually see the attribute? 

-- 
/ Alexander Bokovoy 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-19 Thread Alexander Bokovoy 

On to, 19 tammi 2017, Sandor Juhasz wrote:

One more issue. Service user cannot see the new attribute. It does see the 
objectclass.

ldif:
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 1.3.6.1.4.1.49232.1.1
NAME 'groupMail'
SUP top
STRUCTURAL
MAY ( mail $ displayname )
X-ORIGIN 'Extending FreeIPA' )

Service user:
uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld

Regular user:
uid=admin,cn=users,cn=accounts,dc=test,dc=tld

admin is not a regular user.


They both see objectclass=groupmail, but uid=googlesync does not birng back
mail and displyaname, while using ldapsearch.

Do you have an ACI that allows to actually see the attribute?

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-19 Thread Sandor Juhasz 
One more issue. Service user cannot see the new attribute. It does see the 
objectclass. 

ldif: 
dn: cn=schema 
changetype: modify 
add: objectclasses 
objectclasses: ( 1.3.6.1.4.1.49232.1.1 
NAME 'groupMail' 
SUP top 
STRUCTURAL 
MAY ( mail $ displayname ) 
X-ORIGIN 'Extending FreeIPA' ) 

Service user: 
uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 

Regular user: 
uid=admin,cn=users,cn=accounts,dc=test,dc=tld 

They both see objectclass=groupmail, but uid=googlesync does not birng back 
mail and displyaname, while using ldapsearch. 


Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuh...@chemaxon.com> 
To: "Petr Vobornik" <pvobo...@redhat.com> 
Cc: freeipa-users@redhat.com 
Sent: Wednesday, January 11, 2017 3:26:41 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

It is fixed. The location was fine. We had to do some digging there. 
The group module works different than the user and is giving 
var section = get_item(facet.sections, 'name', 'details'); 
instead of 
var section = get_item(facet.sections, 'name', 'identity'); 
as the user would do. 

Yup figured that index generation is auto. 

So all check, all happy in the end. 
Thx. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Petr Vobornik" <pvobo...@redhat.com> 
To: "Sandor Juhasz" <sjuh...@chemaxon.com>, "Ludwig Krispenz" 
<lkris...@redhat.com> 
Cc: freeipa-users@redhat.com 
Sent: Wednesday, January 11, 2017 3:04:09 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

On 01/11/2017 01:58 PM, Sandor Juhasz wrote: 
> Ok, 
> 
> OID - check 
> ldapmodify - check 
> python scripts - check 
> These works on both ipa 3.x and ipa 4.x. 
> So the basic functionality is there for the new object class. 
> 
> js - i am stuck with, i have created the js files for the plugin, see below. 
> 
> But i don't know how to generate the the index. Also i might be completely 
> wrong. 
> 
> On ipa 3.x the js files are there, most probably the groups.js would exist as 
> i 
> expect it. 
> But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is 
> there. 

You don't need to generate plugin index, it is generated automatically. 

Just: 
mkdir /usr/share/ipa/ui/js/plugins/myplugin 
cp myplugin.js /usr/share/ipa/ui/js/plugins/myplugin 

It should be automatically picked up by Web UI. 

It will work only in RHEL 7/CentOS 7(FreeIPA 3.3+). Not RHEL 6(sort of 
3.0/3.1/3.2) 

On RHEL 6, there is /usr/share/ipa/ui/ext/extension.js which can contain 
custom content to extend UI, but writing a plugin for it is much more 
complicated so I'd rather avoid it. 

> 
> Here is the plugin, i am trying to use: 
> define([ 
> 'freeipa/phases', 
> 'freeipa/group'], 
> function(phases, group_mod) { 
> // helper function 
> function get_item(array, attr, value) { 
> for (var i=0,l=array.length; i<l; i++) { 
> if (array[i][attr] === value) return array[i]; 
> } 
> return null; 
> } 
> var groupmail_plugin = {}; 
> // adds 'mail' field into group details facet 
> groupmail_plugin.add_group_mail_pre_op = function() { 
> var facet = get_item(group_mod.entity_spec.facets, '$type', 'details'); 
> var section = get_item(facet.sections, 'name', 'identity'); 
> section.fields.push({ 
> name: 'mail', 
> label: 'Mail' 
> }); 
> return true; 
> }; 
> phases.on('customization', groupmail_plugin.add_group_mail_pre_op); 
> return groupmail_plugin; 
> }); 
> 
> 
> *Sándor Juhász* 
> System Administrator 
> *ChemAxon**Ltd*. 
> Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
> Cell: +36704258964 
> 
> ----------------------------
>  
> *From: *"Brian Candler" <b.cand...@pobox.com> 
> *To: *"Sandor Juhasz" <sjuh...@chemaxon.com> 
> *Cc: *freeipa-users@redhat.com 
> *Sent: *Monday, January 2, 2017 6:41:02 PM 
> *Subject: *Re: [Freeipa-users] modify schema - add group email and display 
> attribute 
> 
> On 02/01/2017 11:53, Sandor Juhasz wrote: 
> > I would be really happy if anybody could assign an OID for the new 
> > objectcalss 
> 
> You can get your own enterprise OID for free from here: 
> 
> http://pen.iana.org/pen/PenApplication.page 
> 
> Note that you only get one, so it's up to you to subdivide the space. 
> For example: if you get 1.3.6.1.4.1.9, then you might decide to use: 
> 
> 1.3.6.1.4.1.9.1 = LDAP object classes 
> 
> 1.3.6.1.4.1.9.1.1

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-11 Thread Petr Vobornik 
On 01/11/2017 01:58 PM, Sandor Juhasz wrote:
> Ok,
> 
> OID - check
> ldapmodify - check
> python scripts - check
> These works on both ipa 3.x and ipa 4.x.
> So the basic functionality is there for the new object class.
> 
> js - i am stuck with, i have created the js files for the plugin, see below.
> 
> But i don't know how to generate the the index. Also i might be completely 
> wrong.
> 
> On ipa 3.x the js files are there, most probably the groups.js would exist as 
> i 
> expect it.
> But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is 
> there.

You don't need to generate plugin index, it is generated automatically.

Just:
  mkdir /usr/share/ipa/ui/js/plugins/myplugin
  cp myplugin.js /usr/share/ipa/ui/js/plugins/myplugin

It should be automatically picked up by Web UI.

It will work only in RHEL 7/CentOS 7(FreeIPA 3.3+). Not RHEL 6(sort of
3.0/3.1/3.2)

On RHEL 6, there is /usr/share/ipa/ui/ext/extension.js which can contain
custom content to extend UI, but writing a plugin for it is much more
complicated so I'd rather avoid it.

> 
> Here is the plugin, i am trying to use:
> define([
>'freeipa/phases',
>'freeipa/group'],
>function(phases, group_mod) {
> // helper function
>  function get_item(array, attr, value) {
>for (var i=0,l=array.length; i<l; i++) {
>  if (array[i][attr] === value) return array[i];
>}
>return null;
>  }
>  var groupmail_plugin = {};
> // adds 'mail' field into group details facet
>  groupmail_plugin.add_group_mail_pre_op = function() {
>var facet = get_item(group_mod.entity_spec.facets, '$type', 'details');
>var section = get_item(facet.sections, 'name', 'identity');
>section.fields.push({
>  name: 'mail',
>  label: 'Mail'
>});
>return true;
>  };
>  phases.on('customization', groupmail_plugin.add_group_mail_pre_op);
>  return groupmail_plugin;
> });
> 
> 
> *Sándor Juhász*
> System Administrator
> *ChemAxon**Ltd*.
> Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
> Cell: +36704258964
> 
> 
> *From: *"Brian Candler" <b.cand...@pobox.com>
> *To: *"Sandor Juhasz" <sjuh...@chemaxon.com>
> *Cc: *freeipa-users@redhat.com
> *Sent: *Monday, January 2, 2017 6:41:02 PM
> *Subject: *Re: [Freeipa-users] modify schema - add group email and display 
> attribute
> 
> On 02/01/2017 11:53, Sandor Juhasz wrote:
>  > I would be really happy if anybody could assign an OID for the new
>  > objectcalss
> 
> You can get your own enterprise OID for free from here:
> 
> http://pen.iana.org/pen/PenApplication.page
> 
> Note that you only get one, so it's up to you to subdivide the space.
> For example: if you get 1.3.6.1.4.1.9, then you might decide to use:
> 
> 1.3.6.1.4.1.9.1 = LDAP object classes
> 
> 1.3.6.1.4.1.9.1.1 = myMailObjectClass
> 
> 1.3.6.1.4.1.9.1.2 = someOtherObjectClass
> 
> 1.3.6.1.4.1.9.2 = LDAP attributes
> 
> 1.3.6.1.4.1.9.2.1 = mySpecialAttribute
> 
> then later you can assign under 1.3.6.1.4.1.9.3 for something else
> that needs OIDs (e.g. SNMP MIBs) and so on.
> 
> 
> 


-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-11 Thread Sandor Juhasz 
Ok, 

OID - check 
ldapmodify - check 
python scripts - check 
These works on both ipa 3.x and ipa 4.x. 
So the basic functionality is there for the new object class. 

js - i am stuck with, i have created the js files for the plugin, see below. 

But i don't know how to generate the the index. Also i might be completely 
wrong. 

On ipa 3.x the js files are there, most probably the groups.js would exist as i 
expect it. 
But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is 
there. 

Here is the plugin, i am trying to use: 
define([ 
'freeipa/phases', 
'freeipa/group'], 
function(phases, group_mod) { 
// helper function 
function get_item(array, attr, value) { 
for (var i=0,l=array.length; i<l; i++) { 
if (array[i][attr] === value) return array[i]; 
} 
return null; 
} 
var groupmail_plugin = {}; 
// adds 'mail' field into group details facet 
groupmail_plugin.add_group_mail_pre_op = function() { 
var facet = get_item(group_mod.entity_spec.facets, '$type', 'details'); 
var section = get_item(facet.sections, 'name', 'identity'); 
section.fields.push({ 
name: 'mail', 
label: 'Mail' 
}); 
return true; 
}; 
phases.on('customization', groupmail_plugin.add_group_mail_pre_op); 
return groupmail_plugin; 
}); 


Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Brian Candler" <b.cand...@pobox.com> 
To: "Sandor Juhasz" <sjuh...@chemaxon.com> 
Cc: freeipa-users@redhat.com 
Sent: Monday, January 2, 2017 6:41:02 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

On 02/01/2017 11:53, Sandor Juhasz wrote: 
> I would be really happy if anybody could assign an OID for the new 
> objectcalss 

You can get your own enterprise OID for free from here: 

http://pen.iana.org/pen/PenApplication.page 

Note that you only get one, so it's up to you to subdivide the space. 
For example: if you get 1.3.6.1.4.1.9, then you might decide to use: 

1.3.6.1.4.1.9.1 = LDAP object classes 

1.3.6.1.4.1.9.1.1 = myMailObjectClass 

1.3.6.1.4.1.9.1.2 = someOtherObjectClass 

1.3.6.1.4.1.9.2 = LDAP attributes 

1.3.6.1.4.1.9.2.1 = mySpecialAttribute 

then later you can assign under 1.3.6.1.4.1.9.3 for something else 
that needs OIDs (e.g. SNMP MIBs) and so on. 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-02 Thread Brian Candler 

On 02/01/2017 11:53, Sandor Juhasz wrote:
I would be really happy if anybody could assign an OID for the new 
objectcalss


You can get your own enterprise OID for free from here:

http://pen.iana.org/pen/PenApplication.page

Note that you only get one, so it's up to you to subdivide the space. 
For example: if you get 1.3.6.1.4.1.9, then you might decide to use:


1.3.6.1.4.1.9.1 = LDAP object classes

1.3.6.1.4.1.9.1.1 = myMailObjectClass

1.3.6.1.4.1.9.1.2 = someOtherObjectClass

1.3.6.1.4.1.9.2 = LDAP attributes

1.3.6.1.4.1.9.2.1 = mySpecialAttribute

then later you can assign under 1.3.6.1.4.1.9.3 for something else 
that needs OIDs (e.g. SNMP MIBs) and so on.


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2017-01-02 Thread Sandor Juhasz 
I would be really happy if anybody could assign an OID for the new objectcalss 
i want to use to store group mail and displayname attributes. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuh...@chemaxon.com> 
To: "Ludwig Krispenz" <lkris...@redhat.com> 
Cc: freeipa-users@redhat.com 
Sent: Wednesday, December 21, 2016 4:39:32 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

That would be perfect solution. 

How do i do it? 

ldapmodify: 
dn: cn=schema 
changetype: modify 
add: objectclasses 
objectclasses: (  
NAME 'googleGroup' SUP groupofnames 
STRUCTURAL 
MAY ( mail $ displayname ) 
X-ORIGIN 'Extending FreeIPA' ) 

What to use for ? 

Then i just 
ipa config-mod --addattr=ipaGroupObjectClasses=googleGroup 

Then groupmail.py 
from ipalib.plugins import group 
from ipalib.parameters import Str 
from ipalib import _ 

group.group.takes_params = group.group.takes_params + ( 
Str('mail?', 
cli_name='mail', 
label=_('mail'), 
), 
) 
group.group.default_attributes.append('mail') 

Then groupdisplayname.py 
from ipalib.plugins import group 
from ipalib.parameters import Str 
from ipalib import _ 


group.group.takes_params = group.group.takes_params + ( 
Str('displayname?', 
cli_name='displayname', 
label=_('dispalayname'), 
), 
) 
group.group.default_attributes.append('displayname') 

And finally update js somehow... 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Ludwig Krispenz" <lkris...@redhat.com> 
To: freeipa-users@redhat.com 
Sent: Wednesday, December 21, 2016 3:34:03 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 


On 12/21/2016 02:07 PM, Sandor Juhasz wrote: 



Hi, 

i would like to modify schema to have group objects extended with email and 
display name attribute. 
The reason is that we are trying to sync our ldap to our google apps. 

I don't know how much this doc 
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
can be applied to groups. Neither did i find a supported attribute syntax for 
email, maybe 
PrintableString 1.3.6.1.4.1.1466.115.121.1.58   For values 
which contain strings containing alphabetic, numeral, and select punctuation 
characters (as defined in RFC 4517 ). 
but i am not sure if that could hold email addresses. 


why don't you just use the mail attribute ? only define a new auxilliary 
objectclass allowing mail and displayname 

BQ_BEGIN


It would be pretty to have it exposed via ipalib and js plugins as well. 
If someone could help me out on extending schema, i would be really happy. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 



BQ_END

-- 
Red Hat GmbH, http://www.de.redhat.com/ , Registered seat: Grasbrunn, 
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2016-12-21 Thread Sandor Juhasz 
That would be perfect solution. 

How do i do it? 

ldapmodify: 
dn: cn=schema 
changetype: modify 
add: objectclasses 
objectclasses: (  
NAME 'googleGroup' SUP groupofnames 
STRUCTURAL 
MAY ( mail $ displayname ) 
X-ORIGIN 'Extending FreeIPA' ) 

What to use for ? 

Then i just 
ipa config-mod --addattr=ipaGroupObjectClasses=googleGroup 

Then groupmail.py 
from ipalib.plugins import group 
from ipalib.parameters import Str 
from ipalib import _ 

group.group.takes_params = group.group.takes_params + ( 
Str('mail?', 
cli_name='mail', 
label=_('mail'), 
), 
) 
group.group.default_attributes.append('mail') 

Then groupdisplayname.py 
from ipalib.plugins import group 
from ipalib.parameters import Str 
from ipalib import _ 


group.group.takes_params = group.group.takes_params + ( 
Str('displayname?', 
cli_name='displayname', 
label=_('dispalayname'), 
), 
) 
group.group.default_attributes.append('displayname') 

And finally update js somehow... 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Ludwig Krispenz" <lkris...@redhat.com> 
To: freeipa-users@redhat.com 
Sent: Wednesday, December 21, 2016 3:34:03 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 


On 12/21/2016 02:07 PM, Sandor Juhasz wrote: 



Hi, 

i would like to modify schema to have group objects extended with email and 
display name attribute. 
The reason is that we are trying to sync our ldap to our google apps. 

I don't know how much this doc 
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
can be applied to groups. Neither did i find a supported attribute syntax for 
email, maybe 
PrintableString 1.3.6.1.4.1.1466.115.121.1.58   For values 
which contain strings containing alphabetic, numeral, and select punctuation 
characters (as defined in RFC 4517 ). 
but i am not sure if that could hold email addresses. 


why don't you just use the mail attribute ? only define a new auxilliary 
objectclass allowing mail and displayname 

BQ_BEGIN


It would be pretty to have it exposed via ipalib and js plugins as well. 
If someone could help me out on extending schema, i would be really happy. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 



BQ_END

-- 
Red Hat GmbH, http://www.de.redhat.com/ , Registered seat: Grasbrunn, 
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] modify schema - add group email and display attribute

2016-12-21 Thread Ludwig Krispenz 


On 12/21/2016 02:07 PM, Sandor Juhasz wrote:

Hi,

i would like to modify schema to have group objects extended with 
email and display name attribute.

The reason is that we are trying to sync our ldap to our google apps.

I don't know how much this 
doc http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
can be applied to groups. Neither did i find a supported attribute 
syntax for email, maybe
PrintableString 	1.3.6.1.4.1.1466.115.121.1.58 	For values which 
contain strings containing alphabetic, numeral, and select punctuation 
characters (as defined in RFC 4517 ).


but i am not sure if that could hold email addresses.
why don't you just use the mail attribute ? only define a new auxilliary 
objectclass allowing mail and displayname


It would be pretty to have it exposed via ipalib and js plugins as well.
If someone could help me out on extending schema, i would be really happy.

*Sándor Juhász*
System Administrator
*ChemAxon**Ltd*.
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
Cell: +36704258964




--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project