[Freeipa-devel] External plugin integration
Alexander Bokovoy
abokovoy at redhat.com
Thu Aug 4 15:49:20 UTC 2016
Hi!
I've stumbled into an interesting problem.
Suppose, I have a plugin that adds schema and a subtree where entries it
manages will be stored. This subtree will have ACIs applied based on the
plugin permissions' configuration. Now, I put schema file in
/usr/ipa/share, and updates file in /usr/share/ipa/updates, and also add
plugin code to the ipaserver/plugins/ (let's say, rpm does it for me).
Next, I want to install IPA server. The install will run through up to
server upgrade phase which will fail because generation of ACIs will
reference schema attributes/classes which aren't loaded to the dirsrv by
installer. How to solve it?
Installer uses hard-coded list of schema files and this is a third-party
plugin, it needs to extend the list of active schema files.
If we can define a place where third-party plugins could drop schema and
we just load everything from there before processing updates, it would
probably be enough.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list