[Freeipa-devel] External plugin integration
Martin Basti
mbasti at redhat.com
Fri Aug 5 11:29:03 UTC 2016
On 04.08.2016 17:49, Alexander Bokovoy wrote:
> Hi!
>
> I've stumbled into an interesting problem.
>
> Suppose, I have a plugin that adds schema and a subtree where entries it
> manages will be stored. This subtree will have ACIs applied based on the
> plugin permissions' configuration. Now, I put schema file in
> /usr/ipa/share, and updates file in /usr/share/ipa/updates, and also add
> plugin code to the ipaserver/plugins/ (let's say, rpm does it for me).
> Next, I want to install IPA server. The install will run through up to
> server upgrade phase which will fail because generation of ACIs will
> reference schema attributes/classes which aren't loaded to the dirsrv by
> installer. How to solve it?
> Installer uses hard-coded list of schema files and this is a third-party
> plugin, it needs to extend the list of active schema files.
>
> If we can define a place where third-party plugins could drop schema and
> we just load everything from there before processing updates, it would
> probably be enough.
>
TLDR: you don't without modifications in current IPA code, or it will be
huge hack
I think, this is a part of "Support of 3rd party plugins" effort, but it
has not been designed yet. I would like to avoid any ad-hoc solution.
Maybe we should create a desing page and gathering requirements, you
have a lot of them already :).
Martin^2
More information about the Freeipa-devel
mailing list