[Freeipa-users] extending FreeIPA

[Stephen Ingram]

On Fri, May 6, 2011 at 1:11 PM, Adam Young <ayoung at redhat.com> wrote:
> On 05/06/2011 08:49 AM, Simo Sorce wrote:
>>
>> On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
>>>
>>> I currently maintain a directory with MTA configuration data in it
>>> (among other items). I'm wondering what is the best way to add to the
>>> FreeIPA schema without stepping on current and future schema additions
>>> that might conflict with what I add. I know at one time you were
>>> expecting to add information for Postfix and other common server
>>> programs. Was this schema ever prepared and agreed upon, or is it best
>>> to use some special branch to put this all under?
>>
>> Ok it seem we are confusing 2 things here, on one side schema extensions
>> (new attributes and objectclasses) and on the other side DIT structure
>> (subtrees within the tree where to put your information).
>>
>> If you use standard schema or schema you made yourself after you got
>> assigned a base OID there should be no issue at all. if you do your own
>> schema please be careful in trying to use a prefix for attribute and
>> objectclass names so that you do not risk future name conflicts).
>>
>> For the DIT part it really depends on what you need to do.
>> If you just need to add attributes to users then you have no other
>> option but to attach them to the users and that's fine it shouldn't
>> cause any issue.
>>
>> If you need to add entirely new objects I can suggest to create a
>> cn=custom container as a top level subtree (ie at the same level of
>> cn=accounts and cn=etc, ...
>>
>> And within it do what you need to do. This way it will not conflict with
>> anything we may add in future.
>>
>>> Also, although I read Adam Young's blog article about how to extend
>>> the WebUI, I'm having difficulty adding attributes within the existing
>>> structure. For example, on the user page, is there a prescribed way of
>>> adding say, the mailAlternateAddress attribute such that it shows as a
>>> field in the WebUI?
>
> The rule is that  you need to be able to do it in the CLI first, and then
> attempt it in the WebUI.  The attribute you are attmpeting to access needs
> to be added to the user object in freeipa/ipalib/plugins/user.py  first.
>  Once you have that, you can add it to the ui  just like email address:
>
>  {factory: IPA.multivalued_text_widget, name:'mail'},
>
>
> However,  mail is already a multivalued attribute.  You can store multiple
> email addresses there if you want, and that is the intention.  If you want
> to make these both single value fields, change it to:
>  fields:
>                [  "mail","mailalternateaddress",
>                   {factory: IPA.multivalued_text_widget,
> name:'telephonenumber'},...


Off on another project for awhile, but I finally had a chance to
attack this. Yes, I did have to make mailalternateaddress a separate
attribute as I need to be able to search the directory for this and
treat it differently than an email address (or multiple email
addresses). After a nasty browser caching problem, I got everything to
work. This is great! I'm a little weak in the javascript department,
but with your instructions above and here
(https://www.redhat.com/archives/freeipa-users/2011-June/msg00192.html)
I was able to edit everything and make it work! The CLI worked great
too. I could not believe it when I saw the command line options change
(even in help) to reflect the added attribute. This is so unbelievably
cool.

The only problem I'm having is that if there is no attribute entry to
begin with (I added the first mailalternateaddress with the command
line after the changes), there is no "Add" link in the UI next to the
attribute like on the Email address. Is there something that has to be
done to get this to appear? Note that the "Delete" link and "Add" link
does appear if there is already a value for the attribute.

Steve