[Freeipa-users] extending FreeIPA

Stephen Ingram sbingram at gmail.com
Sat Aug 6 20:29:51 UTC 2011 

On Sat, Aug 6, 2011 at 12:18 PM, Stephen Ingram <sbingram at gmail.com> wrote:
> On Fri, May 6, 2011 at 1:11 PM, Adam Young <ayoung at redhat.com> wrote:
>> On 05/06/2011 08:49 AM, Simo Sorce wrote:
>>>
>>> On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
>>>>
>>>> I currently maintain a directory with MTA configuration data in it
>>>> (among other items). I'm wondering what is the best way to add to the
>>>> FreeIPA schema without stepping on current and future schema additions
>>>> that might conflict with what I add. I know at one time you were
>>>> expecting to add information for Postfix and other common server
>>>> programs. Was this schema ever prepared and agreed upon, or is it best
>>>> to use some special branch to put this all under?
>>>
>>> Ok it seem we are confusing 2 things here, on one side schema extensions
>>> (new attributes and objectclasses) and on the other side DIT structure
>>> (subtrees within the tree where to put your information).
>>>
>>> If you use standard schema or schema you made yourself after you got
>>> assigned a base OID there should be no issue at all. if you do your own
>>> schema please be careful in trying to use a prefix for attribute and
>>> objectclass names so that you do not risk future name conflicts).
>>>
>>> For the DIT part it really depends on what you need to do.
>>> If you just need to add attributes to users then you have no other
>>> option but to attach them to the users and that's fine it shouldn't
>>> cause any issue.
>>>
>>> If you need to add entirely new objects I can suggest to create a
>>> cn=custom container as a top level subtree (ie at the same level of
>>> cn=accounts and cn=etc, ...
>>>
>>> And within it do what you need to do. This way it will not conflict with
>>> anything we may add in future.
>>>
>>>> Also, although I read Adam Young's blog article about how to extend
>>>> the WebUI, I'm having difficulty adding attributes within the existing
>>>> structure. For example, on the user page, is there a prescribed way of
>>>> adding say, the mailAlternateAddress attribute such that it shows as a
>>>> field in the WebUI?
>>
>> The rule is that  you need to be able to do it in the CLI first, and then
>> attempt it in the WebUI.  The attribute you are attmpeting to access needs
>> to be added to the user object in freeipa/ipalib/plugins/user.py  first.
>>  Once you have that, you can add it to the ui  just like email address:
>>
>>  {factory: IPA.multivalued_text_widget, name:'mail'},
>>
>>
>> However,  mail is already a multivalued attribute.  You can store multiple
>> email addresses there if you want, and that is the intention.  If you want
>> to make these both single value fields, change it to:
>>  fields:
>>                [  "mail","mailalternateaddress",
>>                   {factory: IPA.multivalued_text_widget,
>> name:'telephonenumber'},...
>
>
> Off on another project for awhile, but I finally had a chance to
> attack this. Yes, I did have to make mailalternateaddress a separate
> attribute as I need to be able to search the directory for this and
> treat it differently than an email address (or multiple email
> addresses). After a nasty browser caching problem, I got everything to
> work. This is great! I'm a little weak in the javascript department,
> but with your instructions above and here
> (https://www.redhat.com/archives/freeipa-users/2011-June/msg00192.html)
> I was able to edit everything and make it work! The CLI worked great
> too. I could not believe it when I saw the command line options change
> (even in help) to reflect the added attribute. This is so unbelievably
> cool.
>
> The only problem I'm having is that if there is no attribute entry to
> begin with (I added the first mailalternateaddress with the command
> line after the changes), there is no "Add" link in the UI next to the
> attribute like on the Email address. Is there something that has to be
> done to get this to appear? Note that the "Delete" link and "Add" link
> does appear if there is already a value for the attribute.

Please just disregard this last problem. The correct objectclass was
missing from the directory entry. It works perfectly now.

Steve

More information about the Freeipa-users mailing list