[Freeipa-users] extending FreeIPA

Adam Young ayoung at redhat.com
Mon Aug 8 00:29:20 UTC 2011 

On 08/06/2011 04:29 PM, Stephen Ingram wrote:
> On Sat, Aug 6, 2011 at 12:18 PM, Stephen Ingram<sbingram at gmail.com>  wrote:
>> On Fri, May 6, 2011 at 1:11 PM, Adam Young<ayoung at redhat.com>  wrote:
>>> On 05/06/2011 08:49 AM, Simo Sorce wrote:
>>>> On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
>>>>> I currently maintain a directory with MTA configuration data in it
>>>>> (among other items). I'm wondering what is the best way to add to the
>>>>> FreeIPA schema without stepping on current and future schema additions
>>>>> that might conflict with what I add. I know at one time you were
>>>>> expecting to add information for Postfix and other common server
>>>>> programs. Was this schema ever prepared and agreed upon, or is it best
>>>>> to use some special branch to put this all under?
>>>> Ok it seem we are confusing 2 things here, on one side schema extensions
>>>> (new attributes and objectclasses) and on the other side DIT structure
>>>> (subtrees within the tree where to put your information).
>>>>
>>>> If you use standard schema or schema you made yourself after you got
>>>> assigned a base OID there should be no issue at all. if you do your own
>>>> schema please be careful in trying to use a prefix for attribute and
>>>> objectclass names so that you do not risk future name conflicts).
>>>>
>>>> For the DIT part it really depends on what you need to do.
>>>> If you just need to add attributes to users then you have no other
>>>> option but to attach them to the users and that's fine it shouldn't
>>>> cause any issue.
>>>>
>>>> If you need to add entirely new objects I can suggest to create a
>>>> cn=custom container as a top level subtree (ie at the same level of
>>>> cn=accounts and cn=etc, ...
>>>>
>>>> And within it do what you need to do. This way it will not conflict with
>>>> anything we may add in future.
>>>>
>>>>> Also, although I read Adam Young's blog article about how to extend
>>>>> the WebUI, I'm having difficulty adding attributes within the existing
>>>>> structure. For example, on the user page, is there a prescribed way of
>>>>> adding say, the mailAlternateAddress attribute such that it shows as a
>>>>> field in the WebUI?
>>> The rule is that  you need to be able to do it in the CLI first, and then
>>> attempt it in the WebUI.  The attribute you are attmpeting to access needs
>>> to be added to the user object in freeipa/ipalib/plugins/user.py  first.
>>>   Once you have that, you can add it to the ui  just like email address:
>>>
>>>   {factory: IPA.multivalued_text_widget, name:'mail'},
>>>
>>>
>>> However,  mail is already a multivalued attribute.  You can store multiple
>>> email addresses there if you want, and that is the intention.  If you want
>>> to make these both single value fields, change it to:
>>>   fields:
>>>                 [  "mail","mailalternateaddress",
>>>                    {factory: IPA.multivalued_text_widget,
>>> name:'telephonenumber'},...
>>
>> Off on another project for awhile, but I finally had a chance to
>> attack this. Yes, I did have to make mailalternateaddress a separate
>> attribute as I need to be able to search the directory for this and
>> treat it differently than an email address (or multiple email
>> addresses). After a nasty browser caching problem, I got everything to
>> work. This is great! I'm a little weak in the javascript department,
>> but with your instructions above and here
>> (https://www.redhat.com/archives/freeipa-users/2011-June/msg00192.html)
>> I was able to edit everything and make it work! The CLI worked great
>> too. I could not believe it when I saw the command line options change
>> (even in help) to reflect the added attribute. This is so unbelievably
>> cool.
>>
>> The only problem I'm having is that if there is no attribute entry to
>> begin with (I added the first mailalternateaddress with the command
>> line after the changes), there is no "Add" link in the UI next to the
>> attribute like on the Email address. Is there something that has to be
>> done to get this to appear? Note that the "Delete" link and "Add" link
>> does appear if there is already a value for the attribute.
> Please just disregard this last problem. The correct objectclass was
> missing from the directory entry. It works perfectly now.
>
> Steve
Glad to hear it. Interesting failure case.

More information about the Freeipa-users mailing list