[Freeipa-users] Add user -> custom script

Fri Sep 16 08:29:05 UTC 2011

On Fri, 16 Sep 2011, Dmitri Pal wrote:
> On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
> > On 09/15/2011 09:59 PM, Dmitri Pal wrote:
> >> On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
> >>> Hi,
> >>>
> >>> Is there a custom script hook for when a user account is added using
> >>> either the cli, webui, or the winsync module?
> >>>
> >>> I have a custom script I run when creating a user account, and having
> >>> this run automatically by IPA would make my life a lot easier.
> >>>
> >>>
> >> Can you describe what kind of operations you need to do?
> >> Have you looked at the automembership plugin?
> >>
> >
> > I'm doing a SSH login on to a filer, creating a home folder ZFS
> > dataset for the new user, setting quota and ACL on the newly created
> > dataset, and adding files from a skeleton folder into the home folder.
> >
> 
> It might be a stupid question but... you seem to do all the operation
> described above on the filer. I am not quite clear what part of it, if
> any, needs to be run on the server side, I mean on the IPA. Or you
> actually want to be able to create an account on the server side and
> make it trapped and send the event to the filer and run a script there?
> 
> We can't do it now. AFAIR there was a ticket about something like this
> in the deferred bucket... Could not find it... But I remember a discussion.
> We might need to file a ticket to track this but sound like something
> that will take a lot of time to accomplish.
Attached untested patch is a proof of concept. If /etc/ipa/server.conf 
has following setting:

ipa_user_script=/path/to/script

then during add/delete/modify of an user, it will be called with 
add/del/mod as first parameter and user's dn as second. Result of 
the call is ignored but return from IPA server is blocked by the 
execution so be quick in ipa_user_script!
-- 
/ Alexander Bokovoy
-------------- next part --------------

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 92a026d..b8631e3 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -25,6 +25,7 @@ from ipalib.request import context
 from time import gmtime, strftime
 import copy
 from ipalib import _, ngettext
+from ipapython import ipautil
 
 __doc__ = _("""
 Users
@@ -413,6 +414,12 @@ class user_add(LDAPCreate):
                 entry_from_entry(entry_attrs, newentry)
 
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
+        # If there is a ipa_user_script set in configuration, call it out
+        if 'ipa_user_script' in self.api.env:
+            try:
+                ipautil.run(self.api.env.ipa_user_script,["add", dn])
+            except:
+                pass
         return dn
 
 api.register(user_add)
@@ -424,6 +431,12 @@ class user_del(LDAPDelete):
     msg_summary = _('Deleted user "%(value)s"')
 
     def post_callback(self, ldap, dn, *keys, **options):
+        # If there is a ipa_user_script set in configuration, call it out
+        if 'ipa_user_script' in self.api.env:
+            try:
+                ipautil.run(self.api.env.ipa_user_script,["del", dn])
+            except:
+                pass
         return True
 
 api.register(user_del)
@@ -446,6 +459,12 @@ class user_mod(LDAPUpdate):
         convert_nsaccountlock(entry_attrs)
         self.obj._convert_manager(entry_attrs, **options)
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
+        # If there is a ipa_user_script set in configuration, call it out
+        if 'ipa_user_script' in self.api.env:
+            try:
+                ipautil.run(self.api.env.ipa_user_script,["mod", dn])
+            except:
+                pass
         return dn
 
 api.register(user_mod)
