[Freeipa-users] Add user -> custom script

Sigbjorn Lie sigbjorn at nixtra.com
Fri Sep 16 15:34:55 UTC 2011 

On 09/16/2011 07:35 AM, Dmitri Pal wrote:
> On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
>> On 09/15/2011 09:59 PM, Dmitri Pal wrote:
>>> On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
>>>> Hi,
>>>>
>>>> Is there a custom script hook for when a user account is added using
>>>> either the cli, webui, or the winsync module?
>>>>
>>>> I have a custom script I run when creating a user account, and having
>>>> this run automatically by IPA would make my life a lot easier.
>>>>
>>>>
>>> Can you describe what kind of operations you need to do?
>>> Have you looked at the automembership plugin?
>>>
>> I'm doing a SSH login on to a filer, creating a home folder ZFS
>> dataset for the new user, setting quota and ACL on the newly created
>> dataset, and adding files from a skeleton folder into the home folder.
>>
> It might be a stupid question but... you seem to do all the operation
> described above on the filer. I am not quite clear what part of it, if
> any, needs to be run on the server side, I mean on the IPA. Or you
> actually want to be able to create an account on the server side and
> make it trapped and send the event to the filer and run a script there?
>
> We can't do it now. AFAIR there was a ticket about something like this
> in the deferred bucket... Could not find it... But I remember a discussion.
> We might need to file a ticket to track this but sound like something
> that will take a lot of time to accomplish.
>


The filer get it's user account data from the IPA server. The commands 
I'm running on the filer is to create a personal dataset (filesystem) 
for the newly created user account, as well as setting the correct ACL 
for the filesystem. The filer is a ZFS based filer, and the command 
being used is "zfs create ...". There is no remote API for this command.

However I feel like you have misinterpreted the request. It does not 
matter to IPA what I'm trying to accomplish with my script. I require a 
script to be run after a user account has been created (or deleted, or 
perhaps deleted).

There are plenty of environments where custom scripts is required to run 
after a new user account is created. In a typical Microsoft AD 
environments this is often accomplished with additional 
expensive-to-buy-and-complicated-to-set-up Identify Management suites, 
so after a user account is created, additional accounts is created in 
systems such as SAP, Incident Management tool, or any other company 
specific databases or applications.

In the UNIX/Linux environments I've seen, any post-user-creation tasks 
is accomplished with a script, run by the user management tool after the 
account has been created.

Hence my request for the option to run a post-user-creation script. :)



Regards,
Siggi

More information about the Freeipa-users mailing list