[Freeipa-users] Add user -> custom script

Dmitri Pal dpal at redhat.com
Fri Sep 16 15:59:15 UTC 2011 

On 09/16/2011 11:34 AM, Sigbjorn Lie wrote:
> On 09/16/2011 07:35 AM, Dmitri Pal wrote:
>> On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
>>> On 09/15/2011 09:59 PM, Dmitri Pal wrote:
>>>> On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
>>>>> Hi,
>>>>>
>>>>> Is there a custom script hook for when a user account is added using
>>>>> either the cli, webui, or the winsync module?
>>>>>
>>>>> I have a custom script I run when creating a user account, and having
>>>>> this run automatically by IPA would make my life a lot easier.
>>>>>
>>>>>
>>>> Can you describe what kind of operations you need to do?
>>>> Have you looked at the automembership plugin?
>>>>
>>> I'm doing a SSH login on to a filer, creating a home folder ZFS
>>> dataset for the new user, setting quota and ACL on the newly created
>>> dataset, and adding files from a skeleton folder into the home folder.
>>>
>> It might be a stupid question but... you seem to do all the operation
>> described above on the filer. I am not quite clear what part of it, if
>> any, needs to be run on the server side, I mean on the IPA. Or you
>> actually want to be able to create an account on the server side and
>> make it trapped and send the event to the filer and run a script there?
>>
>> We can't do it now. AFAIR there was a ticket about something like this
>> in the deferred bucket... Could not find it... But I remember a
>> discussion.
>> We might need to file a ticket to track this but sound like something
>> that will take a lot of time to accomplish.
>>
>
>
> The filer get it's user account data from the IPA server. The commands
> I'm running on the filer is to create a personal dataset (filesystem)
> for the newly created user account, as well as setting the correct ACL
> for the filesystem. The filer is a ZFS based filer, and the command
> being used is "zfs create ...". There is no remote API for this command.
>
> However I feel like you have misinterpreted the request. It does not
> matter to IPA what I'm trying to accomplish with my script. I require
> a script to be run after a user account has been created (or deleted,
> or perhaps deleted).
>
> There are plenty of environments where custom scripts is required to
> run after a new user account is created. In a typical Microsoft AD
> environments this is often accomplished with additional
> expensive-to-buy-and-complicated-to-set-up Identify Management suites,
> so after a user account is created, additional accounts is created in
> systems such as SAP, Incident Management tool, or any other company
> specific databases or applications.
>
> In the UNIX/Linux environments I've seen, any post-user-creation tasks
> is accomplished with a script, run by the user management tool after
> the account has been created.
>
> Hence my request for the option to run a post-user-creation script. :)
>
>
>
> Regards,
> Siggi
>


What we need to do is to have a way from the DS plugin to send
notification messages about record operation and then let services to
subscribe and consume notifications and do whatever they need in an
async way. It might make sense to have an option QPID broker for that. I
will talk to qpid guys. 

>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list