[Freeipa-users] Add user -> custom script
Sigbjorn Lie
sigbjorn at nixtra.com
Fri Sep 16 16:20:18 UTC 2011
On 09/16/2011 05:59 PM, Dmitri Pal wrote:
> On 09/16/2011 11:34 AM, Sigbjorn Lie wrote:
>> On 09/16/2011 07:35 AM, Dmitri Pal wrote:
>>> On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
>>>> On 09/15/2011 09:59 PM, Dmitri Pal wrote:
>>>>> On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Is there a custom script hook for when a user account is added using
>>>>>> either the cli, webui, or the winsync module?
>>>>>>
>>>>>> I have a custom script I run when creating a user account, and having
>>>>>> this run automatically by IPA would make my life a lot easier.
>>>>>>
>>>>>>
>>>>> Can you describe what kind of operations you need to do?
>>>>> Have you looked at the automembership plugin?
>>>>>
>>>> I'm doing a SSH login on to a filer, creating a home folder ZFS
>>>> dataset for the new user, setting quota and ACL on the newly created
>>>> dataset, and adding files from a skeleton folder into the home folder.
>>>>
>>> It might be a stupid question but... you seem to do all the operation
>>> described above on the filer. I am not quite clear what part of it, if
>>> any, needs to be run on the server side, I mean on the IPA. Or you
>>> actually want to be able to create an account on the server side and
>>> make it trapped and send the event to the filer and run a script there?
>>>
>>> We can't do it now. AFAIR there was a ticket about something like this
>>> in the deferred bucket... Could not find it... But I remember a
>>> discussion.
>>> We might need to file a ticket to track this but sound like something
>>> that will take a lot of time to accomplish.
>>>
>>
>> The filer get it's user account data from the IPA server. The commands
>> I'm running on the filer is to create a personal dataset (filesystem)
>> for the newly created user account, as well as setting the correct ACL
>> for the filesystem. The filer is a ZFS based filer, and the command
>> being used is "zfs create ...". There is no remote API for this command.
>>
>> However I feel like you have misinterpreted the request. It does not
>> matter to IPA what I'm trying to accomplish with my script. I require
>> a script to be run after a user account has been created (or deleted,
>> or perhaps deleted).
>>
>> There are plenty of environments where custom scripts is required to
>> run after a new user account is created. In a typical Microsoft AD
>> environments this is often accomplished with additional
>> expensive-to-buy-and-complicated-to-set-up Identify Management suites,
>> so after a user account is created, additional accounts is created in
>> systems such as SAP, Incident Management tool, or any other company
>> specific databases or applications.
>>
>> In the UNIX/Linux environments I've seen, any post-user-creation tasks
>> is accomplished with a script, run by the user management tool after
>> the account has been created.
>>
>> Hence my request for the option to run a post-user-creation script. :)
>>
>>
>>
>> Regards,
>> Siggi
>>
>
> What we need to do is to have a way from the DS plugin to send
> notification messages about record operation and then let services to
> subscribe and consume notifications and do whatever they need in an
> async way. It might make sense to have an option QPID broker for that. I
> will talk to qpid guys.
>
Sounds even better! Much more secure!
Thanks! :)
More information about the Freeipa-users
mailing list