[Freeipa-users] Add user -> custom script

Alexander Bokovoy abokovoy at redhat.com
Fri Sep 16 21:31:14 UTC 2011 

On Fri, 16 Sep 2011, Rob Crittenden wrote:
> >>Attached untested patch is a proof of concept. If /etc/ipa/server.conf
> >>has following setting:
> >>
> >>ipa_user_script=/path/to/script
> >>
> >>then during add/delete/modify of an user, it will be called with
> >>add/del/mod as first parameter and user's dn as second. Result of
> >>the call is ignored but return from IPA server is blocked by the
> >>execution so be quick in ipa_user_script!
> >>
> >
> >I got the patch installed OK, env variable set, and the script is being
> >run when do user modifications. Great! :) But the action (add/del/mod)
> >and the dn is not being supplied as arguments.
As I said, it is untested and I indeed made wrong arguments passing.

> The ipautil.run invocation should be:
> 
> ipautil.run([self.api.env.ipa_user_script,"add", dn])
Exactly. Fixed patch attached.

> In other words, the whole thing needs to be in the list.
> 
> Note that a cleaner way of adding this without having to modify
> ipa-provided files would be to write an extension plugin that does
> this (untested):
> 
> from ipalib.plugins.user import user_add
> 
> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
>     inst.log.info('User added')
>     if 'ipa_user_script' in inst.api.env:
>         try:
>             ipautil.run([inst.api.env.ipa_user_script,"add", dn])
>         except:
>              pass
> 
>     return dn
> 
> user_add.register_post_callback(script_post_add_callback)
> 
> Stick that into a file and drop it into the directory with the other
> plugins and restart Apache and that should do it.
That would be even better as it is clearly separated from stock 
FreeIPA install.

-- 
/ Alexander Bokovoy
-------------- next part --------------
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 92a026d..b8631e3 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -25,6 +25,7 @@ from ipalib.request import context
 from time import gmtime, strftime
 import copy
 from ipalib import _, ngettext
+from ipapython import ipautil
 
 __doc__ = _("""
 Users
@@ -413,6 +414,12 @@ class user_add(LDAPCreate):
                 entry_from_entry(entry_attrs, newentry)
 
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
+        # If there is a ipa_user_script set in configuration, call it out
+        if 'ipa_user_script' in self.api.env:
+            try:
+                ipautil.run([self.api.env.ipa_user_script, "add", dn])
+            except:
+                pass
         return dn
 
 api.register(user_add)
@@ -424,6 +431,12 @@ class user_del(LDAPDelete):
     msg_summary = _('Deleted user "%(value)s"')
 
     def post_callback(self, ldap, dn, *keys, **options):
+        # If there is a ipa_user_script set in configuration, call it out
+        if 'ipa_user_script' in self.api.env:
+            try:
+                ipautil.run([self.api.env.ipa_user_script, "del", dn])
+            except:
+                pass
         return True
 
 api.register(user_del)
@@ -446,6 +459,12 @@ class user_mod(LDAPUpdate):
         convert_nsaccountlock(entry_attrs)
         self.obj._convert_manager(entry_attrs, **options)
         self.obj.get_password_attributes(ldap, dn, entry_attrs)
+        # If there is a ipa_user_script set in configuration, call it out
+        if 'ipa_user_script' in self.api.env:
+            try:
+                ipautil.run([self.api.env.ipa_user_script, "mod", dn])
+            except:
+                pass
         return dn
 
 api.register(user_mod)

More information about the Freeipa-users mailing list