[Freeipa-users] Add user -> custom script
Alexander Bokovoy
abokovoy at redhat.com
Fri Sep 16 21:31:14 UTC 2011
On Fri, 16 Sep 2011, Rob Crittenden wrote:
> >>Attached untested patch is a proof of concept. If /etc/ipa/server.conf
> >>has following setting:
> >>
> >>ipa_user_script=/path/to/script
> >>
> >>then during add/delete/modify of an user, it will be called with
> >>add/del/mod as first parameter and user's dn as second. Result of
> >>the call is ignored but return from IPA server is blocked by the
> >>execution so be quick in ipa_user_script!
> >>
> >
> >I got the patch installed OK, env variable set, and the script is being
> >run when do user modifications. Great! :) But the action (add/del/mod)
> >and the dn is not being supplied as arguments.
As I said, it is untested and I indeed made wrong arguments passing.
> The ipautil.run invocation should be:
>
> ipautil.run([self.api.env.ipa_user_script,"add", dn])
Exactly. Fixed patch attached.
> In other words, the whole thing needs to be in the list.
>
> Note that a cleaner way of adding this without having to modify
> ipa-provided files would be to write an extension plugin that does
> this (untested):
>
> from ipalib.plugins.user import user_add
>
> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
> inst.log.info('User added')
> if 'ipa_user_script' in inst.api.env:
> try:
> ipautil.run([inst.api.env.ipa_user_script,"add", dn])
> except:
> pass
>
> return dn
>
> user_add.register_post_callback(script_post_add_callback)
>
> Stick that into a file and drop it into the directory with the other
> plugins and restart Apache and that should do it.
That would be even better as it is clearly separated from stock
FreeIPA install.
--
/ Alexander Bokovoy
-------------- next part --------------
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 92a026d..b8631e3 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -25,6 +25,7 @@ from ipalib.request import context
from time import gmtime, strftime
import copy
from ipalib import _, ngettext
+from ipapython import ipautil
__doc__ = _("""
Users
@@ -413,6 +414,12 @@ class user_add(LDAPCreate):
entry_from_entry(entry_attrs, newentry)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
+ # If there is a ipa_user_script set in configuration, call it out
+ if 'ipa_user_script' in self.api.env:
+ try:
+ ipautil.run([self.api.env.ipa_user_script, "add", dn])
+ except:
+ pass
return dn
api.register(user_add)
@@ -424,6 +431,12 @@ class user_del(LDAPDelete):
msg_summary = _('Deleted user "%(value)s"')
def post_callback(self, ldap, dn, *keys, **options):
+ # If there is a ipa_user_script set in configuration, call it out
+ if 'ipa_user_script' in self.api.env:
+ try:
+ ipautil.run([self.api.env.ipa_user_script, "del", dn])
+ except:
+ pass
return True
api.register(user_del)
@@ -446,6 +459,12 @@ class user_mod(LDAPUpdate):
convert_nsaccountlock(entry_attrs)
self.obj._convert_manager(entry_attrs, **options)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
+ # If there is a ipa_user_script set in configuration, call it out
+ if 'ipa_user_script' in self.api.env:
+ try:
+ ipautil.run([self.api.env.ipa_user_script, "mod", dn])
+ except:
+ pass
return dn
api.register(user_mod)
More information about the Freeipa-users
mailing list