[Freeipa-users] Add user -> custom script

Fri Sep 16 22:10:10 UTC 2011

On Fri, September 16, 2011 23:18, Rob Crittenden wrote:
> Sigbjorn Lie wrote:
>
>> On 09/16/2011 10:29 AM, Alexander Bokovoy wrote:
>>
>>> On Fri, 16 Sep 2011, Dmitri Pal wrote:
>>>
>>>> On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
>>>>
>>>>> On 09/15/2011 09:59 PM, Dmitri Pal wrote:
>>>>>
>>>>>> On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>> Is there a custom script hook for when a user account is added using
>>>>>>> either the cli, webui, or the winsync module?
>>>>>>>
>>>>>>> I have a custom script I run when creating a user account, and having
>>>>>>> this run automatically by IPA would make my life a lot easier.
>>>>>>>
>>>>>>>
>>>>>> Can you describe what kind of operations you need to do?
>>>>>> Have you looked at the automembership plugin?
>>>>>>
>>>>>>
>>>>> I'm doing a SSH login on to a filer, creating a home folder ZFS
>>>>> dataset for the new user, setting quota and ACL on the newly created dataset, and adding
>>>>> files from a skeleton folder into the home folder.
>>>>>
>>>> It might be a stupid question but... you seem to do all the operation
>>>> described above on the filer. I am not quite clear what part of it, if any, needs to be run
>>>> on the server side, I mean on the IPA. Or you actually want to be able to create an account
>>>> on the server side and make it trapped and send the event to the filer and run a script
>>>> there?
>>>>
>>>> We can't do it now. AFAIR there was a ticket about something like this
>>>> in the deferred bucket... Could not find it... But I remember a discussion. We might need to
>>>> file a ticket to track this but sound like something that will take a lot of time to
>>>> accomplish.
>>> Attached untested patch is a proof of concept. If /etc/ipa/server.conf
>>> has following setting:
>>>
>>> ipa_user_script=/path/to/script
>>>
>>> then during add/delete/modify of an user, it will be called with add/del/mod as first
>>> parameter and user's dn as second. Result of the call is ignored but return from IPA server is
>>> blocked by the execution so be quick in ipa_user_script!
>>>
>>
>> I got the patch installed OK, env variable set, and the script is being
>> run when do user modifications. Great! :) But the action (add/del/mod) and the dn is not being
>> supplied as arguments.
>>
>> For testing's sake I've made a very simple script just to capture the
>> env variables.
>>
>> Do you have any suggestion to why the arguments is not getting supplied
>> to the script?
>>
>>
>> #!/bin/bash
>>
>>
>> echo "a:$1 u:$2" >> /tmp/ipa_custom_$$ env >> /tmp/ipa_custom_$$
>
> The ipautil.run invocation should be:
>
>
> ipautil.run([self.api.env.ipa_user_script,"add", dn])
>
> In other words, the whole thing needs to be in the list.
>
>
> Note that a cleaner way of adding this without having to modify
> ipa-provided files would be to write an extension plugin that does this (untested):
>
>
> from ipalib.plugins.user import user_add
>
> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options): inst.log.info('User
> added') if 'ipa_user_script' in inst.api.env: try:
> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except:
> pass
>
> return dn
>
> user_add.register_post_callback(script_post_add_callback)
>
> Stick that into a file and drop it into the directory with the other
> plugins and restart Apache and that should do it.
>
> rob
>

I reverted the patched user.py file back to tbe unpatched user.py file.

I called the script you provided custom.py, and I've tried copying it to
/usr/lib/python2.7/site-packages/ipalib/plugins and
/usr/lib/python2.7/site-packages/ipaserver/plugins. Then I restarted httpd and tomcat6. Now the
script is not called anymore.

Should the script be put anywhere else? Anything I didnt do?