[Freeipa-users] Add user -> custom script

[Rob Crittenden]

Sigbjorn Lie wrote:
>
>
> On Fri, September 16, 2011 23:18, Rob Crittenden wrote:
>> Sigbjorn Lie wrote:
>>
>>> On 09/16/2011 10:29 AM, Alexander Bokovoy wrote:
>>>
>>>> On Fri, 16 Sep 2011, Dmitri Pal wrote:
>>>>
>>>>> On 09/15/2011 04:14 PM, Sigbjorn Lie wrote:
>>>>>
>>>>>> On 09/15/2011 09:59 PM, Dmitri Pal wrote:
>>>>>>
>>>>>>> On 09/15/2011 03:45 PM, Sigbjorn Lie wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>
>>>>>>>> Is there a custom script hook for when a user account is added using
>>>>>>>> either the cli, webui, or the winsync module?
>>>>>>>>
>>>>>>>> I have a custom script I run when creating a user account, and having
>>>>>>>> this run automatically by IPA would make my life a lot easier.
>>>>>>>>
>>>>>>>>
>>>>>>> Can you describe what kind of operations you need to do?
>>>>>>> Have you looked at the automembership plugin?
>>>>>>>
>>>>>>>
>>>>>> I'm doing a SSH login on to a filer, creating a home folder ZFS
>>>>>> dataset for the new user, setting quota and ACL on the newly created dataset, and adding
>>>>>> files from a skeleton folder into the home folder.
>>>>>>
>>>>> It might be a stupid question but... you seem to do all the operation
>>>>> described above on the filer. I am not quite clear what part of it, if any, needs to be run
>>>>> on the server side, I mean on the IPA. Or you actually want to be able to create an account
>>>>> on the server side and make it trapped and send the event to the filer and run a script
>>>>> there?
>>>>>
>>>>> We can't do it now. AFAIR there was a ticket about something like this
>>>>> in the deferred bucket... Could not find it... But I remember a discussion. We might need to
>>>>> file a ticket to track this but sound like something that will take a lot of time to
>>>>> accomplish.
>>>> Attached untested patch is a proof of concept. If /etc/ipa/server.conf
>>>> has following setting:
>>>>
>>>> ipa_user_script=/path/to/script
>>>>
>>>> then during add/delete/modify of an user, it will be called with add/del/mod as first
>>>> parameter and user's dn as second. Result of the call is ignored but return from IPA server is
>>>> blocked by the execution so be quick in ipa_user_script!
>>>>
>>>
>>> I got the patch installed OK, env variable set, and the script is being
>>> run when do user modifications. Great! :) But the action (add/del/mod) and the dn is not being
>>> supplied as arguments.
>>>
>>> For testing's sake I've made a very simple script just to capture the
>>> env variables.
>>>
>>> Do you have any suggestion to why the arguments is not getting supplied
>>> to the script?
>>>
>>>
>>> #!/bin/bash
>>>
>>>
>>> echo "a:$1 u:$2">>  /tmp/ipa_custom_$$ env>>  /tmp/ipa_custom_$$
>>
>> The ipautil.run invocation should be:
>>
>>
>> ipautil.run([self.api.env.ipa_user_script,"add", dn])
>>
>> In other words, the whole thing needs to be in the list.
>>
>>
>> Note that a cleaner way of adding this without having to modify
>> ipa-provided files would be to write an extension plugin that does this (untested):
>>
>>
>> from ipalib.plugins.user import user_add
>>
>> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options): inst.log.info('User
>> added') if 'ipa_user_script' in inst.api.env: try:
>> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except:
>> pass
>>
>> return dn
>>
>> user_add.register_post_callback(script_post_add_callback)
>>
>> Stick that into a file and drop it into the directory with the other
>> plugins and restart Apache and that should do it.
>>
>> rob
>>
>
> I reverted the patched user.py file back to tbe unpatched user.py file.
>
> I called the script you provided custom.py, and I've tried copying it to
> /usr/lib/python2.7/site-packages/ipalib/plugins and
> /usr/lib/python2.7/site-packages/ipaserver/plugins. Then I restarted httpd and tomcat6. Now the
> script is not called anymore.
>
> Should the script be put anywhere else? Anything I didnt do?
>
>
>
It needs to be in ipalib/plugins.

Add:

from ipapython import ipautil

rob