[Freeipa-users] Add attributes to default user schema

Fri Jun 22 20:37:08 UTC 2012

Dmitri Pal wrote:
> On 06/22/2012 12:28 PM, Stephen Ingram wrote:
>> On Fri, Jun 22, 2012 at 6:25 AM, Dmitri Pal<dpal at redhat.com>  wrote:
>>> On 06/22/2012 01:57 AM, Stephen Ingram wrote:
>>>> On Thu, Jun 21, 2012 at 3:22 PM, Dmitri Pal<dpal at redhat.com>  wrote:
>>>>> On 06/21/2012 05:44 PM, Stephen Ingram wrote:
>>>>>> On Thu, Jun 21, 2012 at 2:06 PM, James James<jreg2k at gmail.com>  wrote:
>>>>>>> Hi everybody,
>>>>>>>
>>>>>>> Is it possible to have a procedure to add new attributes like
>>>>>>> mailAlternateAddress in the default user schema ?
>>>>>> That particular attribute is included in the schema
>>>>>> (objectclass=mailRecipient) so it is easy to add using the ipa
>>>>>> user-mod --addattr command. I then followed Adam Young's instructions
>>>>>> to change the interface such that we could view/edit the new attribute
>>>>>> in the UI:
>>>>>>
>>>>>> 1. Edit the /usr/lib/python2.7/site-packages/ipalib/plugins/user.py to
>>>>>> include the new field
>>>>>> 2. Add an entry to /usr/share/ipa/ui/user.js for the new value
>>>>>> 3. Don't forget to restart httpd and refresh your browser cache to
>>>>>> pick up the new fields
>>>>>>
>>>>>> We needed that instead of using the multi-valued mail attribute
>>>>>> because there are circumstances where we need to differentiate between
>>>>>> the "master" email address and aliases. It's easy to add though and
>>>>>> works great. I certainly wouldn't want to be in the position of adding
>>>>>> lots of attributes not already included in IPA, but a one or two-off
>>>>>> seems pretty reasonable to manage.
>>>>>>
>>>>>> I don't know if it's still in the I'm sure *very* future plans for
>>>>>> IPA, but I remember seeing some application (MTA, mail store) support
>>>>>> mentioned at one time. These sorts of attributes might be nice to have
>>>>>> if and when that happens.
>>>>>>
>>>>>> Steve
>>>>> Is there any chance you can submit what you have done in the form of a
>>>>> ticket with attached patches?
>>>> As I have not upgraded to 2.2 yet, I had to patch against 2.1.4. Ticket is 2863.
>>>>
>>>> Steve
>>> Thank you for the ticket.
>>> I think it would be OK to attach existing patch anyways for now.
>>> What are your plans regarding upgrading to 2.2 and rebasing the patches?
>> I see that RHEL 6.3 was released yesterday so we will start testing
>> 2.2 soon. Once we upgrade, I'll rebase patches to 2.2 and attach to
>> existing ticket. Is this something that might be included at some
>> point?
>>
>> Steve
> In general yes, but devil is in details.
>

It should be pretty straightforward to rebase these.

I wonder about the objectclass. It would also be possible to add it 
on-the-fly by adding a bit of code to the pre_callback() of user_mod and 
user_add.

The basic idea would be:

user_add::pre_callback()

if 'mailalternateaddress' in entry_attrs:
     entry_attrs['objectclass'] = 
list(set(entry_attrs['objectclass'].append('mailRecipient')))

I do the list/set bit in case anyone adds mailRecipient to the default 
list :-)

Something similar in user_mod, there is similar code to do this for 
'ipasshpubkey'. Might be worthwhile to make this into its own function.

rob