[Freeipa-users] user-custom script
Petr Viktorin
pviktori at redhat.com
Mon May 27 11:28:47 UTC 2013
On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
> Hi,
>
> A while back I got some help writing a python script who extends the user classes in ipalib to run
> a custom command when a user is added/modified/deleted. This has been working perfectly in our
> production environment for a few years now, until I upgraded to IPA 3.0 last week. The custom
> script is no longer executed.
>
> Did the libraries change since 2.2?
Hello,
Yes, IPA did change, though not in the callback registration API. See
comment below.
>
>
> The script sits in /usr/lib/python2.6/site-packages/ipalib/plugins/user-custom.py and looks like:
>
>
> #
> # Extension to provide user-customizable script when a user id added/modified/deleted
> #
>
> from ipapython import ipautil
>
> # Extend add
>
> from ipalib.plugins.user import user_add
>
> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
> inst.log.info('User added')
> if 'ipa_user_script' in inst.api.env:
> try:
> ipautil.run([inst.api.env.ipa_user_script,"add", dn])
> except:
> pass
First of all, you can add better logging so you can diagnose errors more
easily, e.g.:
try:
ipautil.run([inst.api.env.ipa_user_script,"add", dn])
except Exception, e:
inst.log.error("ipa_user_script: Exception: %s", e)
With this change, I can see the following line in the server log:
ipa: ERROR: ipa_user_script: Exception: sequence item 2: expected string
or Unicode, DN found
The error is due to DN refactoring
(https://fedorahosted.org/freeipa/ticket/1670). All DNs throughout IPA
are now represented by DN objects. To use them as strings you need to
convert them explicitly:
ipautil.run([inst.api.env.ipa_user_script, "add", str(dn)])
The same change is needed in the other three cases.
The modified code should still work under IPA 2.2.
Let me know if you're having more trouble.
> return dn
>
> user_add.register_post_callback(script_post_add_callback)
>
>
> # Extend delete
>
> from ipalib.plugins.user import user_del
>
> def script_post_del_callback(inst, ldap, dn, attrs_list, *keys, **options):
> inst.log.info('User deleted')
> if 'ipa_user_script' in inst.api.env:
> try:
> ipautil.run([inst.api.env.ipa_user_script,"del", dn])
> except:
> pass
>
> return dn
>
> user_del.register_post_callback(script_post_del_callback)
>
>
> # Extend modify
>
> from ipalib.plugins.user import user_mod
>
> def script_post_mod_callback(inst, ldap, dn, attrs_list, *keys, **options):
> inst.log.info('User modified')
> if 'ipa_user_script' in inst.api.env:
> try:
> ipautil.run([inst.api.env.ipa_user_script,"mod", dn])
> except:
> pass
>
> return dn
>
> user_mod.register_post_callback(script_post_mod_callback)
>
--
Petr³
More information about the Freeipa-users
mailing list