[Freeipa-users] user-custom script

Petr Viktorin pviktori at redhat.com
Mon May 27 11:28:47 UTC 2013 

On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
> Hi,
>
> A while back I got some help writing a python script who extends the user classes in ipalib to run
> a custom command when a user is added/modified/deleted. This has been working perfectly in our
> production environment for a few years now, until I upgraded to IPA 3.0 last week. The custom
> script is no longer executed.
>
> Did the libraries change since 2.2?

Hello,
Yes, IPA did change, though not in the callback registration API. See 
comment below.

>
>
> The script sits in /usr/lib/python2.6/site-packages/ipalib/plugins/user-custom.py and looks like:
>
>
> #
> # Extension to provide user-customizable script when a user id added/modified/deleted
> #
>
> from ipapython import ipautil
>
> # Extend add
>
> from ipalib.plugins.user import user_add
>
> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
>       inst.log.info('User added')
>       if 'ipa_user_script' in inst.api.env:
>           try:
>               ipautil.run([inst.api.env.ipa_user_script,"add", dn])
>           except:
>                pass

First of all, you can add better logging so you can diagnose errors more 
easily, e.g.:

          try:
              ipautil.run([inst.api.env.ipa_user_script,"add", dn])
          except Exception, e:
              inst.log.error("ipa_user_script: Exception: %s", e)

With this change, I can see the following line in the server log:

ipa: ERROR: ipa_user_script: Exception: sequence item 2: expected string 
or Unicode, DN found

The error is due to DN refactoring 
(https://fedorahosted.org/freeipa/ticket/1670). All DNs throughout IPA 
are now represented by DN objects. To use them as strings you need to 
convert them explicitly:

              ipautil.run([inst.api.env.ipa_user_script, "add", str(dn)])

The same change is needed in the other three cases.
The modified code should still work under IPA 2.2.
Let me know if you're having more trouble.

>       return dn
>
> user_add.register_post_callback(script_post_add_callback)
>
>
> # Extend delete
>
> from ipalib.plugins.user import user_del
>
> def script_post_del_callback(inst, ldap, dn, attrs_list, *keys, **options):
>       inst.log.info('User deleted')
>       if 'ipa_user_script' in inst.api.env:
>           try:
>               ipautil.run([inst.api.env.ipa_user_script,"del", dn])
>           except:
>                pass
>
>       return dn
>
> user_del.register_post_callback(script_post_del_callback)
>
>
> # Extend modify
>
> from ipalib.plugins.user import user_mod
>
> def script_post_mod_callback(inst, ldap, dn, attrs_list, *keys, **options):
>       inst.log.info('User modified')
>       if 'ipa_user_script' in inst.api.env:
>           try:
>               ipautil.run([inst.api.env.ipa_user_script,"mod", dn])
>           except:
>                pass
>
>       return dn
>
> user_mod.register_post_callback(script_post_mod_callback)
>




-- 
Petr³

More information about the Freeipa-users mailing list