[Freeipa-users] user-custom script

Petr Viktorin pviktori at redhat.com
Tue May 28 13:44:02 UTC 2013 

On 05/28/2013 02:33 PM, Sigbjorn Lie wrote:
> On Mon, May 27, 2013 13:28, Petr Viktorin wrote:
>> On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
>>
>>> Hi,
>>>
>>>
>>> A while back I got some help writing a python script who extends the user classes in ipalib to
>>> run a custom command when a user is added/modified/deleted. This has been working perfectly in
>>> our production environment for a few years now, until I upgraded to IPA 3.0 last week. The
>>> custom script is no longer executed.
>>>
>>> Did the libraries change since 2.2?
>>>
>>
>> Hello,
>> Yes, IPA did change, though not in the callback registration API. See
>> comment below.
>>
>>>
>>>
>>> The script sits in /usr/lib/python2.6/site-packages/ipalib/plugins/user-custom.py and looks
>>> like:
>>>
>>>
>>>
>>> #
>>> # Extension to provide user-customizable script when a user id added/modified/deleted
>>> #
>>>
>>>
>>> from ipapython import ipautil
>>>
>>> # Extend add
>>>
>>>
>>> from ipalib.plugins.user import user_add
>>>
>>> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options): inst.log.info('User
>>> added') if 'ipa_user_script' in inst.api.env: try:
>>> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except:
>>> pass
>>
>> First of all, you can add better logging so you can diagnose errors more
>> easily, e.g.:
>>
>> try:
>> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except Exception, e:
>> inst.log.error("ipa_user_script: Exception: %s", e)
>>
>>
>> With this change, I can see the following line in the server log:
>>
>>
>> ipa: ERROR: ipa_user_script: Exception: sequence item 2: expected string
>> or Unicode, DN found
>>
>> The error is due to DN refactoring
>> (https://fedorahosted.org/freeipa/ticket/1670). All DNs throughout IPA
>> are now represented by DN objects. To use them as strings you need to convert them explicitly:
>>
>> ipautil.run([inst.api.env.ipa_user_script, "add", str(dn)])
>>
>> The same change is needed in the other three cases.
>> The modified code should still work under IPA 2.2.
>> Let me know if you're having more trouble.
>>
>>
[...]
>
>
> Thank you.
>
> I removed the user-custom.pyc, and moved the existing user-custom.py file to /root and made the
> changes in a new file, user-custom-v3.py. I then restarted httpd. However a .pyc file is not
> created, even after adding/removing/modifying a user.

The server runs under apache, it doesn't have permissions to create .pyc 
files in /usr/lib/.

> And the command specified to run in ipa_user_script is not run.
>
> Do you have a suggestions to what I might be doing wrong?

Do you get any messages in /var/log/httpd/error_log?

-- 
Petr³

More information about the Freeipa-users mailing list