[Freeipa-users] add solaris attribiutes to IPA

Petr Vobornik pvoborni at redhat.com
Mon Jul 28 15:40:35 UTC 2014 

On 28.7.2014 16:21, mohammad sereshki wrote:
> Dear
>
> yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP
> then we can add it as default parameter of user and configure it to set RBAC (role access)
> if you want I can share the commands with you.
> but I want to know how can we change  WEBUI to configure solarisuserattr through web interface.
> anyway I had done it through command line.

Which version of FreeIPA or IdM are we talking about? In older version 
it's quite difficult. Web UI in IPA 3.3+ has a new plugin system. The 
slides [3] which Martin sent in the first reply covers how to extend 
existing page, but one can also add completely new page and a menu item.

Some time ago I wrote example plugin [1] (not sure if it still works) 
which replaces user details page in self-service mode with new more 
simple one. It shows how to add/delete menu items.

To implement new pages, one can take inspiration from core FreeIPA code. 
The simplest page is probably Radius Server Proxy [2]. The only 
differences are that core plugins have menu items defined on one place 
somewhere else and that, when one refers to UI module, he has to use 
absolute module name ('freeipa/text/') instead of a relative one ('./text').

[1] https://pvoborni.fedorapeople.org/plugins/simpleuser/simpleuser.js
[2] 
https://git.fedorahosted.org/cgit/freeipa.git/tree/install/ui/src/freeipa/radiusproxy.js

Other sources:
[3] http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
[4]  http://pvoborni.fedorapeople.org/doc/#!/guide/Plugins

>
>
>
> ________________________________
>   From: Rob Crittenden <rcritten at redhat.com>
> To: mohammad sereshki <mohammadsereshki at yahoo.com>; "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> Sent: Monday, July 28, 2014 6:45 PM
> Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
>
>
> mohammad sereshki wrote:
>
>
>
>> hi
>> Would you please let me know who can i add
>> /etc/user_attr,prof_attr,projet,auth_attr to IPA ?
>> Iwant to configure RBAC solaris on IPA .
>> Thanks
>
> There is probably a way to do this in LDAP but it isn't something that
> IPA provides.
>
> When IPA started there was no common access control mechanism across
> *nixes. We looked at the available options and ended up rolling our own
> which we called HBAC.
>
> rob
>
>
>


-- 
Petr Vobornik

More information about the Freeipa-users mailing list