[Freeipa-users] add solaris attribiutes to IPA

Petr Vobornik pvoborni at redhat.com
Tue Jul 29 11:23:45 UTC 2014 

On 28.7.2014 18:23, mohammad sereshki wrote:
> Dear Petr
> I'm using below rpm, in redhat/centos  linux
>
>
> ipa-server-3.0.0-25.el6.x86_64

In 3.0 it is possible, but quite difficult. You would have to add new 
entity (ipa object code to /share/ipa/ui/ext/extension.js and somehow 
hack navigation. I don't have any examples. It is slightly easier if you 
don't mind changing files owned by ipa-server rpm but that is usually a 
bad thing to do.

These inconveniences were the reason to implement the new plugin system 
along with refactorization of navigation. IPA 3.3+ is present in Fedora 
and RHEL/CentOS 7.

>
>
>
> ________________________________
>   From: Petr Vobornik <pvoborni at redhat.com>
> To: mohammad sereshki <mohammadsereshki at yahoo.com>; Rob Crittenden <rcritten at redhat.com>; "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> Sent: Monday, July 28, 2014 8:10 PM
> Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
>
>
> On 28.7.2014 16:21, mohammad sereshki wrote:
>> Dear
>>
>> yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP
>> then we can add it as default parameter of user and configure it to set RBAC (role access)
>> if you want I can share the commands with you.
>> but I want to know how can we change  WEBUI to configure solarisuserattr through web interface.
>> anyway I had done it through command line.
>
> Which version of FreeIPA or IdM are we talking about? In older version
> it's quite difficult. Web UI in IPA 3.3+ has a new plugin system. The
> slides [3] which Martin sent in the first reply covers how to extend
> existing page, but one can also add completely new page and a menu item.
>
> Some time ago I wrote example plugin [1] (not sure if it still works)
> which replaces user details page in self-service mode with new more
> simple one. It shows how to add/delete menu items.
>
> To implement new pages, one can take inspiration from core FreeIPA code.
> The simplest page is probably Radius Server Proxy [2]. The only
> differences are that core plugins have menu items defined on one place
> somewhere else and that, when one refers to UI module, he has to use
> absolute module name ('freeipa/text/') instead of a relative one ('./text').
>
> [1] https://pvoborni.fedorapeople.org/plugins/simpleuser/simpleuser.js
> [2]
> https://git.fedorahosted.org/cgit/freeipa.git/tree/install/ui/src/freeipa/radiusproxy.js
>
> Other sources:
> [3] http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
> [4]  http://pvoborni.fedorapeople.org/doc/#!/guide/Plugins
>
>
>>
>>
>>
>> ________________________________
>>     From: Rob Crittenden <rcritten at redhat.com>
>> To: mohammad sereshki <mohammadsereshki at yahoo.com>; "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>> Sent: Monday, July 28, 2014 6:45 PM
>> Subject: Re: [Freeipa-users] add solaris attribiutes to IPA
>>
>>
>> mohammad sereshki wrote:
>>
>>
>>
>>> hi
>>> Would you please let me know who can i add
>>> /etc/user_attr,prof_attr,projet,auth_attr to IPA ?
>>> Iwant to configure RBAC solaris on IPA .
>>> Thanks
>>
>> There is probably a way to do this in LDAP but it isn't something that
>> IPA provides.
>>
>> When IPA started there was no common access control mechanism across
>> *nixes. We looked at the available options and ended up rolling our own
>> which we called HBAC.
>>
>> rob
>>
>>
>>
>
>


-- 
Petr Vobornik

More information about the Freeipa-users mailing list