[Freeipa-users] Extending attributes

Thu Apr 7 21:57:07 UTC 2016

Finding very little on the Interwebs about this, I wonder if I'm the
only person who's trying to add things to FreeIPA and doing UI and
backend plugins!

The back story, I'm coming from an OpenLDAP deployment which I need to
update for various reasons and decided to look at options.   FreeIPA
looks great, and I'm using 4.2.0-15 from the RHEL7 distribution
(technically Springdale Linux, our in-house rebuild).  Since one of
the sticky parts of management of hosts and users for myself and
others has been all the LDAP details (which I and one other use
ldapmodify for, but some of the admin assistants who create accounts
use a custom-made PHP that makes it slightly prettier but harder to
maintain), I'm trying to get everything into a pretty interface that
anyone can use and means a single window for making these changes.

I'm ditching our custom LDAP schema since the attributes can be
handled by other included schema elements, though I am adding the
Puppet schema which was easily imported and I even wrote the glue to
make that work.  One of the things I wanted to add is to a host
record, the 'owner' field, which should be the owner of a machine -
this gets pulled into puppet for some fanciness down the road, as well
as used for some accounting information.

What I have currently works, but it's not how I originally wrote it:
http://www.astro.princeton.edu/~huston/astrocustom/

The way I wanted it, the javascript part (which worked fine) pushed
the name field, with type 'entity_select', other_entity: 'user',
other_field: 'uid'.  This gave a nice drop-down of all the users, and
submitted the UID to the back-end.  I quickly realized when I tried to
submit a host that it was barfing because LDAP wants a DN, so I looked
at how 'manager' is done for users and tried to replicate it.  The
Python to do that is shown in astrocustom-new.py.html in the above
directory.  I know that didn't work, but I forget which version of
that not working that is - at some point I stopped checking them into
version control and bashed on the server until I gave up.

Can someone help me figure out what I'm doing here?  :D  Part of it
I'm sure is my limited Python knowledge, and the fact that I'm
applying concepts I learned long ago from programming languages
classes to a language I don't really use based on seeing how some
parts work and trying to make them work elsewhere.  Alternatively, if
there's more than just the FreeIPA33-extending-freeipa.pdf
presentation to go on for making plugins (and
pvoborni.fedorapeople.org/plugins for UI work) I'd love to have a
pointer to it to read more.  There's some other UI things I'd tried
doing before which failed (such as removing some of the items from the
stageuser details page, which the people who will create stageusers
won't need to see and shouldn't be messing with) but that's another
thread, which might not need to be opened if there's another trove of
information on this that I just haven't found yet.

Thanks for reading this far.  Cookies are on the way.

-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'