[Freeipa-users] Extending attributes

Petr Vobornik pvoborni at redhat.com
Fri Apr 8 07:50:34 UTC 2016 

On 04/07/2016 11:57 PM, Steve Huston wrote:
> Finding very little on the Interwebs about this, I wonder if I'm the
> only person who's trying to add things to FreeIPA and doing UI and
> backend plugins!
> 
> The back story, I'm coming from an OpenLDAP deployment which I need to
> update for various reasons and decided to look at options.   FreeIPA
> looks great, and I'm using 4.2.0-15 from the RHEL7 distribution
> (technically Springdale Linux, our in-house rebuild).  Since one of
> the sticky parts of management of hosts and users for myself and
> others has been all the LDAP details (which I and one other use
> ldapmodify for, but some of the admin assistants who create accounts
> use a custom-made PHP that makes it slightly prettier but harder to
> maintain), I'm trying to get everything into a pretty interface that
> anyone can use and means a single window for making these changes.
> 
> I'm ditching our custom LDAP schema since the attributes can be
> handled by other included schema elements, though I am adding the
> Puppet schema which was easily imported and I even wrote the glue to
> make that work.  One of the things I wanted to add is to a host
> record, the 'owner' field, which should be the owner of a machine -
> this gets pulled into puppet for some fanciness down the road, as well
> as used for some accounting information.
> 
> What I have currently works, but it's not how I originally wrote it:
> http://www.astro.princeton.edu/~huston/astrocustom/
> 
> The way I wanted it, the javascript part (which worked fine) pushed
> the name field, with type 'entity_select', other_entity: 'user',
> other_field: 'uid'.  This gave a nice drop-down of all the users, and
> submitted the UID to the back-end.  I quickly realized when I tried to
> submit a host that it was barfing because LDAP wants a DN, so I looked
> at how 'manager' is done for users and tried to replicate it.  The
> Python to do that is shown in astrocustom-new.py.html in the above
> directory.  I know that didn't work, but I forget which version of
> that not working that is - at some point I stopped checking them into
> version control and bashed on the server until I gave up.
> 
> Can someone help me figure out what I'm doing here?  :D  Part of it
> I'm sure is my limited Python knowledge, and the fact that I'm
> applying concepts I learned long ago from programming languages
> classes to a language I don't really use based on seeing how some
> parts work and trying to make them work elsewhere.  Alternatively, if
> there's more than just the FreeIPA33-extending-freeipa.pdf
> presentation to go on for making plugins (and
> pvoborni.fedorapeople.org/plugins for UI work) I'd love to have a
> pointer to it to read more.  There's some other UI things I'd tried
> doing before which failed (such as removing some of the items from the
> stageuser details page, which the people who will create stageusers
> won't need to see and shouldn't be messing with) but that's another
> thread, which might not need to be opened if there's another trove of
> information on this that I just haven't found yet.
> 
> Thanks for reading this far.  Cookies are on the way.
> 

I didn't examine it thoroughly. But basically: IPA management framework
does "cn" -> "dn" conversion in pre_callback (host-add, host-mod). But
then it needs to do the reverse on post_callback (host-add, host-mod,
host-show, maybe also host-find)

Given that manager field was your example, you can also look at
"convert_manager" method which does the "dn" -> "cn" conversion. And how
it is called in post_callback/how are post_callbacks defined.

Apart from that, I don't see what is wrong. How does it behave?
-- 
Petr Vobornik

More information about the Freeipa-users mailing list