[Freeipa-users] modify schema - add group email and display attribute

Sandor Juhasz sjuhasz at chemaxon.com
Thu Jan 19 13:29:01 UTC 2017 

One more issue. Service user cannot see the new attribute. It does see the objectclass. 

ldif: 
dn: cn=schema 
changetype: modify 
add: objectclasses 
objectclasses: ( 1.3.6.1.4.1.49232.1.1 
NAME 'groupMail' 
SUP top 
STRUCTURAL 
MAY ( mail $ displayname ) 
X-ORIGIN 'Extending FreeIPA' ) 

Service user: 
uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 

Regular user: 
uid=admin,cn=users,cn=accounts,dc=test,dc=tld 

They both see objectclass=groupmail, but uid=googlesync does not birng back 
mail and displyaname, while using ldapsearch. 


Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuhasz at chemaxon.com> 
To: "Petr Vobornik" <pvoborni at redhat.com> 
Cc: freeipa-users at redhat.com 
Sent: Wednesday, January 11, 2017 3:26:41 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

It is fixed. The location was fine. We had to do some digging there. 
The group module works different than the user and is giving 
var section = get_item(facet.sections, 'name', 'details'); 
instead of 
var section = get_item(facet.sections, 'name', 'identity'); 
as the user would do. 

Yup figured that index generation is auto. 

So all check, all happy in the end. 
Thx. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Petr Vobornik" <pvoborni at redhat.com> 
To: "Sandor Juhasz" <sjuhasz at chemaxon.com>, "Ludwig Krispenz" <lkrispen at redhat.com> 
Cc: freeipa-users at redhat.com 
Sent: Wednesday, January 11, 2017 3:04:09 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

On 01/11/2017 01:58 PM, Sandor Juhasz wrote: 
> Ok, 
> 
> OID - check 
> ldapmodify - check 
> python scripts - check 
> These works on both ipa 3.x and ipa 4.x. 
> So the basic functionality is there for the new object class. 
> 
> js - i am stuck with, i have created the js files for the plugin, see below. 
> 
> But i don't know how to generate the the index. Also i might be completely wrong. 
> 
> On ipa 3.x the js files are there, most probably the groups.js would exist as i 
> expect it. 
> But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is there. 

You don't need to generate plugin index, it is generated automatically. 

Just: 
mkdir /usr/share/ipa/ui/js/plugins/myplugin 
cp myplugin.js /usr/share/ipa/ui/js/plugins/myplugin 

It should be automatically picked up by Web UI. 

It will work only in RHEL 7/CentOS 7(FreeIPA 3.3+). Not RHEL 6(sort of 
3.0/3.1/3.2) 

On RHEL 6, there is /usr/share/ipa/ui/ext/extension.js which can contain 
custom content to extend UI, but writing a plugin for it is much more 
complicated so I'd rather avoid it. 

> 
> Here is the plugin, i am trying to use: 
> define([ 
> 'freeipa/phases', 
> 'freeipa/group'], 
> function(phases, group_mod) { 
> // helper function 
> function get_item(array, attr, value) { 
> for (var i=0,l=array.length; i<l; i++) { 
> if (array[i][attr] === value) return array[i]; 
> } 
> return null; 
> } 
> var groupmail_plugin = {}; 
> // adds 'mail' field into group details facet 
> groupmail_plugin.add_group_mail_pre_op = function() { 
> var facet = get_item(group_mod.entity_spec.facets, '$type', 'details'); 
> var section = get_item(facet.sections, 'name', 'identity'); 
> section.fields.push({ 
> name: 'mail', 
> label: 'Mail' 
> }); 
> return true; 
> }; 
> phases.on('customization', groupmail_plugin.add_group_mail_pre_op); 
> return groupmail_plugin; 
> }); 
> 
> 
> *Sándor Juhász* 
> System Administrator 
> *ChemAxon**Ltd*. 
> Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
> Cell: +36704258964 
> 
> -------------------------------------------------------------------------------- 
> *From: *"Brian Candler" <b.candler at pobox.com> 
> *To: *"Sandor Juhasz" <sjuhasz at chemaxon.com> 
> *Cc: *freeipa-users at redhat.com 
> *Sent: *Monday, January 2, 2017 6:41:02 PM 
> *Subject: *Re: [Freeipa-users] modify schema - add group email and display attribute 
> 
> On 02/01/2017 11:53, Sandor Juhasz wrote: 
> > I would be really happy if anybody could assign an OID for the new 
> > objectcalss 
> 
> You can get your own enterprise OID for free from here: 
> 
> http://pen.iana.org/pen/PenApplication.page 
> 
> Note that you only get one, so it's up to you to subdivide the space. 
> For example: if you get 1.3.6.1.4.1.99999, then you might decide to use: 
> 
> 1.3.6.1.4.1.99999.1 = LDAP object classes 
> 
> 1.3.6.1.4.1.99999.1.1 = myMailObjectClass 
> 
> 1.3.6.1.4.1.99999.1.2 = someOtherObjectClass 
> 
> 1.3.6.1.4.1.99999.2 = LDAP attributes 
> 
> 1.3.6.1.4.1.99999.2.1 = mySpecialAttribute 
> 
> then later you can assign under 1.3.6.1.4.1.99999.3 for something else 
> that needs OIDs (e.g. SNMP MIBs) and so on. 
> 
> 
> 


-- 
Petr Vobornik 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/da7a5191/attachment.htm>

More information about the Freeipa-users mailing list