Chris Candreva via FreeIPA-users wrote: > > 10 years ago, a user asked running a custom script on user creation, to > take care of disk provisioning. > https://freeipa-users.redhat.narkive.com/eSX61h7t/add-user-custom-script > > Having the same need I found this post, however nothing about the posted > plugin seems to currently work. > > I've determined so far the plugin location moved from ipalib to ipa > server. I've changed the class. The logging didn't work, and the passing > of 'dn' gave a type error. The minimal version below at least doesn't > generate any errors, but also does not run the script (which simple echos > output to a /tmp/cxc.log file. > > I would appreciate any assistance either pointing to an already updated > version of this type of plugin, assistance doing so, or someone > knowledgable updating it for IPA 4.9.2 > > > > /usr/lib/python3.6/site-packages/ipaserver/plugins/cript_post_add_callback.py > ``` > from ipapython import ipautil > from ipaserver.plugins.user import user_add > > def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options): > # inst.log.error('User added') > # if 'ipa_user_script' in inst.api.env: > # try: > ipautil.run(['/usr/local/sbin/cxc.sh',"add", "dn"]) > # except: > # pass > > return dn > ``` > > /usr/local/sbin/cxc.sh > ``` > #!/bin/bash > > echo "Hello, world: $1 $2" >>/tmp/cxc.log > ```
This is a very inefficient way to do it as it is going to fork Apache for each user add. We would still like a messaging system to share this among other types of messages but it is a significant feature with relatively low priority. Your plugin isn't working because you aren't registering the callback, among other things. This will work. from ipapython import ipautil from ipaserver.plugins.user import user_add from ipalib import api import logging logger = logging.getLogger(__name__) def script_post_add_callback(self, ldap, dn, attrs_list, *keys, **options): logger.debug('User added') # if 'ipa_user_script' in self.api.env: if True: try: ipautil.run(['/usr/local/sbin/cxc.sh', "add", str(dn)]) except Exception as e: logger.debug('execution failed with %s', e) return dn user_add.register_pre_callback(script_post_add_callback) Note that Apache has its own private tmp so you'll find the log in something like /tmp/systemd-private-b1ed3e9ade6c40d69d5f3913595fa651-httpd.service-PVal2h/tmp/cxc.log The plugin executes as the ipaapi so will have limited permissions to do things. For more information on plugins see: https://abbra.fedorapeople.org/freeipa-extensibility.html rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure