Chris Candreva via FreeIPA-users wrote:
>
> 10 years ago, a user asked running a custom script on user creation, to
> take care of disk provisioning.
> https://freeipa-users.redhat.narkive.com/eSX61h7t/add-user-custom-script
>
> Having the same need I found this post, however nothing about the posted
> plugin seems to currently work.
>
> I've determined so far the plugin location moved from ipalib to ipa
> server. I've changed the class. The logging didn't work, and the passing
> of 'dn' gave a type error. The minimal version below at least doesn't
> generate any errors, but also does not run the script (which simple echos
> output to a /tmp/cxc.log file.
>
> I would appreciate any assistance either pointing to an already updated
> version of this type of plugin, assistance doing so, or someone
> knowledgable updating it for IPA 4.9.2
>
>
>
> /usr/lib/python3.6/site-packages/ipaserver/plugins/cript_post_add_callback.py
> ```
> from ipapython import ipautil
> from ipaserver.plugins.user import user_add
>
> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
> # inst.log.error('User added')
> # if 'ipa_user_script' in inst.api.env:
> # try:
> ipautil.run(['/usr/local/sbin/cxc.sh',"add", "dn"])
> # except:
> # pass
>
> return dn
> ```
>
> /usr/local/sbin/cxc.sh
> ```
> #!/bin/bash
>
> echo "Hello, world: $1 $2" >>/tmp/cxc.log
> ```
This is a very inefficient way to do it as it is going to fork Apache
for each user add. We would still like a messaging system to share this
among other types of messages but it is a significant feature with
relatively low priority.
Your plugin isn't working because you aren't registering the callback,
among other things.
This will work.
from ipapython import ipautil
from ipaserver.plugins.user import user_add
from ipalib import api
import logging
logger = logging.getLogger(__name__)
def script_post_add_callback(self, ldap, dn, attrs_list, *keys, **options):
logger.debug('User added')
# if 'ipa_user_script' in self.api.env:
if True:
try:
ipautil.run(['/usr/local/sbin/cxc.sh', "add", str(dn)])
except Exception as e:
logger.debug('execution failed with %s', e)
return dn
user_add.register_pre_callback(script_post_add_callback)
Note that Apache has its own private tmp so you'll find the log in
something like
/tmp/systemd-private-b1ed3e9ade6c40d69d5f3913595fa651-httpd.service-PVal2h/tmp/cxc.log
The plugin executes as the ipaapi so will have limited permissions to do
things.
For more information on plugins see:
https://abbra.fedorapeople.org/freeipa-extensibility.html
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
