Chris Candreva wrote: > > > On Mon, 26 Jul 2021, Rob Crittenden via FreeIPA-users wrote: > >> Chris Candreva via FreeIPA-users wrote: >>> >>> 10 years ago, a user asked running a custom script on user creation, to >>> take care of disk provisioning. >>> https://freeipa-users.redhat.narkive.com/eSX61h7t/add-user-custom-script >>> >>> Having the same need I found this post, however nothing about the posted >>> plugin seems to currently work. >>> >>> I've determined so far the plugin location moved from ipalib to ipa >>> server. I've changed the class. The logging didn't work, and the passing >>> of 'dn' gave a type error. The minimal version below at least doesn't >>> generate any errors, but also does not run the script (which simple echos >>> output to a /tmp/cxc.log file. >>> >>> I would appreciate any assistance either pointing to an already updated >>> version of this type of plugin, assistance doing so, or someone >>> knowledgable updating it for IPA 4.9.2 >>> >>> >>> >>> /usr/lib/python3.6/site-packages/ipaserver/plugins/cript_post_add_callback.py >>> ``` >>> from ipapython import ipautil >>> from ipaserver.plugins.user import user_add >>> >>> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options): >>> # inst.log.error('User added') >>> # if 'ipa_user_script' in inst.api.env: >>> # try: >>> ipautil.run(['/usr/local/sbin/cxc.sh',"add", "dn"]) >>> # except: >>> # pass >>> >>> return dn >>> ``` >>> >>> /usr/local/sbin/cxc.sh >>> ``` >>> #!/bin/bash >>> >>> echo "Hello, world: $1 $2" >>/tmp/cxc.log >>> ``` >> >> This is a very inefficient way to do it as it is going to fork Apache >> for each user add. We would still like a messaging system to share this >> among other types of messages but it is a significant feature with >> relatively low priority. >> >> Your plugin isn't working because you aren't registering the callback, >> among other things. >> >> This will work. >> >> from ipapython import ipautil >> from ipaserver.plugins.user import user_add >> from ipalib import api >> import logging >> >> logger = logging.getLogger(__name__) >> >> >> def script_post_add_callback(self, ldap, dn, attrs_list, *keys, **options): >> logger.debug('User added') >> # if 'ipa_user_script' in self.api.env: >> if True: >> try: >> ipautil.run(['/usr/local/sbin/cxc.sh', "add", str(dn)]) >> except Exception as e: >> logger.debug('execution failed with %s', e) >> >> return dn >> >> user_add.register_pre_callback(script_post_add_callback) >> >> Note that Apache has its own private tmp so you'll find the log in >> something like >> /tmp/systemd-private-b1ed3e9ade6c40d69d5f3913595fa651-httpd.service-PVal2h/tmp/cxc.log >> >> The plugin executes as the ipaapi so will have limited permissions to do >> things. >> >> For more information on plugins see: >> >> https://abbra.fedorapeople.org/freeipa-extensibility.html >> > > Rob, Thank you ! I was registering the callback, that was a cut and paste > error . The private tmp was my problem at the end. You did clear up the > other changes. > > I had found that page, it is out of date though, and has errors. It still > refers to ipalib instead of ipaserver, all the prototypes say "dn." > instead of "dn," , and it says "entry_args" is a dictionary, it appears to > be of type "LDAPEntry" . > > Is there a more up to date version, or a way to contribute edits ?
It's a 10-year old post but still mostly relevant. You can try contacting the author directly for updates, the e-mail is still correct. It may make sense to include an updated version of this the git tree under doc so if you wanted to work on that it would be great. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
