[Freeipa-users] user-custom script

Sigbjorn Lie sigbjorn at nixtra.com
Tue May 28 12:33:07 UTC 2013 



On Mon, May 27, 2013 13:28, Petr Viktorin wrote:
> On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
>
>> Hi,
>>
>>
>> A while back I got some help writing a python script who extends the user classes in ipalib to
>> run a custom command when a user is added/modified/deleted. This has been working perfectly in
>> our production environment for a few years now, until I upgraded to IPA 3.0 last week. The
>> custom script is no longer executed.
>>
>> Did the libraries change since 2.2?
>>
>
> Hello,
> Yes, IPA did change, though not in the callback registration API. See
> comment below.
>
>>
>>
>> The script sits in /usr/lib/python2.6/site-packages/ipalib/plugins/user-custom.py and looks
>> like:
>>
>>
>>
>> #
>> # Extension to provide user-customizable script when a user id added/modified/deleted
>> #
>>
>>
>> from ipapython import ipautil
>>
>> # Extend add
>>
>>
>> from ipalib.plugins.user import user_add
>>
>> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options): inst.log.info('User
>> added') if 'ipa_user_script' in inst.api.env: try:
>> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except:
>> pass
>
> First of all, you can add better logging so you can diagnose errors more
> easily, e.g.:
>
> try:
> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except Exception, e:
> inst.log.error("ipa_user_script: Exception: %s", e)
>
>
> With this change, I can see the following line in the server log:
>
>
> ipa: ERROR: ipa_user_script: Exception: sequence item 2: expected string
> or Unicode, DN found
>
> The error is due to DN refactoring
> (https://fedorahosted.org/freeipa/ticket/1670). All DNs throughout IPA
> are now represented by DN objects. To use them as strings you need to convert them explicitly:
>
> ipautil.run([inst.api.env.ipa_user_script, "add", str(dn)])
>
> The same change is needed in the other three cases.
> The modified code should still work under IPA 2.2.
> Let me know if you're having more trouble.
>
>
>> return dn
>>
>> user_add.register_post_callback(script_post_add_callback)
>>
>>
>> # Extend delete
>>
>>
>> from ipalib.plugins.user import user_del
>>
>> def script_post_del_callback(inst, ldap, dn, attrs_list, *keys, **options): inst.log.info('User
>> deleted') if 'ipa_user_script' in inst.api.env: try:
>> ipautil.run([inst.api.env.ipa_user_script,"del", dn]) except:
>> pass
>>
>> return dn
>>
>> user_del.register_post_callback(script_post_del_callback)
>>
>>
>> # Extend modify
>>
>>
>> from ipalib.plugins.user import user_mod
>>
>> def script_post_mod_callback(inst, ldap, dn, attrs_list, *keys, **options): inst.log.info('User
>> modified') if 'ipa_user_script' in inst.api.env: try:
>> ipautil.run([inst.api.env.ipa_user_script,"mod", dn]) except:
>> pass
>>
>> return dn
>>
>> user_mod.register_post_callback(script_post_mod_callback)
>>
>


Thank you.

I removed the user-custom.pyc, and moved the existing user-custom.py file to /root and made the
changes in a new file, user-custom-v3.py. I then restarted httpd. However a .pyc file is not
created, even after adding/removing/modifying a user.

And the command specified to run in ipa_user_script is not run.

Do you have a suggestions to what I might be doing wrong?


Regards,
Siggi

More information about the Freeipa-users mailing list