[Freeipa-users] user-custom script
Sigbjorn Lie
sigbjorn at nixtra.com
Wed May 29 07:50:53 UTC 2013
On Tue, May 28, 2013 15:44, Petr Viktorin wrote:
> On 05/28/2013 02:33 PM, Sigbjorn Lie wrote:
>
>> On Mon, May 27, 2013 13:28, Petr Viktorin wrote:
>>
>>> On 05/27/2013 12:50 PM, Sigbjorn Lie wrote:
>>>
>>>
>>>> Hi,
>>>>
>>>>
>>>>
>>>> A while back I got some help writing a python script who extends the user classes in ipalib
>>>> to run a custom command when a user is added/modified/deleted. This has been working
>>>> perfectly in our production environment for a few years now, until I upgraded to IPA 3.0
>>>> last week. The custom script is no longer executed.
>>>>
>>>> Did the libraries change since 2.2?
>>>>
>>>>
>>>
>>> Hello,
>>> Yes, IPA did change, though not in the callback registration API. See
>>> comment below.
>>>
>>>>
>>>>
>>>> The script sits in /usr/lib/python2.6/site-packages/ipalib/plugins/user-custom.py and looks
>>>> like:
>>>>
>>>>
>>>>
>>>>
>>>> #
>>>> # Extension to provide user-customizable script when a user id added/modified/deleted
>>>> #
>>>>
>>>>
>>>>
>>>> from ipapython import ipautil
>>>>
>>>> # Extend add
>>>>
>>>>
>>>>
>>>> from ipalib.plugins.user import user_add
>>>>
>>>> def script_post_add_callback(inst, ldap, dn, attrs_list, *keys, **options):
>>>> inst.log.info('User added') if 'ipa_user_script' in inst.api.env: try:
>>>> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except: pass
>>>
>>> First of all, you can add better logging so you can diagnose errors more
>>> easily, e.g.:
>>>
>>> try:
>>> ipautil.run([inst.api.env.ipa_user_script,"add", dn]) except Exception, e:
>>> inst.log.error("ipa_user_script: Exception: %s", e)
>>>
>>>
>>>
>>> With this change, I can see the following line in the server log:
>>>
>>>
>>>
>>> ipa: ERROR: ipa_user_script: Exception: sequence item 2: expected string
>>> or Unicode, DN found
>>>
>>> The error is due to DN refactoring
>>> (https://fedorahosted.org/freeipa/ticket/1670). All DNs throughout IPA
>>> are now represented by DN objects. To use them as strings you need to convert them explicitly:
>>>
>>>
>>> ipautil.run([inst.api.env.ipa_user_script, "add", str(dn)])
>>>
>>> The same change is needed in the other three cases.
>>> The modified code should still work under IPA 2.2.
>>> Let me know if you're having more trouble.
>>>
>>>
>>>
> [...]
>
>>
>>
>> Thank you.
>>
>>
>> I removed the user-custom.pyc, and moved the existing user-custom.py file to /root and made the
>> changes in a new file, user-custom-v3.py. I then restarted httpd. However a .pyc file is not
>> created, even after adding/removing/modifying a user.
>
> The server runs under apache, it doesn't have permissions to create .pyc
> files in /usr/lib/.
>
>> And the command specified to run in ipa_user_script is not run.
>>
>>
>> Do you have a suggestions to what I might be doing wrong?
>>
>
> Do you get any messages in /var/log/httpd/error_log?
>
>
I managed to figure this one out. SElinux was causing the issue. Everything worked just fine after
restoring the correct file labels.
Thank you for your help. :)
Regards,
Siggi
More information about the Freeipa-users
mailing list