On pe, 04 elo 2017, Kristian Petersen via FreeIPA-users wrote:
Alexander,You are right, a split in plugins for server and client side happened
That was it! I had seen this before at a previous place of employment, but
couldn't recall enough of what we'd done there to fix it. You're a
lifesaver, really. Thank you very much to *everyone* who chimed in to lend
a hand.
PS: We're still running FreeIPA 4.4.0 and were affected by this change that
occurred in where the plugins files get stored. That may be something to
pass on to others.
during 4.4 release:
$ git tag --contains 6e44557b601f769d23ee74555a72e8b5cc62c0c9
alpha_1-4-4-0
release-4-4-0
release-4-4-1
release-4-4-2
release-4-4-3
release-4-4-4
release-4-5-0
release-4-5-1
release-4-5-2
release-4-5-3
$ git show -s 6e44557b601f769d23ee74555a72e8b5cc62c0c9
commit 6e44557b601f769d23ee74555a72e8b5cc62c0c9
Author: Jan Cholasta <jcholast@redhat.com>
Date: Thu Apr 28 10:30:05 2016 +0200
ipalib: move server-side plugins to ipaserver
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.
Remove the now unused ipalib.plugins package.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
It is more complex than that, you can see
https://pagure.io/freeipa/issue/4739 for a history of commits that went
in to implement the split.
I think I need to rewrite my plugin guide but one can use
https://github.com/abbra/freeipa-desktop-profile/ now as an example how
both client and server side plugins should look like these days. It also
shows how to integrate well new LDAP schema definitions with FreeIPA
server upgrade code.
On Fri, Aug 4, 2017 at 9:41 AM, Alexander Bokovoy <abokovoy@redhat.com>
wrote:
On pe, 04 elo 2017, Kristian Petersen wrote:
If it helps, the python file where we customized things is included below:Ok, this is location for pre-4.5 plugins. With FreeIPA 4.5 we split them
# Place in /usr/lib/python2.7/site-packages/ipalib/plugins/
into ipaserver/plugins and ipaclient/plugins, to allow clear separation
between server and client side plugins and to make thin client operation
possible.
Move your plugin Python code to ipaserver/plugins/ subdirectory instead
of ipalib/plugins. Also replace 'from ipalib.plugins' by 'from
ipaserver.plugins ..'.
import re
from ipalib import api
from ipalib.plugins import user, stageuser, group
from ipalib.parameters import Str
from ipalib import _
FILESERVER = "fileserver.chem.byu.edu"
GIDS = [
("csr", '1000'),
("staff", '3000'),
("faculty", '4000'),
("adjunct", '4010'),
("visiting", '4020'),
("emeritus", '4100'),
("graduate", '5000'),
("researcher", '6000'),
("ugrad", '8000'),
]
GROUP_TO_GID = {x: y for x, y in GIDS}
GID_TO_GROUP = {y: x for x, y in GIDS}
# Locations of home directories for different groups.
HOME_DIR_LOCATION = {
'1000': "/home/csr", # csr
'3000': "/home/staff", # staff
'4000': "/home/faculty", # faculty
'4010': "/home/faculty", # adjunct
'4020': "/home/postdoc", # visiting
'4100': "/home/faculty", # emeritus
'5000': "/home/research", # graduate
'6000': "/home/research", # researcher
'8000': "/home/students", # ugrad
}
############################
# Expose attributes to CLI #
############################
def __check_netid(ugettext, netid):
'''
Checks if netid is already assigned to an existing account.
'''
# Search for users with given NetID
result = api.Command.user_find(netid=netid)
# Throw error if NetID is already assigned to a user account
if result['count'] > 0:
uid = result['result'][0]['uid'][0]
return _("NetID is already assigned to user \"{}\".".format(uid))
def __validate_student_id(ugettext, studentid):
'''
Checks if studentid string is all numbers and nine digits long.
Also checks if studentid is already assigned to an existing account.
'''
if not (studentid.isdigit() and len(studentid) == 9):
return _("Student ID must be 9 digits")
# Check if ID number is already assigned to another account
result = api.Command.user_find(studentid=studentid)
if result['count'] > 0:
uid = result['result'][0]['uid'][0]
return _("Student ID is alread assigned to user
\"{}\".".format(uid))
chem_params = (
Str('netid', __check_netid,
cli_name='netid',
label=_('BYU Net ID'),
),
Str('studentid', __validate_student_id,
cli_name='studentid',
label=_('BYU Student ID Number'),
),
)
user.user.takes_params = user.user.takes_params + chem_params
user.user.default_attributes.append('netid')
user.user.default_attributes.append('studentid')
stageuser.stageuser.takes_params = stageuser.stageuser.takes_para ms + \
chem_params
stageuser.stageuser.default_attributes.append('netid')
stageuser.stageuser.default_attributes.append('studentid')
#####################
# Add pre-callbacks #
#####################
def __get_homedir(uid, homedir_base):
'''
Determines the location of a user's home directory.
'''
if 'students' in homedir_base:
return "{}/{}/{}".format(homedir_base, uid[0], uid)
else:
return "{}/{}".format(homedir_base, uid)
def __get_uid_from_dn(dn):
'''
Returns uid from dn.
'''
if 'uid' not in str(dn):
return _("\'uid\' not in given dn: \'{}\'".format(str(dn)))
uid = str(dn).split(',')[0] # gets 'uid=<username>'
uid = re.sub('^uid=', '', uid) # gets '<username>'
return uid
#######################
# Stageuser Callbacks #
#######################
def stageuseradd_precallback(self, ldap, dn, entry, attrs_list,
*keys, **options):
if 'homedirectory' in entry:
entry['homedirectory'] = __get_homedir(entry['uid'],
entry['homedirectory'])
return dn
def stageusermod_precallback(self, ldap, dn, entry, attrs_list,
*keys, **options):
if 'homedirectory' in entry:
entry['homedirectory'] = __get_homedir(__get_uid_from_dn(dn),
entry['homedirectory'])
return dn
stageuser.stageuser_add.register_pre_callback(stageuseradd_ precallback)
stageuser.stageuser_mod.register_pre_callback(stageusermod_ precallback)
##################
# User Callbacks #
##################
def useradd_precallback(self, ldap, dn, entry, attrs_list,
*keys, **options):
if 'homedirectory' in entry:
entry['homedirectory'] = __get_homedir(entry['uid'],
entry['homedirectory'])
return dn
def useradd_postcallback(self, ldap, dn, entry, attrs_list,
*keys, **options):
# TODO: add user to one of the default groups (ugrad, grad, etc.)
# NOTE: Since the groups Graduate and Faculty share home directories
# with other groups, there's no way to determine group based on
# home directory.
return dn
def usermod_precallback(self, ldap, dn, entry, attrs_list,
*keys, **options):
if 'homedirectory' in entry:
entry['homedirectory'] = __get_homedir(__get_uid_from_dn(dn),
entry['homedirectory'])
return dn
user.user_add.register_pre_callback(useradd_precallback)
user.user_mod.register_pre_callback(usermod_precallback)
###################
# Group Callbacks #
###################
def groupadd_postcallback(self, ldap, dn, entry, attrs_list,
*keys, **options):
# TODO: Create management role
return dn
def groupdel_precallback(self, ldap, dn, entry, attrs_list,
*keys, **options):
# TODO: Remove managment role
return dn
group.group_add.register_post_callback(groupadd_postcallback )
group.group_del.register_pre_callback(groupdel_precallback)
On Fri, Aug 4, 2017 at 8:57 AM, Pavel Vomacka <pvomacka@redhat.com>
wrote:
Hello,
On 08/03/2017 10:12 PM, Kristian Petersen via FreeIPA-users wrote:
The customizations that define the additions to the schema appear to be
in
the javascript file /usr/share/ipa/ui/js/plugins/chemuser/chemuser.js.
It defines the additional fields we use that are causing us so much
trouble. I have included it below.
// Place in /usr/share/ipa/ui/js/plugins/chemuser/
define([
'freeipa/phases',
'freeipa/user'],
function(phases, user_mod) {
// helper function
function get_item(array, attr, value) {
for (var i=0,l=array.length; i<l; i++) {
if (array[i][attr] === value) return array[i];
}
return null;
}
var chem_user_plugin = {};
chem_user_plugin.add_chemistry_fields_pre_op = function() {
// Adds extra fields into user details facet.
var facet = get_item(user_mod.entity_spec.facets, '$type', 'details');
var section = get_item(facet.sections, 'name', 'identity');
section.fields.push({
name: 'netid',
label: 'BYU Net ID',
required: 0,
}, {
name: 'studentid',
label: 'BYU Student ID Number',
required: 0,
}
);
// Adds extra fields to add user form.
var add_user_fields = user_mod.entity_spec.adder_dia
log.sections[0].fields;
add_user_fields.splice(3, 1) // Remove 'Class' field
add_user_fields.splice(3, 0, {
name: 'netid',
required: 0,
}, {
name: 'studentid',
required: 0,
}, {
name: 'mail',
required: 1,
}, {
$type: "combobox",
name: "homedirectory",
required: 1,
editable: 0,
options: [{
label: "CSR",
value: "/home/csr"
}, {
label: "Staff",
value: "/home/staff"
}, {
label: "Faculty",
value: "/home/faculty"
}, {
label: "Visiting/Postdoc",
value: "/home/postdoc"
}, {
label: "Graduate",
value: "/home/research",
}, {
label: "Researcher",
value: "/home/research"
}, {
label: "Undergrad",
value: "/home/students"
}
]
}
);
return true;
};
phases.on('customization', chem_user_plugin.add_chemistry
_fields_pre_op);
return chem_user_plugin;
});
This worked just fine prior to the update that Randy spoke of, but for
whatever reason it's not working now. When adding a user through the web
UI, the fields that are for the netid and studentid have no labels on
them
and if you try and add the person with data in them it gives an error:
"IPA
Error 3005: Option Error. Unknown option: studentid" or the same for the
netid.
The file appears to be in the right place in the filesystem. Any ideas?
From what I can see here, I would say that your Python changes stopped
working. The reason why you don't see any labels of your custom fields is
that they are not in metadata, which are send to WebUI. Therefore WebUI
cannot show them. And then when you send a request to the server with
those
custom options, the server does not understand those options (therefore
the
error message).
I don't know how you changed Python code. In case you do it directly in
code then the upgrade probably overrode your changes (as Rob mentioned
before). Or maybe your changes are not properly loaded or run.
You can try to call API by running:
$ ipa console
on your server. Then write something like:
>>>> api.Command.user_add(u'tuser', givenname=u'test', sn=u'user')
just add your new options and you will most likely get the same error.
(This is just the way how to test API calls which are used by WebUI
somewhere else than in WebUI, then you can say whether the bug is in
WebUI
or not).
From my point of view, WebUI plugin looks correct and it works, because
you can see some changes in WebUI.
On Thu, Aug 3, 2017 at 1:27 PM, Alexander Bokovoy <abokovoy@redhat.com>
wrote:
On to, 03 elo 2017, Kristian Petersen via FreeIPA-users wrote:
The customizations are in separate files and are still there, but seem
tohttps://github.com/abbra/freei
be getting ignored for lack of a better description.
You'd need to describe more and in more detail. Look at
pa-desktop-profile/ as an example of an
external plugin that works and integrates with existing FreeIPA upgrade
code properly.
You can look at that one to see what's different on your side.
--
/ Alexander Bokovoy
--
Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedo
rahosted.org
--
Pavel^3 Vomacka
--
Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry
--
/ Alexander Bokovoy
--
Kristian Petersen
System Administrator
Dept. of Chemistry and Biochemistry
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
--
/ Alexander Bokovoy