Skip to content

Instantly share code, notes, and snippets.

@jb68

jb68/user.py.diff

Last active August 4, 2020 08:52
Show Gist options
  • Save jb68/22ef9a8450fe86ae1670b94009f4f4a2 to your computer and use it in GitHub Desktop.
Save jb68/22ef9a8450fe86ae1670b94009f4f4a2 to your computer and use it in GitHub Desktop.
Download ZIP
freeipa user-add/remove/mod trigger a custom script
Raw
user.py.diff
diff --git a/user.py b/user.py
index cb47cbb..6b9ff36 100644
--- a/user.py
+++ b/user.py
@@ -40,7 +40,7 @@ from ipalib import _, ngettext
from ipalib import output
from ipalib import x509
from ipaplatform.paths import paths
-from ipapython.ipautil import ipa_generate_password
+from ipapython.ipautil import ipa_generate_password, run
from ipapython.ipavalidate import Email
from ipalib.capabilities import client_has_capability
from ipalib.util import (normalize_sshpubkey, validate_sshpubkey,
@@ -408,7 +408,7 @@ class user_add(baseuser_add):
doc=_('Don\'t create user private group'),
),
)
-
+ init_passwd = ''
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
dn = self.obj.get_either_dn(*keys, **options)
if not options.get('noprivate', False):
@@ -489,7 +489,8 @@ class user_add(baseuser_add):
entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars)
# save the password so it can be displayed in post_callback
setattr(context, 'randompassword', entry_attrs['userpassword'])
-
+ if 'userpassword' in entry_attrs:
+ user_add.init_passwd = entry_attrs['userpassword']
if 'mail' in entry_attrs:
entry_attrs['mail'] = self.obj.normalize_and_validate_email(entry_attrs['mail'], config)
else:
@@ -569,7 +570,14 @@ class user_add(baseuser_add):
self.obj.get_preserved_attribute(entry_attrs, options)
self.post_common_callback(ldap, dn, entry_attrs, **options)
-
+ # Check config and call ipa_user_script if available
+ if 'ipa_user_script' in self.api.env:
+ try:
+ self.log.debug("running %s %s %s" % (self.api.env.ipa_user_script, "add", dn))
+ run([self.api.env.ipa_user_script, "add", "%s" % dn, user_add.init_passwd])
+ except:
+ self.log.error("error runing %s" % self.api.env.ipa_user_script)
+ pass
return dn
@@ -682,7 +690,14 @@ class user_del(baseuser_del):
self.api.Command.otptoken_mod(token, ipatokenowner=None)
else:
self.api.Command.otptoken_del(token)
-
+ # If there is a ipa_user_script set in configuration, call it out
+ if 'ipa_user_script' in self.api.env:
+ try:
+ self.log.debug("running %s %s %s" % (self.api.env.ipa_user_script, "add", dn))
+ run([self.api.env.ipa_user_script, "del", "%s" % dn])
+ except:
+ self.log.error("error runing %s" % self.api.env.ipa_user_script)
+ pass
return dn
def execute(self, *keys, **options):
@@ -726,6 +741,13 @@ class user_mod(baseuser_mod):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.post_common_callback(ldap, dn, entry_attrs, **options)
self.obj.get_preserved_attribute(entry_attrs, options)
+ if 'ipa_user_script' in self.api.env:
+ try:
+ self.log.debug("running %s %s %s" % (self.api.env.ipa_user_script, "add", dn))
+ run([self.api.env.ipa_user_script, "mod", "%s" % dn])
+ except:
+ self.log.error("error runing %s" % self.api.env.ipa_user_script)
+ pass
return dn
@jb68
Copy link
Author

jb68 commented Apr 4, 2017
edited
Loading

user.py from freeipa based on CentOS 7.1
This change will create a trigger that will call a script configured as ipa_user_script entry on ipa config and pass different arguments depending on operation
ex in /etc/ipa/server.conf
ipa_user_script=/opt/bin/ipa/usermail.sh

On Add User we will have
/opt/bin/ipa/usermail.sh add [username] password

Install

save user.py.diff locally, ex ~/user.py.diff
cd /usr/lib/python2.7/site-packages/ipalib/plugins/
cp user.py user.py.bk
patch -p1 < ~/user.py.diff
systemctl restart httpd

edit /etc/ipa.default.conf and add
ipa_user_script=/opt/bin/ipa_user.sh

make sure that you have the ipa_user.sh script

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment