via bash script on the freeipa - which works perfectly - but now animplemented via Gui was required. So I thought I would add a checkbox to the gui
and do the processing via python.
I followed your advice and implemented the python module as usermod_postcallback, however
this way does not work either. from ipaserver.plugins import user from ipalib.parameters import Bool from ipalib.text import _def useradd_precallback(self, ldap, dn, entry, attrs_list, *keys, **options):
if 'nextsambauser' not in entry['objectclass']:
entry['objectclass'].append('nextsambauser')
return dn
def usermod_postcallback(self, ldap, dn, entry, attrs_list, *keys,
**options):
# Wenn 'objectclass' nicht existiert, wird es vom LDAP abgerufen
if 'objectclass' not in entry.keys():
old_entry = ldap.get_entry(dn, ['objectclass'])
entry['objectclass'] = old_entry['objectclass']
if 'nextsambauser' not in entry['objectclass']:
entry['objectclass'].append('nextsambauser')
# Sicherstellen, dass nextsambaenabled als Bool behandelt wird
nextsambaenabled = entry.get('nextsambaenabled', 'false').lower()
== 'true'
# Logik zur Änderung der sambaSID basierend auf nextsambaenabled
if not nextsambaenabled: # Wenn nextsambaenabled == False
entry['sambaSID'] =
['S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1000']
else: # Wenn nextsambaenabled auf True gesetzt ist
ldap_entry = ldap.get_entry(dn, ['ipaNTSecurityIdentifier'])
ipa_sid = ldap_entry.get('ipaNTSecurityIdentifier', None)
# Debugging-Ausgabe, um zu sehen, ob der Wert abgerufen wird
with open('/var/log/ipa_plugin_debug.log', 'a') as debug_file:
debug_file.write(f"Fetched ipaNTSecurityIdentifier:
{ipa_sid}\n")
# Sicherstellen, dass ipa_sid nicht None ist und ein String
if ipa_sid and isinstance(ipa_sid, str):
entry['sambaSID'] = [ipa_sid] # Setze ipa_sid direkt als
sambaSID
else:
entry['sambaSID'] =
['S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1001'] # Standardwert
# Weitere Debugging-Ausgabe
with open('/var/log/ipa_plugin_debug.log', 'a') as debug_file:
debug_file.write(f"nextsambaenabled: {nextsambaenabled}\n")
debug_file.write(f"Updated sambaSID: {entry.get('sambaSID')}\n")
return dn
# Registrierung des Post-Callbacks
user.user_add.register_post_callback(usermod_postcallback)
# Hinzufügen der Parameter für das Plugin
user.user.takes_params = user.user.takes_params + (
Bool('nextsambaenabled?',
cli_name='nextsambaenabled',
label=_('Nextsamba enabled?'),
doc=_('Whether or not a nextsamba is enabled for this user
(default is false).'),
default=False,
autofill=True,
),
)
user.user.default_attributes = user.user.default_attributes +
['nextsambaenabled']
# Berechtigungen für die Verwaltung der Nextsamba-Attribute
user.user.managed_permissions = {**user.user.managed_permissions, **{
'System: Read User Nextsamba Attributes': {
'ipapermbindruletype': 'anonymous',
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'nextsambaenabled',
'sambaSID',
},
},
'System: Modify User Nextsamba Attributes': {
'ipapermbindruletype': 'permission',
'ipapermright': {'write', 'add', 'delete'},
'ipapermdefaultattr': {
'nextsambaenabled',
'sambaSID',
},
},
'System: Read POSIX details of the SMB services': {
'replaces_global_anonymous_aci': True,
'ipapermbindruletype': 'all',
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'objectclass', 'cn', 'uid', 'gecos', 'gidnumber',
'homedirectory', 'loginshell', 'uidnumber',
'ipantsecurityidentifier',
},
}
}}
smime.p7s
Description: Kryptografische S/MIME-Signatur
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
