Re: [Freeipa-users] add solaris attribiutes to IPA

[Petr Vobornik]

On 28.7.2014 18:23, mohammad sereshki wrote:
Dear Petr
I'm using below rpm, in redhat/centos  linux

ipa-server-3.0.0-25.el6.x86_64

In 3.0 it is possible, but quite difficult. You would have to add new 
entity (ipa object code to /share/ipa/ui/ext/extension.js and somehow 
hack navigation. I don't have any examples. It is slightly easier if you 
don't mind changing files owned by ipa-server rpm but that is usually a 
bad thing to do.

These inconveniences were the reason to implement the new plugin system 
along with refactorization of navigation. IPA 3.3+ is present in Fedora 
and RHEL/CentOS 7.




________________________________
  From: Petr Vobornik <pvobo...@redhat.com>
To: mohammad sereshki <mohammadseres...@yahoo.com>; Rob Crittenden <rcrit...@redhat.com>; 
"freeipa-users@redhat.com" <freeipa-users@redhat.com>
Sent: Monday, July 28, 2014 8:10 PM
Subject: Re: [Freeipa-users] add solaris attribiutes to IPA


On 28.7.2014 16:21, mohammad sereshki wrote:
Dear

yes you are right, we can cnfigure an object schema "SolarisUserAttr" in LDAP
then we can add it as default parameter of user and configure it to set RBAC 
(role access)
if you want I can share the commands with you.
but I want to know how can we change  WEBUI to configure solarisuserattr 
through web interface.
anyway I had done it through command line.

Which version of FreeIPA or IdM are we talking about? In older version
it's quite difficult. Web UI in IPA 3.3+ has a new plugin system. The
slides [3] which Martin sent in the first reply covers how to extend
existing page, but one can also add completely new page and a menu item.

Some time ago I wrote example plugin [1] (not sure if it still works)
which replaces user details page in self-service mode with new more
simple one. It shows how to add/delete menu items.

To implement new pages, one can take inspiration from core FreeIPA code.
The simplest page is probably Radius Server Proxy [2]. The only
differences are that core plugins have menu items defined on one place
somewhere else and that, when one refers to UI module, he has to use
absolute module name ('freeipa/text/') instead of a relative one ('./text').

[1] https://pvoborni.fedorapeople.org/plugins/simpleuser/simpleuser.js
[2]
https://git.fedorahosted.org/cgit/freeipa.git/tree/install/ui/src/freeipa/radiusproxy.js

Other sources:
[3] http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
[4]  http://pvoborni.fedorapeople.org/doc/#!/guide/Plugins





________________________________
    From: Rob Crittenden <rcrit...@redhat.com>
To: mohammad sereshki <mohammadseres...@yahoo.com>; "freeipa-users@redhat.com" 
<freeipa-users@redhat.com>
Sent: Monday, July 28, 2014 6:45 PM
Subject: Re: [Freeipa-users] add solaris attribiutes to IPA


mohammad sereshki wrote:



hi
Would you please let me know who can i add
/etc/user_attr,prof_attr,projet,auth_attr to IPA ?
Iwant to configure RBAC solaris on IPA .
Thanks

There is probably a way to do this in LDAP but it isn't something that
IPA provides.

When IPA started there was no common access control mechanism across
*nixes. We looked at the available options and ended up rolling our own
which we called HBAC.

rob







--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project