Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Extending FreeIPA

Extending FreeIPA

DevConf, Brno, 2014-02-08
NOTE: Most of these are just notes, not shown on screen. See https://github.com/encukou/slides/tree/master/2014-02-08-devconf-extending-freeipa for some details.

Petr Viktorin

February 08, 2014
Tweet

More Decks by Petr Viktorin

Other Decks in Programming

Transcript

  1. EXTENDING FREEIPA
    Petr Viktorin
    [email protected]
    DevConf, 2014-02-08

    View full-size slide

  2. What is FreeIPA?

    View full-size slide

  3. IPA API
    UI
    INSTALL, UPGRADE,
    MANAGE
    ipalib plugins
    backend plugins
    upgrade plugins
    389
    directory server certificate system http server
    kerberos
    system security
    services daemon
    BIND
    dns server
    sudo
    PAM sshd
    $ ipa user-show jwhite
    User login: jwhite
    First name: Jaren
    Last name: White
    Home directory: /home/jwhite
    Login shell: /bin/sh
    Email address: [email protected]
    UID: 1699600004
    GID: 1699600004
    Account disabled: False
    Password: False
    Member of groups: ipausers
    Kerberos keys available: False
    JSON-RPC

    View full-size slide

  4. LDAP
    Tree structure
    object classes & attribute types
    OIDs
    http://www.zytrax.com/books/ldap/

    View full-size slide

  5. Extending LDAP
    Schema
    install/share/60basev3.ldif
    Content updating
    install/updates/40-otp.update
    ACIs
    Updater plugins
    ipaserver/install/plugins/upload_cacrt.py

    View full-size slide

  6. ipaldap
    “Object–LDAP mapper”
    see ipaldap-demo.py

    View full-size slide

  7. API plugins
    Objects & Methods
    ipalib/plugins/user.py

    View full-size slide

  8. Objects
    objectclasses, attributes
    takes_params
    attribute name (*?+)
    validators
    cli_name
    flags - see
    ipalib.parameters.Param
    default permissions

    View full-size slide

  9. Methods
    run
    forward
    execute

    View full-size slide

  10. Callbacks
    pre_callback
    Extra validation, generating random password
    post_callback
    Updating other entries, tweaking output
    exc_callback
    Error handling
    interactive_prompt_callback
    Prompting for values

    View full-size slide

  11. Other “plugins”
    DS plugins
    UI facets
    Tests

    View full-size slide

  12. EXTENDING FREEIPA

    View full-size slide

  13. A. Extend the core
    + tweak everything
    − gotta play by the rules
    B. External plugin
    + do whatever you want
    − hic sunt leones

    View full-size slide

  14. A. Extend the core
    1. Say hello
    2. File an RFE ticket
    3. Read General
    Considerations
    4. Write a Design page
    5. Submit patches
    6. Profit!

    View full-size slide

  15. B. External plugin
    1. Say hello!
    2. Write a plugin
    3. Share the plugin
    4. Package the plugin
    5. Profit!

    View full-size slide