Extending FreeIPA

Transcript

1. EXTENDING FREEIPA Petr Viktorin [email protected] DevConf, 2014-02-08

2. What is FreeIPA?

3. IPA API UI INSTALL, UPGRADE, MANAGE ipalib plugins backend plugins

   upgrade plugins 389 directory server certificate system http server kerberos system security services daemon BIND dns server sudo PAM sshd $ ipa user-show jwhite User login: jwhite First name: Jaren Last name: White Home directory: /home/jwhite Login shell: /bin/sh Email address: [email protected] UID: 1699600004 GID: 1699600004 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False JSON-RPC

4. LDAP Tree structure object classes & attribute types OIDs http://www.zytrax.com/books/ldap/

5. Extending LDAP Schema install/share/60basev3.ldif Content updating install/updates/40-otp.update ACIs Updater plugins

   ipaserver/install/plugins/upload_cacrt.py

6. ipaldap “Object–LDAP mapper” see ipaldap-demo.py

7. API plugins Objects & Methods ipalib/plugins/user.py

8. Objects objectclasses, attributes takes_params attribute name (*?+) validators cli_name flags

   - see ipalib.parameters.Param default permissions

9. Methods run forward execute

10. Callbacks pre_callback Extra validation, generating random password post_callback Updating other

    entries, tweaking output exc_callback Error handling interactive_prompt_callback Prompting for values

11. Other “plugins” DS plugins UI facets Tests

12. EXTENDING FREEIPA

13. A. Extend the core + tweak everything − gotta play

    by the rules B. External plugin + do whatever you want − hic sunt leones

14. A. Extend the core 1. Say hello 2. File an

    RFE ticket 3. Read General Considerations 4. Write a Design page 5. Submit patches 6. Profit!

15. B. External plugin 1. Say hello! 2. Write a plugin

    3. Share the plugin 4. Package the plugin 5. Profit!

16. ?