EXTENDING FREEIPA Petr Viktorin [email protected] DevConf, 2014-02-08 

What is FreeIPA? 

IPA API UI INSTALL, UPGRADE, MANAGE ipalib plugins backend plugins upgrade plugins 389 directory server certificate system http server kerberos system security services daemon BIND dns server sudo PAM sshd $ ipa user-show jwhite User login: jwhite First name: Jaren Last name: White Home directory: /home/jwhite Login shell: /bin/sh Email address: [email protected] UID: 1699600004 GID: 1699600004 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False JSON-RPC 

LDAP Tree structure object classes & attribute types OIDs http://www.zytrax.com/books/ldap/ 

Extending LDAP Schema install/share/60basev3.ldif Content updating install/updates/40-otp.update ACIs Updater plugins ipaserver/install/plugins/upload_cacrt.py 

ipaldap “Object–LDAP mapper” see ipaldap-demo.py 

API plugins Objects & Methods ipalib/plugins/user.py 

Objects objectclasses, attributes takes_params attribute name (*?+) validators cli_name flags - see ipalib.parameters.Param default permissions 

Methods run forward execute 

Callbacks pre_callback Extra validation, generating random password post_callback Updating other entries, tweaking output exc_callback Error handling interactive_prompt_callback Prompting for values 

Other “plugins” DS plugins UI facets Tests 

EXTENDING FREEIPA 

A. Extend the core + tweak everything − gotta play by the rules B. External plugin + do whatever you want − hic sunt leones 

A. Extend the core 1. Say hello 2. File an RFE ticket 3. Read General Considerations 4. Write a Design page 5. Submit patches 6. Profit! 

B. External plugin 1. Say hello! 2. Write a plugin 3. Share the plugin 4. Package the plugin 5. Profit! 

?