FreeIPA should have a location such as /var/lib/ipa where they can place their own FreeIPA customizations. FreeIPA would read/load those user-defined customizations from that location. This would be better than using /usr/share/ipa or putting python modifications in /usr/lib/python{version}/ipa* directories.
Use case: User needs to modify allowed LDAP cipher suite to keep some custom cipher list enabled; user needs to create a custom field in the WebUI; or user needs to create some custom CLI UI function/behavior.
Some examples: [[br] [[br] [[br
Directory structure could look like this or something similar:
CLI/API: /var/lib/ipa/plugins/cli [[br]] WebUI: /var/lib/ipa/plugins/webui [[br]] LDAP Updates: /var/lib/ipa/plugins/updates
Out of scope of 4.4 release.
For completeness, current directories are:
/usr/lib/python2.7/site-packages/ipalib/plugins/
/usr/share/ipa/updates/
/usr/share/ipa/ui/js/plugins/
Note that the original design called for users dropping their extensions into the same directories that IPA uses. I don't really see the value in maintaining two sets of directories that do the same thing.
LDAP schema part:
master:
moving out tickets not implemented in 4.4.1
4.4.2 is a stabilization milestone. If this bug is important stabilization bug then please put it to NEEDS TRIAGE milestone for retriage.
Actually this was fixed in 4.4.1.
The only missing stuff was the ldap updates part implemented in 7bec8a2
Rest is described in comment 2.
Metadata Update from @rga: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 4.4.1
Login to comment on this ticket.