Table of Contents
All plugins can run external scripts when an action is triggered for creating, modifying or deleting. You can use pre and post events depending when you want to run the script.
- precreate: Execute the script before creation.
- premodify: Execute the script before editing.
- preremove: Execute the script before removing.
The hook work well and not display information if it return 0 On error, prevent save and display error.
- postcreate: Execute the script after creation.
- postmodify: Execute the script after editing.
- postremove: Execute the script after removing.
The hook work well and not display information if it return 0 On error, display command output.
- Execute the script in the check step (before saving), if it outputs anything, prevent save and show output as an error
The hook is considered to have passed if it returns 0 and does not display any message. (If it outputs anything it appears as a check failure, if it returns anything other than 0 it is considered a script error, for instance if the script was not able to do the check for some reason).
You can use ldap attributes as command line options. Use the Placeholder syntax.
If you put a var that is an array in the args of the hook, gosaAlternateMailAddress for instance, only the first value will be returned unless you use a modifier: placeholder
- %callerDN% give the DN of the author of the modification
- %callerCN% give the CN of the author of the modification
- %callerUID% give the UID of the author of the modification
- %callerSN% give the SN of the author of the modification
- %callerGIVENNAME% give the GIVENNAME of the author of the modification
- %dn% give the dn of the modified object
- %location% give the name of the location of the LDAP
On users you get these extra variables available:
- %userPassword% to get password hash
- %passwordMethod% to get password method (usually ssha)
- %passwordClear% to get clear password
- %userLocked% to get user lock status (/!\ empty if unlocked)
How can use it
You can access to hooks management via the 'Configuration' icon or entry in the 'Addons' section of the main page of FD GUI:
Access is read-only. If you need to make changes, then you must press the 'Edit' button at the bottom right of the window.
In Miscellaneous section you can define all your hooks:
- tab : on which action is based the hook.
- mode: when you will have to run the hook.
- cmd: command line to execute.
/!\ The arguments are automatically escape and surrounds by quote so you may not use quote in cmd /!\
The line :
posixAccount postcreate /usr/bin/sudo /script/useradd.sh %homeDirectory% %loginShell% %uidNumber% %gidNumber% %uid%
execute script 'useradd.sh', passing him ldap attributes (%homeDirectory%, %loginShell%, …), when we 'Add Unix settings' in an 'Unix' user tab.
For example, if content of 'useradd.sh' is:
groupadd --gid $4 $5 useradd --home $1 --shell $2 --uid $3 --gid $4 $5 mkdir $1 chown $5.$5 $1 chmod 770 $1
when we 'add unix settings' like in the following screenshot:
the hook will create group, user and home directory of the user at the server, using ldap attributes.
The line :
posixAccount postremove /usr/bin/sudo /script/userdel.sh %uid% %homeDirectory%
execute script 'userdel.sh', passing him ldap attributes (%uid% and %homeDirectory%), when we 'Remove Unix settings' in an 'Unix' user tab.
For example, if content of 'userdel.sh' is:
userdel $1 groupdel $1 rm -rf $2
the hook will remove user, group and home directory of the user at the server, using ldap attributes.
Most done mistakes
Nothing happens, the script seems not to be called
- Check the sudoers entry for the webserver user (www-data, wwwrun, ..) and don't forget to use “NOPASSWD”
- Try to run the script as webserver user, use the complete command used in fusiondirectory configuration(/usr/bin/sudo …).
- Ensure that you have placed the post event correctly in the fusiondirectory configuration.
%www-data ALL=(ALL:ALL) NOPASSWD:/usr/local/bin/hook.sh