How to add custom attribute for Netgroups?

[fyrie6870]

I found instructions here to create custom attributes, add it to schema, and write a plugin. So I tried adding two custom attributes for netgroups: groupid and authlevel. However, when I try using the ipa netgroup-add test --addattr=groupid=1 it does not allow me. So I thought creating permissions would work but, the attributes do not show up on the Netgroup type but instead show up in User Group type.

Here is the schema I'm trying to add. I can confirm they get added.

dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.25.XXX.XX.X.X NAME 'authlevel' DESC 'Attribute to store the authentication level of a group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Extending FreeIPA' )

dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.25.XXXX.XX.X.X NAME 'groupid' DESC 'Attribute to store the ID of a group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Extending FreeIPA' )

dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 2.25.XXXX.XX.X.X NAME 'netGroup' DESC 'objectClass for authlevel, and groupid' SUP ipaNISNetgroup STRUCTURAL MAY ( groupid $ authlevel ) X-ORIGIN 'Extending FreeIPA' )

ipa config-mod --addattr=ipaGroupObjectClasses=netGroup

Here is one of the plugin file that I wrote, not sure if it is correct:

from ipaserver.plugins import netgroup
from ipalib.parameters import Int
from ipalib import _

netgroup.netgroup.takes_params = netgroup.netgroup.takes_params + (
    Int("authlevel?", cli_name="authlevel", label=_("Authentication Level"), doc=_("Store the authentication level of a group (default is 2)."),),
)

netgroup.netgroup.default_attributes.append("authlevel")

[abbra]

I answered to your reddit post. https://www.reddit.com/r/FreeIPA/comments/v41p51/how_to_add_custom_attribute_for_netgroups/ib2iv75/