[Freeipa-devel] ipa-cli examples

Karl MacMillan kmacmill at redhat.com
Tue Jul 3 19:01:06 UTC 2007 

On Wed, 2007-07-04 at 03:25 +0900, Masato Taruishi wrote:
> Hi, FreeIPA guys.
> 
> Sorry about my stupid mail. I'm new to FreeIPA, but
> instersted in this project. 
> 
> I couldn't find the design detail but I experimentally
> wrote a simple flexible library to manage LDAP, and others,
> entries and some tools using the library in this weekend.
> It's a very quick implementation, poor feature and needs
> refactoring, but if it's useful for this project, I'd like
> to contribute these tools.

Thanks - looks interesting. We'll try to post some more design
information as we go. Comments below.

> Summary:
> =========
> 
> - flexible LDAP management library in python including
> 
>   * PasswordModifyExtension support
>   * PagedResultsControl support
> 

I think we have the same goals, but I just want to mention that with
freeipa we are trying to hide as many ldap details as possible. I know
that this is just a backend component, but I wanted to make that goal
explicit.

> - example command line tools
> 
>   * ipa-useradd
> 
>      Add a user to LDAP like /usr/sbin/useradd
> 

How do you select the object class to represent the user?

>   * ipa-userdel
> 
>      Delete a user from LDAP like /usr/sbin/userdel
> 
>   * ipa-vipw
> 
>      Edit user database in LDAP like /usr/sbin/vipw
> 

So this creates a temporary file similar to the password file for
interactive editing?

>   * ipa-passwd
> 
>      Change user password in LDAP by using Password
>      Modify Extension
> 
> How To Use:
> =============
> 
> 1. Install python-ldap
> 
>    ~# yum install python-ldap
> 
> 2. Unpack ipa-cli-taru.tar.gz
> 
>    ~$ tar zxf ipa-cli-taru.tar.gz
> 
> 3. Change directory
> 
>    ~$ cd ipa-cli/src
> 
> 4. Add user
> 
>    ~$ ./ipa-useradd -H ldap://localhost/dc=example,dc=com \
>           -D 'cn=Directory Manager' -w <password> user1
> 

We are planning to use service discovery most of the time to avoid
passing host and base dn. Also we'd prefer to always use kerberos
instead of simple binds.

Karl

More information about the Freeipa-devel mailing list