[Freeipa-devel] [PATCH] proof-of-concept of cli and xmlrpc

[Rob Crittenden]

Attached is a proof-of-concept patch of doing basic work over XML-RPC 
running on Apache.

There are still a ton of hardcoded elements to this but it does basic 
add and find user.

I tested this on a fresh F7 installation. I first installed from 
ipa-server and got the basic system up. That is still a little twitchy 
but can be made to work.

Then I installed in ipa-web and started Apache. I was able to add a 
couple of users and search for them.

A password is not set for them. To do this you can use kadmin.local.

Of course to use kadmin.local you have to first set in /etc/krb5.conf:

ldap_kadmind_dn = cn=Directory Manager

Then set /var/kerberos/krb5kdc/ldappwd with the password for Directory 
Manager as selected when you installed freeipa.

Note that if you stop and try to restart the krb5kdc service like this 
it will fail with an extremely cryptic error message. To start the 
service you have to use the uid=kdc DN.

Anyway, once this is done you can do:

kadmin.local: cpw <user>

And the additional elements and password will be set for the user. I was 
able to obtain and use a ticket.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipa.diff
Type: text/x-patch
Size: 44151 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070720/60100df0/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070720/60100df0/attachment-0001.bin>