[Freeipa-devel] Is there RPC documentation?
Rob Crittenden
rcritten at redhat.com
Wed Feb 26 22:22:44 UTC 2014
Rich Megginson wrote:
> On 02/26/2014 02:19 PM, Rob Crittenden wrote:
>> Rich Megginson wrote:
>>> On 02/26/2014 08:53 AM, Petr Viktorin wrote:
>>>> On 02/26/2014 04:45 PM, Rich Megginson wrote:
>>>>> I'm working on adding support for freeipa DNS to openstack designate
>>>>> (DNSaaS). I am assuming I need to use RPC (XML? JSON? REST?) to
>>>>> communicate with freeipa. Is there documentation about how to
>>>>> construct
>>>>> and send RPC messages?
>>>>
>>>> The JSON-RPC and XML-RPC API is still not "officially supported"
>>>> (read: documented), though it's extremely unlikely to change.
>>>> If you need an example, run any ipa command with -vv, this will print
>>>> out the request & response.
>>>> API.txt in the source tree lists all the commands and params.
>>>> This blog post still applies (but be sure to read the update about
>>>> --cacert):
>>>> http://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/
>>>>
>>>>
>>>>
>>>
>>> Ok. Next question is - how does one do the equivalent of the curl
>>> command in python code?
>>
>> Here is a pretty stripped-down way to add a user. Other commands are
>> similar, you just may care more about the output:
>>
>> from ipalib import api
>> from ipalib import errors
>>
>> api.bootstrap(context='cli')
>> api.finalize()
>> api.Backend.xmlclient.connect()
>>
>> try:
>> api.Command['user_add'](u'testuser',
>> givenname=u'Test', sn=u'User',
>> loginshell=u'/bin/sh')
>> except errors.DuplicateEntry:
>> print "user already exists"
>> else:
>> print "User added"
>>
>
> How would one do this from outside of ipa? If ipalib is not available?
You'd need to go to either /ipa/xml or /ipa/json (depending on what
protocol you want to use) and issue one request there. This requires
Kerberos authentication. The response will include a cookie which you
should either ignore or store safely (like in the kernel keyring). Using
the cookie will significantly improve performance.
If you store the cookie then you can make future requests to
/ipa/session/{xml|json} unless a Kerberos error is raised, in which case
things start over again.
You'll need to include a Referer header in your request, see the -vv
output of the ipa command for samples.
rob
More information about the Freeipa-devel
mailing list