[Freeipa-devel] Newcomer's question
Исаев Виталий Анатольевич
isaev at fintech.ru
Tue Sep 17 08:19:01 UTC 2013
Thanks, it has worked! Could you please explain what is the most convenient way to construct complex argument variables like this: (u'testuser', givenname=u'Test', sn=u'User', loginshell=u'/bin/sh') to pass them to commands with a variable number of args, such as 'user-add', 'group-add', 'config-mod' etc?
Thank you,
Виталий Исаев
Инженер-программист
Группа разработки и внедрения ПСЗИ
Департамент информационной безопасности
ОАО «Финтех»
-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com]
Sent: Monday, September 16, 2013 7:19 PM
To: Исаев Виталий Анатольевич; freeipa-devel at redhat.com
Subject: Re: [Freeipa-devel] Newcomer's question
Исаев Виталий Анатольевич wrote:
> Dear Free IPA developers,
>
> Our team is working on the project based on the RHEL Virtualization
> and RHEL IdM server. It’s planned to run our software in enclosed
> internal enterprise network, and we would like to assign all the
> authentication and authorization tasks to the FreeIPA Python API. In
> fact we have already written this part of project on plain C; dialog
> with IdM server has been implemented over SSH interaction (libssh API
> + GNU flex). But some time ago we discovered FreeIPA API and since
> then we really want to migrate from C to Python.
>
> So the time has come, but the problem is our complete ignorance of the
> Python programming language. We faced a problem trying to modify the
> tutorial script */free-ipa-3.3.1/doc/python-api.py: /*ldap2 was
> refused to import. Which module should be included in this case?
>
> We use RHEL 6.4 desktop, all the IPA packages has 3.0.0-25 version.
>
> #!/usr/bin/python
>
> # -*- coding: utf-8 -*-
>
> from ipalib import api, errors
>
> from ipalib import Command
>
> from ipalib import Object
>
> from ipalib import Str
>
> from ipalib import output
>
> from ipalib.plugins import baseldap
>
> #Load environment
>
> api.finalize()
>
> if api.env.in_server:
>
> api.Backend.ldap2.connect(
>
> ccache=api.Backend.krb.default_ccname()
>
> )
>
> else:
>
> api.Backend.xmlclient.connect()
>
> #Execute command
>
> dn = api.Backend.ldap2.make_dn_from_attr(u'python_dev3',
> loginshell=u'/bin/sh', givenname=u'Python', sn=u'User',
> userpassword=u'redhat')
>
> try:
>
> api.Backend.user_add(dn)
>
> excepterrors.DuplicateEntry:
>
> print("Possibly duplicate…")
>
> else:
>
> print("User added…")
>
> Errors:
>
> ipa: INFO: trying https://ipa.dev.ru/ipa/xml
>
> Traceback (most recent call last):
>
> File "./test.py", line 22, in <module>
>
> dn = api.Backend.ldap2.make_dn_from_attr(u'python_dev3',
> loginshell=u'/bin/sh', givenname=u'Python', sn=u'User',
> userpassword=u'redhat')
>
> AttributeError: 'NameSpace' object has no attribute 'ldap2'
Try this:
from ipalib import api
from ipalib import errors
api.bootstrap(context='cli')
api.finalize()
api.Backend.xmlclient.connect()
try:
api.Command['user_add'](u'testuser',
givenname=u'Test', sn=u'User',
loginshell=u'/bin/sh') except errors.DuplicateEntry:
print "user already exists"
else:
print "User added"
More information about the Freeipa-devel
mailing list