[Freeipa-users] Provision user accounts & groups from external IM
Alexander Bokovoy
abokovoy at redhat.com
Tue Jun 5 09:11:59 UTC 2012
On Tue, 05 Jun 2012, Willem Bos wrote:
>Hi all,
>
>Is there an API to provision user accounts to FreeIPA that I can use
>from an external Identity Management environment? Of course, we could
>just simply create an LDAP object in the 389 server but this probably
>won't trigger the same actions as using `ipa user-add ...` or `ipa
>group-add ...` from the command line.
by "external IdM environment" you mean one where you can't use 'ipa
user-add' manually due to ipa utils not being available on that host?
As IPA server exposes two interfaces, XML-RPC and JSON-based, you may
use any of them directly.
http://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/
shows how to use curl to communicate directly. This example
assumes you have configured and working kerberos in curl on the machine
you run it. If not, you'd need to modify the example to use
password-based session which would be a bit more elaborate.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list