[Freeipa-users] Provision user accounts & groups from external IM
Willem Bos
whbos at xs4all.nl
Tue Jun 5 10:38:20 UTC 2012
Hi Alexander,
Thanks for your quick response.
Yes, the server on which the external IM environment is hosted does not
have the ipa utils available. As a matter of fact, the server might even be
hosted off-site. We're just beginning to explore IM solutions for our
environment and the most likely architecture is a 'meta-IM' service that
provisions platform specific IM's like AD, Oracle's Internet Directory and
IPA. It will probably be a requirement that the meta-IM is to provision IPA
directly (instead of Meta-IM -> AD -> IPA).
The JASON interface looks promising, I will certainly try the example
provided. Would user_add be the suitable command to use? It's the obvious
candidate, but I just want to make sure...
Thanks again.
Regards,
Willem.
On Tue, Jun 5, 2012 at 11:11 AM, Alexander Bokovoy <abokovoy at redhat.com>wrote:
> On Tue, 05 Jun 2012, Willem Bos wrote:
>
>> Hi all,
>>
>> Is there an API to provision user accounts to FreeIPA that I can use
>> from an external Identity Management environment? Of course, we could
>> just simply create an LDAP object in the 389 server but this probably
>> won't trigger the same actions as using `ipa user-add ...` or `ipa
>> group-add ...` from the command line.
>>
> by "external IdM environment" you mean one where you can't use 'ipa
> user-add' manually due to ipa utils not being available on that host?
>
> As IPA server exposes two interfaces, XML-RPC and JSON-based, you may
> use any of them directly.
>
> http://adam.younglogic.com/**2010/07/talking-to-freeipa-**
> json-web-api-via-curl/<http://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/>
> shows how to use curl to communicate directly. This example
> assumes you have configured and working kerberos in curl on the machine
> you run it. If not, you'd need to modify the example to use
> password-based session which would be a bit more elaborate.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120605/f9760043/attachment.htm>
More information about the Freeipa-users
mailing list