[Freeipa-users] A public interface (aka My account management)
Chris Evich
cevich at redhat.com
Wed Apr 24 20:30:23 UTC 2013
On 04/24/2013 08:32 AM, Tomas Babej wrote:
> On 04/24/2013 01:53 PM, Arturo Borrero wrote:
>> Hi there.
>>
>> I'm wondering if it's possible to get FreeIPA with a 'public user
>> interface'.
>> This is: a place where a standar user can update his password and
>> other personal data. I'm thinking in something similar to
>> google.com/accounts
>>
>> Does this exists? If not, it is possible to develop this addon?
>>
>> We are strongly evaluating this functionality in order to actually
>> implement FreeIPA as our identity management system.
>>
>> Best regards
> Hi,
>
> every user can log in to the Web UI using their login and Kerberos
> password.
>
> Having no other rights, there they can only edit their contact
> information, address information, reset their password, etc.
>
> See /ipa/ui/ on your FreeIPA server, that is
> https://ipa.example.com/ipa/ui/
> <https://vm-131.idm.lab.bos.redhat.com/ipa/ui/index.html#identity
=user&navigation=identity&user-pkey=random&user-facet=details>
Having played with it off/on a year or so ago, IIRC it's relatively
easy to get apache + SSL speaking with LDAP + Kerberos. Even ignoring
the direct python IPA interface. With some server-side scripting (I did
it in python) you could emulate most of what's on the google
accounts-page.
The hardest part I found was getting my head around the lower-level LDAP
+ Kerberos python interfaces. However, going from understanding
common-operations of both technologies from the command-line level to
working with the API's isn't a very long road.
Depending on how "pretty" the web-site needs to be, the "code one
yourself" approach could be feasible, given educated developer
resources. Since it sounds like your requirements are fairly basic,
this may be an option to consider. (No I'm not volunteering, though it
sounds fun :)
Otherwise, I've also used the built-in web interface. It may be a bit
cluttered for someone who _just_ needs to change a password or other
very simplistic task (compared to google accounts-page). However if
your users are somewhat technically-mided, they shouldn't have any
trouble with the built-in self-service UI. It also offers a HUGE
benefit to greatly extend self-service to the n-th degree, when it's
multi-level rights-management features are used.
--
Chris Evich, RHCA, RHCE, RHCDS, RHCSS
Quality Assurance Engineer
More information about the Freeipa-users
mailing list