[Freeipa-users] IPA Create User
John Dennis
jdennis at redhat.com
Sat Feb 2 04:59:54 UTC 2013
On 02/01/2013 10:26 PM, It Meme wrote:
> Hi Dimitri:
>
> Thank you for your helpful posts.
>
> Do you know of any organization that provisions accounts and groups in
> real-time, from an external IdM system, to IPA, via CLI?
>
> We have an IdM system which will be reading data from HR, and making
> 'joiner, mover, leaver, decisions' - accounts are provisioned, deleted,
> groups changed etc based on the HR data.
>
> Is it feasible to consider the IdM system calling the CLI, via scripts,
> to create/delete accounts, manage groups, in near real-time?
Calling a script does not take much time (especially compared to the
elapsed time it takes for the command to complete), it would only be an
issue if you were trying to do a number of transactions per second, but
it doesn't sound like your HR dept is going to need that kind of
throughput. It's also possible to call our API from Python, others have
done this. Whether your IdM forks out to a shell script or to a Python
script would be negligible compared to the total elapsed time to
complete the operation.
I suppose the answer to your question begs another, what's your
definition of "real time"? If your IdM triggers a transaction and it
completes within a few seconds is that real time?
John
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list