[Freeipa-users] Python Client

John Dennis jdennis at redhat.com
Sat Feb 9 16:53:56 UTC 2013 

On 02/08/2013 05:29 PM, It Meme wrote:
> Hi:
>
> Scenario:
>
> 1) User is created via LDAP call to IPA (i.e.the 389 Directory Server)
>
> The above user will not have IPA-specific attributes.
>
> Can we use the Python Library, or CLI, to modify the account to IPA-ize it?

You're really better off using the IPA API directly rather than trying 
to bypass it. Why? Because we implement additional logic inside the 
commands. If you could achieve everything IPA does by just modifying an 
LDAP server there wouldn't be a need for IPA. A good example of this is 
group membership, some of that logic is handled directly by a plugin to 
the 389 DS, but a large part of it is implemented in the IPA commands 
that manage users and groups. You really don't want to bypass it.

You have a number of options on how to call the IPA commands:

1) the ipa command line client

2) sending the command formatted in JSON to the server

3) sending the command formatted in XML-RPC to the server

4) calling the command from your own python code

5) using the web GUI

It's really not hard to call the IPA command line client from a program, 
typically this is done via a "system" command of which there are a 
number of variants.

The following thread has a discussion of how to invoke one of our 
commands from Python code, this particular email response from Martin 
shows how it can be done in in about half a dozen lines of code.

https://www.redhat.com/archives/freeipa-users/2012-June/msg00334.html

What I'm not understanding why you're avoiding using the commands we 
provide. If you're not familiar with how to call another program/process 
we can help you or just google it. Or is the problem your existing 
management system does not provide you with any "hooks" to execute code 
when an action occurs. But from everything you've said so far you imply 
it does provide such hooks. Perhaps if you could be more specific we 
could be more helpful.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list