[Freeipa-users] How to communicate IPA with PHP

Petr Vobornik pvoborni at redhat.com
Fri Jul 26 14:59:10 UTC 2013 

On 07/26/2013 04:37 PM, Rob Crittenden wrote:
> Zip Ly wrote:
>>
>> Normally if IPA has a well documented API then my approach would be:
>> user --> (internet) --> webserver --> lPA API --> IPA server
>> But since there isn't much info about the API then my approach would be:
>> user --> (internet) --> webserver --> a PHP script which acts as an
>> custom API --> IPA server
>> The problem is I don't know which commands are available en which
>> values/params I should send. For example:
>> http://www.freeipa.org/docs/1.2/Administrators_Reference/en-US/html/chap-Administration_Reference-XML_RPC_Application_Programming_Interface_API_Documentation.html#
>>
>> These are commands for xml rpc. Without examples it's difficult to find
>> out how to use it.
>
> The API changed between v1 and v2/3, so these docs are not right for
> your purposes.
>
> We haven't formally documented the API (either json or xml-rpc) yet
> because it is still somewhat in flux. The API is baked into the ipa
> client, so any command you can run from there is the equivalent of a
> json/xml-rpc command, just substituting underscore for dash.
>
> About the closest we have is API.txt in the source tree. This is really
> designed to be read by a computer but it outlines each command and the
> options it takes, and the output it returns.
>
>> But they are different from this example:
>> http://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/
>>
>> In this example a "user_find" command is used, but this command cannot
>> be found in the official xml rpc document above.
>> In ssh I can display a list of commands with "ipa help commands" I don't
>> know if they are all supported in "/ipa/json" I probably need to replace
>> all dashes with underscores (correct me if I'm wrong).
>
> The same commands and options are available over json as xml-rpc.
>
>> If I want to display all the supported params from one certain command
>> for example "ipa help user-find". Then, are all the double dashed params
>> also the supported params which I can send with JSON?
>
> Yes.

Note that for some LDAP attributes dash param names may be different 
than API option names. It those cases the correct one is LDAP attribute 
name.

Use `ipa show-mappings command-name` to find the correct names.

>
>> I prefer using the native API if there is one (hidden somewhere),
>> because I don't want to reinvent the wheel with security leaks which I'm
>> not aware of. Especially when I need to execute CLI commands from
>> the PHP scripts.
>
> The native API is json/xml-rpc. They are currently equivalent. In the
> near future we are going to mark xml-rpc as deprecated and it will start
> to fall behind in features, and eventually we may drop it altogether.
>
> rob
>

-- 
Petr Vobornik

More information about the Freeipa-users mailing list