[Freeipa-users] Minimal permissions for "joiner" account?
Martin Kosek
mkosek at redhat.com
Fri Aug 15 10:51:14 UTC 2014
On 08/15/2014 11:25 AM, Michael Lasevich wrote:
...
> The only thing that bugs me is that I am calling IPA python code from my
> salt reactor python code via subprocess - there has got to be a better,
> more direct way - but I found documentation too confusing to follow at 1
> am - will be a project for another day.
Would the example below help?
# kinit admin
Password for admin at MKOSEK-FEDORA20.TEST:
[root at ipa ~]# python
Python 2.7.5 (default, Jun 25 2014, 10:19:55)
[GCC 4.8.2 20131212 (Red Hat 4.8.2-7)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from ipalib import api
>>> api.bootstrap(context='exporter', debug=False)
>>> api.finalize()
>>> api.Backend.rpcclient.connect()
ipa: INFO: trying https://ipa.mkosek-fedora20.test/ipa/json
>>>
>>> hosts = api.Command['host_find']()['result']
ipa: INFO: Forwarding 'host_find' to json server
'https://ipa.mkosek-fedora20.test/ipa/json'
>>>
>>> for host in hosts:
... print host['fqdn'][0]
...
ipa.mkosek-fedora20.test
>>>
This works with FreeIPA 4.0. For older FreeIPA, you would need to switch
rpcclient attribute for xmlclient.
I admit we do not have the best developer documentation on how to do that. We
plan to do that in the future, so far we were focusing on other things.
Martin
More information about the Freeipa-users
mailing list