[Freeipa-users] Minimal permissions for "joiner" account?
Petr Spacek
pspacek at redhat.com
Fri Aug 15 11:46:08 UTC 2014
On 15.8.2014 12:51, Martin Kosek wrote:
> On 08/15/2014 11:25 AM, Michael Lasevich wrote:
> ...
>> The only thing that bugs me is that I am calling IPA python code from my
>> salt reactor python code via subprocess - there has got to be a better,
>> more direct way - but I found documentation too confusing to follow at 1
>> am - will be a project for another day.
>
> Would the example below help?
>
> # kinit admin
> Password for admin at MKOSEK-FEDORA20.TEST:
> [root at ipa ~]# python
> Python 2.7.5 (default, Jun 25 2014, 10:19:55)
> [GCC 4.8.2 20131212 (Red Hat 4.8.2-7)] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
>>>> from ipalib import api
>>>> api.bootstrap(context='exporter', debug=False)
>>>> api.finalize()
>>>> api.Backend.rpcclient.connect()
> ipa: INFO: trying https://ipa.mkosek-fedora20.test/ipa/json
>>>>
>>>> hosts = api.Command['host_find']()['result']
> ipa: INFO: Forwarding 'host_find' to json server
> 'https://ipa.mkosek-fedora20.test/ipa/json'
>>>>
>>>> for host in hosts:
> ... print host['fqdn'][0]
> ...
> ipa.mkosek-fedora20.test
>>>>
>
> This works with FreeIPA 4.0. For older FreeIPA, you would need to switch
> rpcclient attribute for xmlclient.
>
> I admit we do not have the best developer documentation on how to do that. We
> plan to do that in the future, so far we were focusing on other things.
Anyway, blog posts and how-tos are more than welcome! :-)
Please let others know about your experiments with FreeIPA API!
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list