[Freeipa-users] inserting users via java

Martin Kosek mkosek at redhat.com
Tue Mar 24 07:58:26 UTC 2015 

On 03/24/2015 01:29 AM, Dmitri Pal wrote:
> On 03/23/2015 05:56 PM, Timothy Worman wrote:
>> I have an existing web app built with java/WebObjects that currently handles
>> some user/groups tasks with our current directory server (Open Directory). We
>> are investigating a move to FreeIPA for our directory services.
>>
>> Just in mucking around, I’ve found that if I try to insert a new user
>> (inetOrgPerson) into into IPA’s implementation, the new user does not inherit
>> all the object classes it should. It only inherits the ones leading to
>> inetOrgPerson. This does result in a successful inetOrgPerson insertion, but
>> that user record does not show up in the Web GUI management tools.
>>
>> Usually, I have focused on inetOrgPerson because that is where the bulk of
>> the info about a user lives.
>>
>> We have a SQL database that contains people in our organization (used by
>> other services), so, we need to be able to leverage that and push users into
>> IPA when appropriate and we have an existing app to do this.
>>
>> Tim W
>>
> You have several options:
> 1) Call ipa CLI from your application - this is possible right now (but not
> quite nice)
> 2) Call ipa JSON API from your application - this is not supported but
> possible. We use python API. You can do it in Java but it will be a lot of work.
> 3) Use more elaborate LDAP add commands (with all the object classes needed for
> users). Hard, but doable.
> 4) Help us with testing the upcoming feature
> http://www.freeipa.org/page/V4/User_Life-Cycle_Management that would allow
> creating users via simple ldap command in a staging area and them moving them
> to normal users area with automatic creation of missing attributes by means of
> a cron job.
> 
> I would vote for 1) as a temp solution and 4) as a longer term one.

I do not fully agree with preferring 1) over 2). Java has libraries for
JSON-RPC protocol, it should be pretty doable to write a call that calls the
"user_add" command.

We are lacking proper documentation for the API, but what you can look in the
sources or in the Web UI with and see the JSONs sent to the server, if you are
interested in the real life examples.

Advantage of 2) over 1) is that you get the native objects (strings, arrays,
numbers) and you do not need to parse it from CLI.

Martin

More information about the Freeipa-users mailing list