[Freeipa-users] inserting users via java
Alexander Bokovoy
abokovoy at redhat.com
Thu May 28 20:53:50 UTC 2015
On Thu, 28 May 2015, Martin Kosek wrote:
>On 05/28/2015 07:10 PM, Timothy Worman wrote:
>>>On Mar 26, 2015, at 3:08 PM, Dmitri Pal <dpal at redhat.com> wrote:
>>>
>>>On 03/26/2015 03:19 PM, Timothy Worman wrote:
>>>>On Mar 26, 2015, at 11:42 AM, Martin Kosek <mkosek at redhat.com> wrote:
>>>>>On 03/26/2015 07:37 PM, Timothy Worman wrote:
>>>>>>Thanks everyone for the input.
>>>>>>
>>>>>>I do agree that I don’t like the sound of option 1. I don’t want to be sending CLI commands from a remote host. And option 3 sounds sounds a bit brittle to me.
>>>>>>
>>>>>>2 sounds like the most solid option available right now. I like the fact that there’s an existing/working API there. I’ll need to look into converting my objects into json.
>>>>>>
>>>>>>This area honestly seems like one of the weakest aspects of freeipa. There really needs to be a way to push known person entities into the directory easily.
>>>>>There may be some disconnect, the JSONRPC/XMLRPC API is the way we still see as an easy way to manipulate the entries (besides CLI and Web UI). In Python, adding new user is that easy:
>>>>>
>>>>>~~~
>>>>>from ipalib import api
>>>>>from ipalib import errors
>>>>>
>>>>>api.bootstrap(context='cli')
>>>>>api.finalize()
>>>>>api.Backend.rpcclient.connect()
>>>>>api.Command['user_add'](u'newuser', givenname=u'New', sn=u'User')
>>>>>~~~
>>>>>
>>>>>What way would you suggest to make it more conforming to your use case? Are you suggesting REST interface doing the above or something else?
>>>>Oh, I think the JSON option is the best one currently available. But I do think REST-ful service would be a good idea.
>>>>
>>>>>I would be willing to test option 4 if that is where the future is headed.
>>>>>
>>>>>Ok, just note that this still means LDAP interface a need to talk in LDAP protocol.
>>>>This may not be a bad thing if you’re using an ORM like Webobjects/EOF or Cayenne since you can model those ldap entities and simply set their attributes and insert. At a lower level JNDI will handle it. I personally prefer this over building strings, sending commands, etc.
>>>
>>>So this will be ready upstream within several weeks or so. Would you test it once it it is available before the official upstream release?
>>
>>Hi Dmitri - following up on this to see how progress is going on this project. I am definitely still interested in testing this. In the meantime, I have been pursuing http client calls posting json. And I have some questions I need to pursue on that as well. Should I take this to freeipa-devel?
>
>Hello Timothy,
>
>I am sorry we did not update this thread, but in the end we decided
>not to invest in the REST interface ourselves at this moment (read -
>FreeIPA 4.2), but rather work on stabilizing and documenting current
>JSON-RPC API we have as we believe the API is easily usable from major
>languages even though it is not RESTy. To prove our point, we need
>good documentation of it and examples for the major languages.
>
>This is the proposal of what shall be done in FreeIPA 4.2 that I sent
>to freeipa-devel:
>http://www.redhat.com/archives/freeipa-devel/2015-April/msg00061.html
>
>I hope the way we go for the next release is acceptable for you. In
>the mean time, if you have specific questions on calling JSON from
>your programs, both freeipa-users and freeipa-devel may be suitable,
>depending on how deep you want to go in the code...
I just published a blog post how to use JSON-RPC API in FreeIPA:
https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list