Hi Alexander, Thanks for your quick response.
Yes, the server on which the external IM environment is hosted does not have the ipa utils available. As a matter of fact, the server might even be hosted off-site. We're just beginning to explore IM solutions for our environment and the most likely architecture is a 'meta-IM' service that provisions platform specific IM's like AD, Oracle's Internet Directory and IPA. It will probably be a requirement that the meta-IM is to provision IPA directly (instead of Meta-IM -> AD -> IPA). The JASON interface looks promising, I will certainly try the example provided. Would user_add be the suitable command to use? It's the obvious candidate, but I just want to make sure... Thanks again. Regards, Willem. On Tue, Jun 5, 2012 at 11:11 AM, Alexander Bokovoy <[email protected]>wrote: > On Tue, 05 Jun 2012, Willem Bos wrote: > >> Hi all, >> >> Is there an API to provision user accounts to FreeIPA that I can use >> from an external Identity Management environment? Of course, we could >> just simply create an LDAP object in the 389 server but this probably >> won't trigger the same actions as using `ipa user-add ...` or `ipa >> group-add ...` from the command line. >> > by "external IdM environment" you mean one where you can't use 'ipa > user-add' manually due to ipa utils not being available on that host? > > As IPA server exposes two interfaces, XML-RPC and JSON-based, you may > use any of them directly. > > http://adam.younglogic.com/**2010/07/talking-to-freeipa-** > json-web-api-via-curl/<http://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/> > shows how to use curl to communicate directly. This example > assumes you have configured and working kerberos in curl on the machine > you run it. If not, you'd need to modify the example to use > password-based session which would be a bit more elaborate. > > -- > / Alexander Bokovoy >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
