On 02/01/2013 10:26 PM, It Meme wrote:
Hi Dimitri:
Thank you for your helpful posts.
Do you know of any organization that provisions accounts and groups in
real-time, from an external IdM system, to IPA, via CLI?
We have an IdM system which will be reading data from HR, and making
'joiner, mover, leaver, decisions' - accounts are provisioned, deleted,
groups changed etc based on the HR data.
Is it feasible to consider the IdM system calling the CLI, via scripts,
to create/delete accounts, manage groups, in near real-time?
Calling a script does not take much time (especially compared to the
elapsed time it takes for the command to complete), it would only be an
issue if you were trying to do a number of transactions per second, but
it doesn't sound like your HR dept is going to need that kind of
throughput. It's also possible to call our API from Python, others have
done this. Whether your IdM forks out to a shell script or to a Python
script would be negligible compared to the total elapsed time to
complete the operation.
I suppose the answer to your question begs another, what's your
definition of "real time"? If your IdM triggers a transaction and it
completes within a few seconds is that real time?
John
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
