On 01/31/2014 05:03 AM, Martin Kosek wrote: > On 01/31/2014 10:45 AM, Francesco Chicchiriccò wrote: >> On 30/01/2014 19:25, Dmitri Pal wrote: >>> On 01/30/2014 11:35 AM, Francesco Chicchiriccò wrote: > ... >>> To call into IPA you can use "ipa ..." command line or use out API from >>> python client. Since you are using Java calling into "ipa" command is >>> probably the best option. >> Actually, a RESTful interface (HTTP/JSON) would better suit our development >> model and deployment scenarios. > FreeIPA does not have (currently) not RESTful interface (though it is being > partially designed in [8]). However it has a Kerberos-protected > JSON-RPC/XML-RPC interface used by clients or Web UI to communicate with the > server.
I suggest that you look at the implementation of [8] and create a user provisioning smart proxy similar to it. This proxy would expose the REST API that can be consumed by your connector or some other system and will be a part of IPA. Internally proxy will call JSON RPC against IPA and have all the "busyness logic". So the recommendation is to make your connector lightwight and leverage a proxy that can be reused by other systems. > We do not, however, have a good (read "none") documentation of the interface, > see related discussion in freeipa-users list [6]. And would appreciate if you start a wiki page to record it as you go so that we can start documenting it. > >>> In future we plan to allow insertion of the users via an ldap command >>> https://fedorahosted.org/freeipa/ticket/3911 it is on the roadmap for >>> this spring. >>> >>> What are other use cases and workflows you have? >>> Do you have a password reset self service? >>> If you do it might be nice external addition to FreeIPA if it integrates >>> into the UI seamlessly. >> The idea is to deploy the latest FreeIPA version in our lab, start playing >> with >> it and come to this list for asking for more information we are not able to >> find in the wiki (just to avoid some graceful RTFMs...). >> Then, every time we get something working, we will also check here whether we >> are heading into the right direction, if we are missing some important >> points, >> etc. >> >> Does it sound? > Sounds good to me, you should be able to find all documentation links in [7]. +1 > >> Regards. >> >>> [1] http://syncope.apache.org/ >>> [2] http://tirasa.github.io/ConnId/ >>> [3] http://java.net/projects/identityconnectors/ >>> [4] https://github.com/Tirasa/ConnIdFreeIPABundle >> [5] >> http://tirasa.github.io/ConnId/apidocs/base/org/identityconnectors/framework/spi/operations/package-summary.html > [6] https://www.redhat.com/archives/freeipa-users/2013-January/msg00109.html > [7] http://www.freeipa.org/page/Documentation > [8] http://www.freeipa.org/page/V3/Smart_Proxy > > Martin > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
