On 02/28/2014 04:02 PM, Nathaniel McCallum wrote:
On Fri, 2014-02-28 at 16:43 +0200, Alexander Bokovoy wrote:
[...]
Why then to do it as a IPA CLI command at all?
This is an administrative task which can be done with a separate
ipa-otp-import command, designated to run on IPA masters.


Agreed.

1. Is there a framework for this? Or should it just be an independent
script?

There is: ipapython.admintool. Look at ipa-server-certinstall for a simple-ish example, ask if you have any questions.

2. How can I use the ipalib API? Specifically, I'd like to call
otptoken-add and pass the --key parameter with a value (not possible
from the command line).

Finalize the API (see ipaserver.install.ServerCertInstall.run), and then call api.Command['otptoken-add'](key=...) Or you might think about moving the otptoken-add functionality into a function that you can call directly.

--
PetrĀ³

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to