Ronald Wimmer via FreeIPA-users wrote: > We have several scenarios where we cannot establish an AD Trust. In > these cases we are forced to create/modify/delete IPA users triggered > from an IAM system. Is the IPA API the one and only way to go or would > it also work if we used IPA's LDAP directly?
Using the stageuser and user API is recommended. It's certainly possible to do it directly in LDAP but we don't encourage it. It requires knowledge of how the entry is structured, what gets added automatically, etc. We also can't guarantee that there won't be changes to the objectclasses, etc. that would break any direct LDAP comms. YMMV rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
