Ronald Wimmer wrote: > On 20.03.23 13:44, Rob Crittenden wrote: >> Ronald Wimmer via FreeIPA-users wrote: >>> We have several scenarios where we cannot establish an AD Trust. In >>> these cases we are forced to create/modify/delete IPA users triggered >>> from an IAM system. Is the IPA API the one and only way to go or would >>> it also work if we used IPA's LDAP directly? >> >> Using the stageuser and user API is recommended. It's certainly possible >> to do it directly in LDAP but we don't encourage it. It requires >> knowledge of how the entry is structured, what gets added automatically, >> etc. We also can't guarantee that there won't be changes to the >> objectclasses, etc. that would break any direct LDAP comms. > > Apart from the obvious, what will be created when upon user creation? Is > there something we would most likly not think of? > > In the IPA WebGUI it looks like that a user's UID and GID could be > chosen freely? That would be perfect I we want to match a user's UID > with another system...
This is why we recommend stageusers so you don't have to worry about such things. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/configuring-idm-for-external-provisioning-of-users_configuring-and-managing-idm rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
