On 11/21/2011 10:52 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
On 11/21/2011 10:21 PM, Rob Crittenden wrote:
Sigbjorn Lie wrote:
Hi,

I want to integrate a kickstart tool written in PHP to add hosts to an
IPA server.

I found the IpaApi, but there does not seem to be a host_add function:
http://freeipa.org/page/IpaApi

What would be the best way to do this?

Sorry, this we missed this page when we sought out all the v1 pages a
while back.

Pretty much all functions now have the same format. The first argument
is an array of positional arguments. The second is a struct
representing the options.

An easy way to see how data is passed to a given command is to pass
-vv to the ipa command:

$ ipa -vv host-add test.example.com

This will show the XML-RPC request we make.

In the case of a host you can probably get away with just positional
arguments, I believe all options are, ahem, optional :-)

Right, that wasn't horrible to read...at all... :)

How do you suggest doing the authentication towards towards the XML-RPC
instance? If the user is authenticated to the apache server running the
kickstart tool using kerberos from IPA, can I re-use these credentials
and forward them to the IPA server? Having a pre-req that the kerberos
user must have access to add hosts in the IPA instance...

The user's TGT will be in the ccache in KRB5CCNAME in the local environment. You'll need to use that to make requests. I'm not sure of the GSSAPI capabilities of PHP though.

You need to get a service ticket for the HTTP service, then stuff that into an Authorization header when you make a request. It will look like:

Authorization: negotiate <huge base64-blob>

Do a POST to /ipa/xml

Ok, Thanks, I will give it a shot.



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to