Thanks for your quick response.
Yes, the server on which the external IM environment is hosted does not
have the ipa utils available. As a matter of fact, the server might even be
hosted off-site. We're just beginning to explore IM solutions for our
environment and the most likely architecture is a 'meta-IM' service that
provisions platform specific IM's like AD, Oracle's Internet Directory and
IPA. It will probably be a requirement that the meta-IM is to provision IPA
directly (instead of Meta-IM -> AD -> IPA).
The JASON interface looks promising, I will certainly try the example
provided. Would user_add be the suitable command to use? It's the obvious
candidate, but I just want to make sure...
On Tue, Jun 5, 2012 at 11:11 AM, Alexander Bokovoy <aboko...@redhat.com>wrote:
> On Tue, 05 Jun 2012, Willem Bos wrote:
>> Hi all,
>> Is there an API to provision user accounts to FreeIPA that I can use
>> from an external Identity Management environment? Of course, we could
>> just simply create an LDAP object in the 389 server but this probably
>> won't trigger the same actions as using `ipa user-add ...` or `ipa
>> group-add ...` from the command line.
> by "external IdM environment" you mean one where you can't use 'ipa
> user-add' manually due to ipa utils not being available on that host?
> As IPA server exposes two interfaces, XML-RPC and JSON-based, you may
> use any of them directly.
> shows how to use curl to communicate directly. This example
> assumes you have configured and working kerberos in curl on the machine
> you run it. If not, you'd need to modify the example to use
> password-based session which would be a bit more elaborate.
> / Alexander Bokovoy
Freeipa-users mailing list