Hi Alexander, I did some experimenting with the example at http://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/and am now able to create a user using the following as input to curl (-d @user_add.json) :
{ "method":"user_add", "params":[ [], { "uid":"test", "givenname":"test", "sn":"test", "userpassword":"test" } ] } I'm left with two questions : - Is it possible to use a hashed password (as stored in the 'meta-IM') as a value for userpassword? And if so, will this propagate to the created Kerberos principal? - After creation, I'm forced to change the password when running `kinit test`. Is it possible to reset prevent the forced password change? As a test, I tried to set the '-needchange' attribute using kadmin but that returned "... Insufficient access while modifying..." I grepped the mailing list archives / API.txt / source code / etc. for clues but without success... Regards, Willem. On Tue, Jun 5, 2012 at 12:51 PM, Alexander Bokovoy <aboko...@redhat.com>wrote: > On Tue, 05 Jun 2012, Willem Bos wrote: > >> Hi Alexander, >> >> Thanks for your quick response. >> >> Yes, the server on which the external IM environment is hosted does not >> have the ipa utils available. As a matter of fact, the server might even >> be >> hosted off-site. We're just beginning to explore IM solutions for our >> environment and the most likely architecture is a 'meta-IM' service that >> provisions platform specific IM's like AD, Oracle's Internet Directory and >> IPA. It will probably be a requirement that the meta-IM is to provision >> IPA >> directly (instead of Meta-IM -> AD -> IPA). >> >> The JASON interface looks promising, I will certainly try the example >> provided. Would user_add be the suitable command to use? It's the obvious >> candidate, but I just want to make sure... >> > Yes, user_add is the command. > > -- > / Alexander Bokovoy >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users