Hi Dimitri:

Thank you for your helpful posts.

Do you know of any organization that provisions accounts and groups in
real-time, from an external IdM system, to IPA, via CLI?

We have an IdM system which will be reading data from HR, and making
'joiner, mover, leaver, decisions' - accounts are provisioned, deleted,
groups changed etc based on the HR data.

Is it feasible to consider the IdM system calling the CLI, via scripts,  to
create/delete accounts, manage groups, in near real-time?

I am gathering the details on options and present it to management.

Thanks.




On Fri, Feb 1, 2013 at 4:42 PM, Dmitri Pal <d...@redhat.com> wrote:

>  On 02/01/2013 07:00 PM, It Meme wrote:
>
> Hi:
>
>  We would like to trigger creation of user accounts from another
> application - is this possible completely by LDAP calls?
>
>  Or using the APIs, the best way to proceed?
>
>
> Actually using CLIs would be a preferred and supported way for the time
> being.
> APIs would be the second. They are stable but not public. We have not
> published them because so far no one seriously considered calling IPA from
> another application. May be you are going to be the first. You can look at
> the extnsibility guide. Also we would be able to provide additional
> guidance but we are not ready to call it an API we not going to break so if
> you are fine with modifying your app if we change things it might be a good
> option for both of us to move to a more production ready API.
> LDAP is not a preferred method for creation of the entries because we do
> more in the code than just calling LDAP modify.
> We can help you to craft something but effectively you would have to
> duplicate our ipa user-add logic within your code. I suspect you do not
> want to go this path.
>
> Thanks
> Dmitri
>
>
>  Thanks.
>
>
>
>
> _______________________________________________
> Freeipa-users mailing 
> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to