Thank you for your helpful posts.
Do you know of any organization that provisions accounts and groups in
real-time, from an external IdM system, to IPA, via CLI?
We have an IdM system which will be reading data from HR, and making
'joiner, mover, leaver, decisions' - accounts are provisioned, deleted,
groups changed etc based on the HR data.
Is it feasible to consider the IdM system calling the CLI, via scripts, to
create/delete accounts, manage groups, in near real-time?
I am gathering the details on options and present it to management.
On Fri, Feb 1, 2013 at 4:42 PM, Dmitri Pal <d...@redhat.com> wrote:
> On 02/01/2013 07:00 PM, It Meme wrote:
> We would like to trigger creation of user accounts from another
> application - is this possible completely by LDAP calls?
> Or using the APIs, the best way to proceed?
> Actually using CLIs would be a preferred and supported way for the time
> APIs would be the second. They are stable but not public. We have not
> published them because so far no one seriously considered calling IPA from
> another application. May be you are going to be the first. You can look at
> the extnsibility guide. Also we would be able to provide additional
> guidance but we are not ready to call it an API we not going to break so if
> you are fine with modifying your app if we change things it might be a good
> option for both of us to move to a more production ready API.
> LDAP is not a preferred method for creation of the entries because we do
> more in the code than just calling LDAP modify.
> We can help you to craft something but effectively you would have to
> duplicate our ipa user-add logic within your code. I suspect you do not
> want to go this path.
> Freeipa-users mailing
> Thank you,
> Dmitri Pal
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
> Freeipa-users mailing list
Freeipa-users mailing list