Hi Dimitri: Thank you for your helpful posts.
Do you know of any organization that provisions accounts and groups in real-time, from an external IdM system, to IPA, via CLI? We have an IdM system which will be reading data from HR, and making 'joiner, mover, leaver, decisions' - accounts are provisioned, deleted, groups changed etc based on the HR data. Is it feasible to consider the IdM system calling the CLI, via scripts, to create/delete accounts, manage groups, in near real-time? I am gathering the details on options and present it to management. Thanks. On Fri, Feb 1, 2013 at 4:42 PM, Dmitri Pal <d...@redhat.com> wrote: > On 02/01/2013 07:00 PM, It Meme wrote: > > Hi: > > We would like to trigger creation of user accounts from another > application - is this possible completely by LDAP calls? > > Or using the APIs, the best way to proceed? > > > Actually using CLIs would be a preferred and supported way for the time > being. > APIs would be the second. They are stable but not public. We have not > published them because so far no one seriously considered calling IPA from > another application. May be you are going to be the first. You can look at > the extnsibility guide. Also we would be able to provide additional > guidance but we are not ready to call it an API we not going to break so if > you are fine with modifying your app if we change things it might be a good > option for both of us to move to a more production ready API. > LDAP is not a preferred method for creation of the entries because we do > more in the code than just calling LDAP modify. > We can help you to craft something but effectively you would have to > duplicate our ipa user-add logic within your code. I suspect you do not > want to go this path. > > Thanks > Dmitri > > > Thanks. > > > > > _______________________________________________ > Freeipa-users mailing > listFreeipaemail@example.com://www.redhat.com/mailman/listinfo/freeipa-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users