On 02/01/2013 10:26 PM, It Meme wrote:
Hi Dimitri:

Thank you for your helpful posts.

Do you know of any organization that provisions accounts and groups in
real-time, from an external IdM system, to IPA, via CLI?

We have an IdM system which will be reading data from HR, and making
'joiner, mover, leaver, decisions' - accounts are provisioned, deleted,
groups changed etc based on the HR data.

Is it feasible to consider the IdM system calling the CLI, via scripts,
  to create/delete accounts, manage groups, in near real-time?

Calling a script does not take much time (especially compared to the elapsed time it takes for the command to complete), it would only be an issue if you were trying to do a number of transactions per second, but it doesn't sound like your HR dept is going to need that kind of throughput. It's also possible to call our API from Python, others have done this. Whether your IdM forks out to a shell script or to a Python script would be negligible compared to the total elapsed time to complete the operation.

I suppose the answer to your question begs another, what's your definition of "real time"? If your IdM triggers a transaction and it completes within a few seconds is that real time?


John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to