Thank you John for your helpful reply. Near real time will be sufficient - within the 5 min range.
Will it be practical when managing a user's groups - these can happen when a user moves within the organization or is terminated. On Fri, Feb 1, 2013 at 8:59 PM, John Dennis <jden...@redhat.com> wrote: > On 02/01/2013 10:26 PM, It Meme wrote: > >> Hi Dimitri: >> >> Thank you for your helpful posts. >> >> Do you know of any organization that provisions accounts and groups in >> real-time, from an external IdM system, to IPA, via CLI? >> >> We have an IdM system which will be reading data from HR, and making >> 'joiner, mover, leaver, decisions' - accounts are provisioned, deleted, >> groups changed etc based on the HR data. >> >> Is it feasible to consider the IdM system calling the CLI, via scripts, >> to create/delete accounts, manage groups, in near real-time? >> > > Calling a script does not take much time (especially compared to the > elapsed time it takes for the command to complete), it would only be an > issue if you were trying to do a number of transactions per second, but it > doesn't sound like your HR dept is going to need that kind of throughput. > It's also possible to call our API from Python, others have done this. > Whether your IdM forks out to a shell script or to a Python script would be > negligible compared to the total elapsed time to complete the operation. > > I suppose the answer to your question begs another, what's your definition > of "real time"? If your IdM triggers a transaction and it completes within > a few seconds is that real time? > > John > > -- > John Dennis <jden...@redhat.com> > > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users