On 02/08/2013 05:29 PM, It Meme wrote:


1) User is created via LDAP call to IPA (i.e.the 389 Directory Server)

The above user will not have IPA-specific attributes.

Can we use the Python Library, or CLI, to modify the account to IPA-ize it?

You're really better off using the IPA API directly rather than trying to bypass it. Why? Because we implement additional logic inside the commands. If you could achieve everything IPA does by just modifying an LDAP server there wouldn't be a need for IPA. A good example of this is group membership, some of that logic is handled directly by a plugin to the 389 DS, but a large part of it is implemented in the IPA commands that manage users and groups. You really don't want to bypass it.

You have a number of options on how to call the IPA commands:

1) the ipa command line client

2) sending the command formatted in JSON to the server

3) sending the command formatted in XML-RPC to the server

4) calling the command from your own python code

5) using the web GUI

It's really not hard to call the IPA command line client from a program, typically this is done via a "system" command of which there are a number of variants.

The following thread has a discussion of how to invoke one of our commands from Python code, this particular email response from Martin shows how it can be done in in about half a dozen lines of code.


What I'm not understanding why you're avoiding using the commands we provide. If you're not familiar with how to call another program/process we can help you or just google it. Or is the problem your existing management system does not provide you with any "hooks" to execute code when an action occurs. But from everything you've said so far you imply it does provide such hooks. Perhaps if you could be more specific we could be more helpful.

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to