On 02/08/2013 05:29 PM, It Meme wrote:
1) User is created via LDAP call to IPA (i.e.the 389 Directory Server)
The above user will not have IPA-specific attributes.
Can we use the Python Library, or CLI, to modify the account to IPA-ize it?
You're really better off using the IPA API directly rather than trying
to bypass it. Why? Because we implement additional logic inside the
commands. If you could achieve everything IPA does by just modifying an
LDAP server there wouldn't be a need for IPA. A good example of this is
group membership, some of that logic is handled directly by a plugin to
the 389 DS, but a large part of it is implemented in the IPA commands
that manage users and groups. You really don't want to bypass it.
You have a number of options on how to call the IPA commands:
1) the ipa command line client
2) sending the command formatted in JSON to the server
3) sending the command formatted in XML-RPC to the server
4) calling the command from your own python code
5) using the web GUI
It's really not hard to call the IPA command line client from a program,
typically this is done via a "system" command of which there are a
number of variants.
The following thread has a discussion of how to invoke one of our
commands from Python code, this particular email response from Martin
shows how it can be done in in about half a dozen lines of code.
What I'm not understanding why you're avoiding using the commands we
provide. If you're not familiar with how to call another program/process
we can help you or just google it. Or is the problem your existing
management system does not provide you with any "hooks" to execute code
when an action occurs. But from everything you've said so far you imply
it does provide such hooks. Perhaps if you could be more specific we
could be more helpful.
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
Freeipa-users mailing list