On 02/09/2013 11:53 AM, John Dennis wrote: > On 02/08/2013 05:29 PM, It Meme wrote: >> Hi: >> >> Scenario: >> >> 1) User is created via LDAP call to IPA (i.e.the 389 Directory Server) >> >> The above user will not have IPA-specific attributes. >> >> Can we use the Python Library, or CLI, to modify the account to >> IPA-ize it? > > You're really better off using the IPA API directly rather than trying > to bypass it. Why? Because we implement additional logic inside the > commands. If you could achieve everything IPA does by just modifying > an LDAP server there wouldn't be a need for IPA. A good example of > this is group membership, some of that logic is handled directly by a > plugin to the 389 DS, but a large part of it is implemented in the IPA > commands that manage users and groups. You really don't want to bypass > it. > > You have a number of options on how to call the IPA commands: > > 1) the ipa command line client > > 2) sending the command formatted in JSON to the server > > 3) sending the command formatted in XML-RPC to the server > > 4) calling the command from your own python code > > 5) using the web GUI > > It's really not hard to call the IPA command line client from a > program, typically this is done via a "system" command of which there > are a number of variants. > > The following thread has a discussion of how to invoke one of our > commands from Python code, this particular email response from Martin > shows how it can be done in in about half a dozen lines of code. > > https://www.redhat.com/archives/freeipa-users/2012-June/msg00334.html > > What I'm not understanding why you're avoiding using the commands we > provide. If you're not familiar with how to call another > program/process we can help you or just google it. Or is the problem > your existing management system does not provide you with any "hooks" > to execute code when an action occurs. But from everything you've said > so far you imply it does provide such hooks. Perhaps if you could be > more specific we could be more helpful. > It seems that the management system in question can insert an entry into LDAP but can't do the "generic" hook. I bet this is the issue here.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users