On 04/24/2013 08:32 AM, Tomas Babej wrote: > On 04/24/2013 01:53 PM, Arturo Borrero wrote: >> Hi there. >> >> I'm wondering if it's possible to get FreeIPA with a 'public user >> interface'. >> This is: a place where a standar user can update his password and >> other personal data. I'm thinking in something similar to >> google.com/accounts >> >> Does this exists? If not, it is possible to develop this addon? >> >> We are strongly evaluating this functionality in order to actually >> implement FreeIPA as our identity management system. >> >> Best regards > Hi, > > every user can log in to the Web UI using their login and Kerberos > password. > > Having no other rights, there they can only edit their contact > information, address information, reset their password, etc. > > See /ipa/ui/ on your FreeIPA server, that is > https://ipa.example.com/ipa/ui/ > <https://vm-131.idm.lab.bos.redhat.com/ipa/ui/index.html#identity =user&navigation=identity&user-pkey=random&user-facet=details>
Having played with it off/on a year or so ago, IIRC it's relatively easy to get apache + SSL speaking with LDAP + Kerberos. Even ignoring the direct python IPA interface. With some server-side scripting (I did it in python) you could emulate most of what's on the google accounts-page. The hardest part I found was getting my head around the lower-level LDAP + Kerberos python interfaces. However, going from understanding common-operations of both technologies from the command-line level to working with the API's isn't a very long road. Depending on how "pretty" the web-site needs to be, the "code one yourself" approach could be feasible, given educated developer resources. Since it sounds like your requirements are fairly basic, this may be an option to consider. (No I'm not volunteering, though it sounds fun :) Otherwise, I've also used the built-in web interface. It may be a bit cluttered for someone who _just_ needs to change a password or other very simplistic task (compared to google accounts-page). However if your users are somewhat technically-mided, they shouldn't have any trouble with the built-in self-service UI. It also offers a HUGE benefit to greatly extend self-service to the n-th degree, when it's multi-level rights-management features are used. -- Chris Evich, RHCA, RHCE, RHCDS, RHCSS Quality Assurance Engineer _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users