Zip Ly wrote:

Normally if IPA has a well documented API then my approach would be:
user --> (internet) --> webserver --> lPA API --> IPA server
But since there isn't much info about the API then my approach would be:
user --> (internet) --> webserver --> a PHP script which acts as an
custom API --> IPA server
The problem is I don't know which commands are available en which
values/params I should send. For example:
These are commands for xml rpc. Without examples it's difficult to find
out how to use it.

The API changed between v1 and v2/3, so these docs are not right for your purposes.

We haven't formally documented the API (either json or xml-rpc) yet because it is still somewhat in flux. The API is baked into the ipa client, so any command you can run from there is the equivalent of a json/xml-rpc command, just substituting underscore for dash.

About the closest we have is API.txt in the source tree. This is really designed to be read by a computer but it outlines each command and the options it takes, and the output it returns.

But they are different from this example:
In this example a "user_find" command is used, but this command cannot
be found in the official xml rpc document above.
In ssh I can display a list of commands with "ipa help commands" I don't
know if they are all supported in "/ipa/json" I probably need to replace
all dashes with underscores (correct me if I'm wrong).

The same commands and options are available over json as xml-rpc.

If I want to display all the supported params from one certain command
for example "ipa help user-find". Then, are all the double dashed params
also the supported params which I can send with JSON?


I prefer using the native API if there is one (hidden somewhere),
because I don't want to reinvent the wheel with security leaks which I'm
not aware of. Especially when I need to execute CLI commands from
the PHP scripts.

The native API is json/xml-rpc. They are currently equivalent. In the near future we are going to mark xml-rpc as deprecated and it will start to fall behind in features, and eventually we may drop it altogether.


Freeipa-users mailing list

Reply via email to