On 07/26/2013 04:37 PM, Rob Crittenden wrote:
Zip Ly wrote:
Normally if IPA has a well documented API then my approach would be:
user --> (internet) --> webserver --> lPA API --> IPA server
But since there isn't much info about the API then my approach would be:
user --> (internet) --> webserver --> a PHP script which acts as an
custom API --> IPA server
The problem is I don't know which commands are available en which
values/params I should send. For example:
http://www.freeipa.org/docs/1.2/Administrators_Reference/en-US/html/chap-Administration_Reference-XML_RPC_Application_Programming_Interface_API_Documentation.html#
These are commands for xml rpc. Without examples it's difficult to find
out how to use it.
The API changed between v1 and v2/3, so these docs are not right for
your purposes.
We haven't formally documented the API (either json or xml-rpc) yet
because it is still somewhat in flux. The API is baked into the ipa
client, so any command you can run from there is the equivalent of a
json/xml-rpc command, just substituting underscore for dash.
About the closest we have is API.txt in the source tree. This is really
designed to be read by a computer but it outlines each command and the
options it takes, and the output it returns.
But they are different from this example:
http://adam.younglogic.com/2010/07/talking-to-freeipa-json-web-api-via-curl/
In this example a "user_find" command is used, but this command cannot
be found in the official xml rpc document above.
In ssh I can display a list of commands with "ipa help commands" I don't
know if they are all supported in "/ipa/json" I probably need to replace
all dashes with underscores (correct me if I'm wrong).
The same commands and options are available over json as xml-rpc.
If I want to display all the supported params from one certain command
for example "ipa help user-find". Then, are all the double dashed params
also the supported params which I can send with JSON?
Yes.
Note that for some LDAP attributes dash param names may be different
than API option names. It those cases the correct one is LDAP attribute
name.
Use `ipa show-mappings command-name` to find the correct names.
I prefer using the native API if there is one (hidden somewhere),
because I don't want to reinvent the wheel with security leaks which I'm
not aware of. Especially when I need to execute CLI commands from
the PHP scripts.
The native API is json/xml-rpc. They are currently equivalent. In the
near future we are going to mark xml-rpc as deprecated and it will start
to fall behind in features, and eventually we may drop it altogether.
rob
--
Petr Vobornik
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
