On 09/12/2014 03:36 PM, Tamas Papp wrote:

On 09/12/2014 02:47 PM, Martin Kosek wrote:
On 09/11/2014 02:06 AM, Dmitri Pal wrote:
On 09/10/2014 07:10 PM, Tamas Papp wrote:
hi All,

Is there an offficial API documentation available?

Unfortunately not much. You can search archives and find some recommendations
that helped people in the past.
https://www.redhat.com/archives/freeipa-users/2013-January/msg00109.html

We also have a ticket
https://fedorahosted.org/freeipa/ticket/3129

We also have a ticket
https://fedorahosted.org/freeipa/ticket/4233
targeted on FreeIPA 4.1 to see the actual JSON queries that "ipa" command
sends. It would make it easier to see how we use the API.

Actually what is the recommended way to use ipa as a simple ldap backend for a
service without kerberos?
In fact the service does not need kerberos and things like that, but I like the
helper tools of ipa, like ipa command, web UI, easy replication etc.

Can I make trouble by writing the directory directly though ldap
(add/delete/modify users + groups).

10x
tamas

You can of course use FreeIPA only as an LDAP backend to your app, even though Kerberos brings many advantages - but this is not what you asked :-)

If you are lucky and you set all the attributes correctly, you could add users via ldapadd. But we do not recommend it as one can easily miss some change, attribute or objectclass that ipa command does and other tool expects. So using the API or ipa tool itself is a recommended way of communication.

However, note that we have a work in progress exactly on this feature, i.e. an ability to add users via LDAP protocol and then have them processed by ipa tools adding all required attributes and stuff. See tickets

https://fedorahosted.org/freeipa/ticket/3813
https://fedorahosted.org/freeipa/ticket/4445

and design page
http://www.freeipa.org/page/V4/User_Life-Cycle_Management

This work is planned for FreeIPA 4.2.

Martin
Martin


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to