On 03/23/2015 05:56 PM, Timothy Worman wrote:
I have an existing web app built with java/WebObjects that currently handles
some user/groups tasks with our current directory server (Open Directory). We
are investigating a move to FreeIPA for our directory services.
Just in mucking around, I’ve found that if I try to insert a new user
(inetOrgPerson) into into IPA’s implementation, the new user does not inherit
all the object classes it should. It only inherits the ones leading to
inetOrgPerson. This does result in a successful inetOrgPerson insertion, but
that user record does not show up in the Web GUI management tools.
Usually, I have focused on inetOrgPerson because that is where the bulk of the
info about a user lives.
We have a SQL database that contains people in our organization (used by other
services), so, we need to be able to leverage that and push users into IPA when
appropriate and we have an existing app to do this.
Tim W
You have several options:
1) Call ipa CLI from your application - this is possible right now (but
not quite nice)
2) Call ipa JSON API from your application - this is not supported but
possible. We use python API. You can do it in Java but it will be a lot
of work.
3) Use more elaborate LDAP add commands (with all the object classes
needed for users). Hard, but doable.
4) Help us with testing the upcoming feature
http://www.freeipa.org/page/V4/User_Life-Cycle_Management that would
allow creating users via simple ldap command in a staging area and them
moving them to normal users area with automatic creation of missing
attributes by means of a cron job.
I would vote for 1) as a temp solution and 4) as a longer term one.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
