On Friday, May 06, 2016 09:04:59 Martin Basti wrote: > since IPA4.2 web UI contains API browser (IPA Server/API Browser) > > So for example for caacl-add: > api.Command.caacl_add(u'argument-ca-acl-name', description=u"optional > description") > > you can try commands in "ipa console" it contains initialized API, just > call api.Command.<your-favorite-command>() > > API.txt provides the same information as API browser, but browser looks > better :) > > Feel free to ask anything, if you identified gaps in docs which are hard > to understand for non-IPA developer feel free report it, or feel free to > create howTo in freeipa.org page.
Thanks for the pointers. I'm looking at automating some user and group additions, group editing, etc. Am I right in assuming that anything that uses the api.Command.<some_command> will require a kinit <user> before it is run, even if it is via the Python API? If I want to use a user/pass from the script itself (and not have a shell script which does kinit, then fires off my Python script) would I be better off hitting the web API with sessions and JSON-RPC as detailed here: https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/ Put another way, since I want to hit the API from a system that might not have sssd installed, nor has joined the realm, I assume it would be *impossible* to use api.Command.<something> as it relies on a Kerberos ticket? To put it yet another way: is there a way to hand a user/pass to the Python API and authenticate that way. Those are the questions I did not see addressed in the docs that I found. There were lots of examples of invoking commands, but I never saw anything about authenticating to the server before running the commands. Thanks again for the pointers, and if there is documentation I missed, feel free to point me in that direction. j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design jos...@azariah.com - Jabber: pedah...@gmail.com PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project