On Fri, 13 May 2016, Petr Vobornik wrote:
On 05/13/2016 11:49 AM, Alexander Bokovoy wrote:
On Thu, 12 May 2016, Jan Cholasta wrote:
On 11.5.2016 10:52, Martin Kosek wrote:
On 05/07/2016 09:07 AM, Joshua J. Kugler wrote:
On Friday, May 06, 2016 09:04:59 Martin Basti wrote:
since IPA4.2 web UI contains API browser (IPA Server/API Browser)
So for example for caacl-add:
you can try commands in "ipa console" it contains initialized API,
API.txt provides the same information as API browser, but browser
Feel free to ask anything, if you identified gaps in docs which are
to understand for non-IPA developer feel free report it, or feel
create howTo in freeipa.org page.
Thanks for the pointers. I'm looking at automating some user and group
additions, group editing, etc. Am I right in assuming that anything
the api.Command.<some_command> will require a kinit <user> before it
even if it is via the Python API? If I want to use a user/pass from
itself (and not have a shell script which does kinit, then fires off
script) would I be better off hitting the web API with sessions and
Put another way, since I want to hit the API from a system that
might not have
sssd installed, nor has joined the realm, I assume it would be
use api.Command.<something> as it relies on a Kerberos ticket? To
put it yet
another way: is there a way to hand a user/pass to the Python API and
authenticate that way.
The API itself can be hit with user/password, as noted in Alexander's
you want to use the actual Python API, Kerberos may be the only way.
think Jan or Petr may had some other (hacky) way to pass
user+password there too.
I don't think we support anything but Kerberos on the client side in
our Python API. It might be possible to somehow emulate what the web
UI does, but I haven't personally ever attempted to do that. Petr,
It should be relatively easy to update IPA cli code to accept a jar with
a cookie and use that if Kerberos ccache is missing or empty.
I implemented it a year ago, but the patch was not merged:
I can revive it. I think it brings sufficient value to get merged.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project