On 10.08.2016 22:52, Mike LoSapio wrote:
Something declarative which can be version controlled and considered a
"source of truth" and driven from configuration management (chef,
puppet, ansible - whatever your flavor)
A scheme to reconcile account properties, group memberships,
permissions, etc... I could see how this would be a slippery slope
because of the depth of groupings/permissions/etc... but a
version-controlled declarative user config gives a nice record for
auditors (When did mike get an account, who granted access to him,
when did he get access, what other access has he had over the last
year... etc..)
~~ Pseudo declaraion
ipa_user: mike
uid: mlosapio
first_name: mike
last_name: losapio
No, we don't have this declaractive way to import data.
You can create a script using python IPA API to process JSON/YAML file
for example.
Or this RFE maybe is what you need
https://fedorahosted.org/freeipa/ticket/5821, but it didn't get priority.
Martin
On Wed, Aug 3, 2016 at 1:56 PM, Martin Basti <mba...@redhat.com> wrote:
On 01.08.2016 22:50, Mike LoSapio wrote:
Hi there,
Is there anyone out there with a good system for storing users,
groups, hosts, etc.. in some sort of version controlled repo w/ flat
files that could plug into "two-man" workflows for user-account
creation and privilege/group membership changes, etc.
There's some github projects out there to help installing FreeIPA
server and a few to get clients up and running, but nothing (that I
could find) for the on-going management of FreeIPA resources.
So in puppet world (just as an example) - I'd be looking for something
like a puppet-defined-type freeipa_user with all the attributes
required and more-importantly all the code-glue that puts it all
together...
Figured I'd ask if there if there's anything already out there before
I re-invent the wheel.
TIA,
--Mike
Hello,
sorry but I don't understand what you exactly need, can you be more
specific? Do you need a script that provision users?
Martin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
