On 10.08.2016 22:52, Mike LoSapio wrote:
Something declarative which can be version controlled and considered a
"source of truth" and driven from configuration management (chef,
puppet, ansible - whatever your flavor)
A scheme to reconcile account properties, group memberships,
permissions, etc... I could see how this would be a slippery slope
because of the depth of groupings/permissions/etc... but a
version-controlled declarative user config gives a nice record for
auditors (When did mike get an account, who granted access to him,
when did he get access, what other access has he had over the last
~~ Pseudo declaraion
No, we don't have this declaractive way to import data.
You can create a script using python IPA API to process JSON/YAML file
Or this RFE maybe is what you need
https://fedorahosted.org/freeipa/ticket/5821, but it didn't get priority.
On Wed, Aug 3, 2016 at 1:56 PM, Martin Basti <mba...@redhat.com> wrote:
On 01.08.2016 22:50, Mike LoSapio wrote:
Is there anyone out there with a good system for storing users,
groups, hosts, etc.. in some sort of version controlled repo w/ flat
files that could plug into "two-man" workflows for user-account
creation and privilege/group membership changes, etc.
There's some github projects out there to help installing FreeIPA
server and a few to get clients up and running, but nothing (that I
could find) for the on-going management of FreeIPA resources.
So in puppet world (just as an example) - I'd be looking for something
like a puppet-defined-type freeipa_user with all the attributes
required and more-importantly all the code-glue that puts it all
Figured I'd ask if there if there's anything already out there before
I re-invent the wheel.
sorry but I don't understand what you exactly need, can you be more
specific? Do you need a script that provision users?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project