Re: [Freeipa-users] users account functionality
On 05/03/2013 03:24 AM, Juan Armario wrote: > Sorry for my english. > > My doubt is about the user's functions. For example when I want to do > the login into the web site and I don't remember the pass. I click in > a link, button... and I receive a mail with the instructions for reset > the pass, or with a temporary pass that I must change... > > The others functions are when the user want to create a account, and > fill in a form with name, surname... and the admin receive a mail and > active the account. The same for delete the account. > > Exist something already implemented or have I to do it? Is not a > problem for me do it, but it's better use something already tested and > working. > > I hope now my doubt is more clear. Sorry for delayed reply. Was away for couple days. Yes. Now it is more clear. Let me summarize: 1) Provide a self service password reset capability. https://fedorahosted.org/freeipa/ticket/3611 2) Provide a self service interface to reset forgotten password using some kind of temporary code. https://fedorahosted.org/freeipa/ticket/3612 3) Provide a self service enrollment capability with admin approval and notification workflow https://fedorahosted.org/freeipa/ticket/3613 4) Provide a self service account decommissioning with admin approval https://fedorahosted.org/freeipa/ticket/3614 None of these are implemented so I opened tickets on your behalf. We would be glad if someone would pick it up however please start with the design proposal and get it acked on the list because this area is very security sensitive and we do not want to jeopardize the security and integrity of the system. > > thanks. > > On 02/05/13 15:49, John Dennis wrote: >> On 05/02/2013 04:42 AM, Juan Armario wrote: >>> Hi, >>> >>> I'm Juan and I'm building a freeipa application and need to know if it >>> possible integrate a module or if is already developed, the typical >>> functionality when we want an authentication service for our users, >>> like >>> remember password, create users, and send an email for confirmation, or >>> send a account delete request. >>> >>> We have installed the basic freeipa and we need to incorporate this >>> functionality. >>> >>> Exist this or have I to implement it? >> >> It's a little hard to understand exactly what you're looking to >> accomplish, for instance what does "remember password" mean? >> >> It doesn't sound like what you're looking for requires adding a >> plugin module, rather you're looking to add a front-end to IPA which >> is easy to do with scripts. IPA is quite amenable to scripting >> because we provide a command line interface. You can either call the >> ipa command from a shell script or you can write your own Python >> scripts and invoke the IPA API directly. Be careful though, the type >> of operations you've described all require administrator privileges, >> it's not something a general user can do. >> >> > > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] users account functionality
Sorry for my english. My doubt is about the user's functions. For example when I want to do the login into the web site and I don't remember the pass. I click in a link, button... and I receive a mail with the instructions for reset the pass, or with a temporary pass that I must change... The others functions are when the user want to create a account, and fill in a form with name, surname... and the admin receive a mail and active the account. The same for delete the account. Exist something already implemented or have I to do it? Is not a problem for me do it, but it's better use something already tested and working. I hope now my doubt is more clear. thanks. On 02/05/13 15:49, John Dennis wrote: On 05/02/2013 04:42 AM, Juan Armario wrote: Hi, I'm Juan and I'm building a freeipa application and need to know if it possible integrate a module or if is already developed, the typical functionality when we want an authentication service for our users, like remember password, create users, and send an email for confirmation, or send a account delete request. We have installed the basic freeipa and we need to incorporate this functionality. Exist this or have I to implement it? It's a little hard to understand exactly what you're looking to accomplish, for instance what does "remember password" mean? It doesn't sound like what you're looking for requires adding a plugin module, rather you're looking to add a front-end to IPA which is easy to do with scripts. IPA is quite amenable to scripting because we provide a command line interface. You can either call the ipa command from a shell script or you can write your own Python scripts and invoke the IPA API directly. Be careful though, the type of operations you've described all require administrator privileges, it's not something a general user can do. -- Juan Armario Muñoz Departamento de Aplicaciones Centro Informático Científico de Andalucía Consejería de Economía, Innovación, Ciencia y Empleo Junta de Andalucía Avenida de la Reina Mercedes s/n 41012 - Sevilla (España) Teléfono: (+34) 955.056.600 Email: juan.arma...@cica.es ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] users account functionality
On 05/02/2013 09:49 AM, John Dennis wrote: > On 05/02/2013 04:42 AM, Juan Armario wrote: >> Hi, >> >> I'm Juan and I'm building a freeipa application and need to know if it >> possible integrate a module or if is already developed, the typical >> functionality when we want an authentication service for our users, like >> remember password, create users, and send an email for confirmation, or >> send a account delete request. >> >> We have installed the basic freeipa and we need to incorporate this >> functionality. >> >> Exist this or have I to implement it? > > It's a little hard to understand exactly what you're looking to > accomplish, for instance what does "remember password" mean? > > It doesn't sound like what you're looking for requires adding a plugin > module, rather you're looking to add a front-end to IPA which is easy > to do with scripts. IPA is quite amenable to scripting because we > provide a command line interface. You can either call the ipa command > from a shell script or you can write your own Python scripts and > invoke the IPA API directly. Be careful though, the type of operations > you've described all require administrator privileges, it's not > something a general user can do. > > It looks like Juan is looking for some kind of more advanced self service portal. But it is not clear what the specific requirements are. Juan can you please be more detailed in what are the workflows you have in mind. Are you looking for the self service registration with mail confirmation? If yes this does not exist now and generally IPA is the domain controller for the controlled environment it is not a good fit for a general purpose accounting service unless you explicitly extend it. If this is what you are looking for you can script the addition flows with CLI or contribute code however you need to be sure your security mode is sound. We do not want to add functionality that would allow anyone to self register to any instance of IPA that would be a security disaster. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] users account functionality
On 05/02/2013 04:42 AM, Juan Armario wrote: Hi, I'm Juan and I'm building a freeipa application and need to know if it possible integrate a module or if is already developed, the typical functionality when we want an authentication service for our users, like remember password, create users, and send an email for confirmation, or send a account delete request. We have installed the basic freeipa and we need to incorporate this functionality. Exist this or have I to implement it? It's a little hard to understand exactly what you're looking to accomplish, for instance what does "remember password" mean? It doesn't sound like what you're looking for requires adding a plugin module, rather you're looking to add a front-end to IPA which is easy to do with scripts. IPA is quite amenable to scripting because we provide a command line interface. You can either call the ipa command from a shell script or you can write your own Python scripts and invoke the IPA API directly. Be careful though, the type of operations you've described all require administrator privileges, it's not something a general user can do. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users