[Freeipa-users] Re: api scripts
Hi Andrew, On 26/12/2017 16:35, Andrew Meyer wrote: > Jens, > I'm not familiar w/ Python. How do I pass the url, user and realm to > it? Do I do something like this - './freeipaclient.py url=myurl > user=username' ? > If you're not familiar with python my code is probably not useful for you. It's main purpose is to be a library to be integrated into other python tools/scripts, not to be used as a command line tool. To perform quick commands against ipa from the command line I just use the ipa client https://www.freeipa.org/page/Client If you want to script things, then more information on the api is indeed actually pretty hard to come by. see https://www.redhat.com/archives/freeipa-users/2015-April/msg00582.html which eventually pointed me to https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/ The thing here that I needed to figure out to get kerberos authentication working in python (and probably a lot of other scripting languages) is that you can just set KRB5_KTNAME=/path/to/keytabfile and use GSSAPI in your script. And to get the actuall REST calls you can just run ipa -vv Regards, Jens Timmerman > Thank you! > > Hi Andrew, > > On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > > Does anyone have any examples or could share what they have written? > > > > I am trying to write a script and not sure what components I need. > I've been working on a python client for a bit. It will probably be made > public when I'm done. > But at the moment I'm just adding methods as I need them. > You can find what I'm allowed to share at the moment at > https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 > > feedback greatly appreciated. > > Regards, > Jens Timmerman ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Jens,I'm not familiar w/ Python. How do I pass the url, user and realm to it? Do I do something like this - './freeipaclient.py url=myurl user=username' ? Thank you! On Thursday, December 21, 2017 2:40 PM, Andrew Meyer via FreeIPA-users wrote: Does this script prompt you to enter the data needed or do I need to hard code it? On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users wrote: Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Does this script prompt you to enter the data needed or do I need to hard code it? On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users wrote: Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Hi Andrew and Jens,
I’ve been using python-freeipa
https://github.com/opennode/python-freeipa
https://pypi.python.org/pypi/python-freeipa/0.1.2
So…
from python_freeipa import Client
from configuration import config, args # a thing that processes args and
configparser config
client = Client(
config['freeipa']['server'],
version=config['freeipa']['version'],
verify_ssl=false
)
client.login(
config['freeipa']['user'],
config['freeipa']['password']
)
client.user_find(‘username’)
I use some basic wrapper functions around the methods though:
def ipa_user_mod(uid, **kwargs):
if config['freeipa'].getboolean('enabled') is True:
if args.dry_run is not True:
client.user_mod(uid, **kwargs)
else:
logger.info("Dry-run, last user update(s) skipped")
return True
else:
logger.info(‘freeIPA disabled')
return None
def ipa_group_mod(uid, **kwargs):
if config['freeipa'].getboolean('enabled') is True:
if args.dry_run is not True:
client.group_mod(uid, **kwargs)
else:
logger.info("Dry-run, last group update(s) skipped")
return True
else:
logger.info(‘freeIPA disabled')
return None
My group and user add functions are more complicated and contain duplicate
tests etc.
From: Andrew Meyer via FreeIPA-users
[mailto:freeipa-users@lists.fedorahosted.org]
Sent: Friday, 22 December 2017 5:50 AM
To: FreeIPA users list
Cc: Jens Timmerman ; Andrew Meyer
Subject: [Freeipa-users] Re: api scripts
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users
mailto:freeipa-users@lists.fedorahosted.org> > wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
> Does anyone have any examples or could share what they have written?
>
> I am trying to write a script and not sure what components I need.
I've been working on a python client for a bit. It will probably be made
public when I'm done.
But at the moment I'm just adding methods as I need them.
You can find what I'm allowed to share at the moment at
https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards,
Jens Timmerman
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
