[Freeipa-users] Re: api scripts
Hi Andrew, On 26/12/2017 16:35, Andrew Meyer wrote: > Jens, > I'm not familiar w/ Python. How do I pass the url, user and realm to > it? Do I do something like this - './freeipaclient.py url=myurl > user=username' ? > If you're not familiar with python my code is probably not useful for you. It's main purpose is to be a library to be integrated into other python tools/scripts, not to be used as a command line tool. To perform quick commands against ipa from the command line I just use the ipa client https://www.freeipa.org/page/Client If you want to script things, then more information on the api is indeed actually pretty hard to come by. see https://www.redhat.com/archives/freeipa-users/2015-April/msg00582.html which eventually pointed me to https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/ The thing here that I needed to figure out to get kerberos authentication working in python (and probably a lot of other scripting languages) is that you can just set KRB5_KTNAME=/path/to/keytabfile and use GSSAPI in your script. And to get the actuall REST calls you can just run ipa -vv Regards, Jens Timmerman > Thank you! > > Hi Andrew, > > On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > > Does anyone have any examples or could share what they have written? > > > > I am trying to write a script and not sure what components I need. > I've been working on a python client for a bit. It will probably be made > public when I'm done. > But at the moment I'm just adding methods as I need them. > You can find what I'm allowed to share at the moment at > https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 > > feedback greatly appreciated. > > Regards, > Jens Timmerman ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Jens,I'm not familiar w/ Python. How do I pass the url, user and realm to it? Do I do something like this - './freeipaclient.py url=myurl user=username' ? Thank you! On Thursday, December 21, 2017 2:40 PM, Andrew Meyer via FreeIPA-users wrote: Does this script prompt you to enter the data needed or do I need to hard code it? On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users wrote: Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Does this script prompt you to enter the data needed or do I need to hard code it? On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users wrote: Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Hi Andrew and Jens, I’ve been using python-freeipa https://github.com/opennode/python-freeipa https://pypi.python.org/pypi/python-freeipa/0.1.2 So… from python_freeipa import Client from configuration import config, args # a thing that processes args and configparser config client = Client( config['freeipa']['server'], version=config['freeipa']['version'], verify_ssl=false ) client.login( config['freeipa']['user'], config['freeipa']['password'] ) client.user_find(‘username’) I use some basic wrapper functions around the methods though: def ipa_user_mod(uid, **kwargs): if config['freeipa'].getboolean('enabled') is True: if args.dry_run is not True: client.user_mod(uid, **kwargs) else: logger.info("Dry-run, last user update(s) skipped") return True else: logger.info(‘freeIPA disabled') return None def ipa_group_mod(uid, **kwargs): if config['freeipa'].getboolean('enabled') is True: if args.dry_run is not True: client.group_mod(uid, **kwargs) else: logger.info("Dry-run, last group update(s) skipped") return True else: logger.info(‘freeIPA disabled') return None My group and user add functions are more complicated and contain duplicate tests etc. From: Andrew Meyer via FreeIPA-users [mailto:freeipa-users@lists.fedorahosted.org] Sent: Friday, 22 December 2017 5:50 AM To: FreeIPA users list Cc: Jens Timmerman ; Andrew Meyer Subject: [Freeipa-users] Re: api scripts Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users mailto:freeipa-users@lists.fedorahosted.org> > wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org> ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org <mailto:freeipa-users-le...@lists.fedorahosted.org> ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Thank you On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users wrote: Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: api scripts
Hi Andrew, On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote: > Does anyone have any examples or could share what they have written? > > I am trying to write a script and not sure what components I need. I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9 feedback greatly appreciated. Regards, Jens Timmerman > > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org