On ke, 21 huhti 2021, Ronald Wimmer via FreeIPA-users wrote:
On 20.04.21 19:05, Rob Crittenden wrote:
>Ronald Wimmer via FreeIPA-users wrote:
>>Which permission would let a user use the API browser in the WebGUI? Or
>>is there already a privilege that is well-suited for and API user? (or
>>even a role?)
>
>Any authenticated user should be able to use the API browser.
>
>There is no permission to limit access to it nor is there currently a
>way to create one since the API is generated on-the-fly through
>introspection.
The only Tabs a testuser sees are "User" and "OTP-Token" but the user
can call
https://tipa01.ipatest.mydomain.at/ipa/ui/#/p/apibrowser/type=command
You have the very same information in IPA CLI as well. All you need is
to be authenticated.
ipa help commands
ipa command-show 'command' --all
ipa param-find 'command'
ipa param-show 'command' 'parameter'
ipa output-find 'command'
ipa output-show 'command' 'parameter'
For example:
$ ipa command-show user-add --all
Name: user_add
Version: 1
Full name: user_add/1
Documentation: Add a new user.
Help topic: user/1
Parameters: uid, givenname, sn, cn, displayname, initials,
homedirectory, gecos, loginshell, krbprincipalname,
krbprincipalexpiration, krbpasswordexpiration, mail, userpassword,
random, uidnumber, gidnumber, street, l, st, postalcode,
telephonenumber, mobile, pager, facsimiletelephonenumber, ou, title,
manager, carlicense, ipasshpubkey, ipauserauthtype, userclass,
ipatokenradiusconfiglink, ipatokenradiususername, departmentnumber,
employeenumber, employeetype, preferredlanguage,
usercertificate, nsaccountlock, setattr, addattr, noprivate, all, raw,
no_members
Method of: user/1
Method name: add
$ ipa param-show user-add usercertificate
Name: usercertificate
Documentation: Base-64 encoded user certificate
Type: Certificate
Required: False
Multi-value: True
CLI name: certificate
Label: Certificate
$ ipa output-find user-add
Name: summary
Documentation: User-friendly description of action performed
Type: str
Required: False
Name: result
Type: dict
Name: value
Documentation: The primary_key value of the entry, e.g. 'jdoe' for a user
Type: str
----------------------------
Number of entries returned 3
----------------------------
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland