10:49 a.m.
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been
working on a python client for a bit. It will probably be made
public when I'm done.
But at the moment I'm just adding methods as I need them.
You can find what I'm allowed to share at the moment at
https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards,
Jens Timmerman
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
2:35 p.m.
New subject: api scripts
Hi Andrew and Jens,
I’ve been using python-freeipa
https://github.com/opennode/python-freeipa
https://pypi.python.org/pypi/python-freeipa/0.1.2
So…
from python_freeipa import Client
from configuration import config, args # a thing that processes args and configparser
config
client = Client(
config['freeipa']['server'],
version=config['freeipa']['version'],
verify_ssl=false
)
client.login(
config['freeipa']['user'],
config['freeipa']['password']
)
client.user_find(‘username’)
I use some basic wrapper functions around the methods though:
def ipa_user_mod(uid, **kwargs):
if config['freeipa'].getboolean('enabled') is True:
if args.dry_run is not True:
client.user_mod(uid, **kwargs)
else:
logger.info("Dry-run, last user update(s) skipped")
return True
else:
logger.info(‘freeIPA disabled')
return None
def ipa_group_mod(uid, **kwargs):
if config['freeipa'].getboolean('enabled') is True:
if args.dry_run is not True:
client.group_mod(uid, **kwargs)
else:
logger.info("Dry-run, last group update(s) skipped")
return True
else:
logger.info(‘freeIPA disabled')
return None
My group and user add functions are more complicated and contain duplicate tests etc.
From: Andrew Meyer via FreeIPA-users [mailto:freeipa-users@lists.fedorahosted.org]
Sent: Friday, 22 December 2017 5:50 AM
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Jens Timmerman <jens.timmerman(a)ugent.be>; Andrew Meyer
<andrewm659(a)yahoo.com>
Subject: [Freeipa-users] Re: api scripts
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org> > wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been
working on a python client for a bit. It will probably be made
public when I'm done.
But at the moment I'm just adding methods as I need them.
You can find what I'm allowed to share at the moment at
https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards,
Jens Timmerman
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
2:39 p.m.
New subject: api scripts
Does this script prompt you to enter the data needed or do I need to hard code it?
On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been
working on a python client for a bit. It will probably be made
public when I'm done.
But at the moment I'm just adding methods as I need them.
You can find what I'm allowed to share at the moment at
https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards,
Jens Timmerman
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
9:35 a.m.
New subject: api scripts
Jens,I'm not familiar w/ Python. How do I pass the url, user and realm to it? Do I
do something like this - './freeipaclient.py url=myurl user=username' ?
Thank you!
On Thursday, December 21, 2017 2:40 PM, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Does this script prompt you to enter the data needed or do I need to hard code it?
On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been
working on a python client for a bit. It will probably be made
public when I'm done.
But at the moment I'm just adding methods as I need them.
You can find what I'm allowed to share at the moment at
https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards,
Jens Timmerman
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
5:01 a.m.
New subject: api scripts
Hi Andrew,
On 26/12/2017 16:35, Andrew Meyer wrote:
Jens,
I'm not familiar w/ Python. How do I pass the url, user and realm to
it? Do I do something like this - './freeipaclient.py url=myurl
user=username' ?
If you're not familiar with python my code is probably not useful for
you. It's main purpose is to be a library to be integrated into other
python tools/scripts,
not to be used as a command line tool.
To perform quick commands against ipa from the command line I just use
the ipa client https://www.freeipa.org/page/Client
If you want to script things, then more information on the api is indeed
actually pretty hard to come by.
see https://www.redhat.com/archives/freeipa-users/2015-April/msg00582.html
which eventually pointed me to
https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/
The thing here that I needed to figure out to get kerberos
authentication working in python (and probably a lot of other scripting
languages) is that
you can just set KRB5_KTNAME=/path/to/keytabfile and use GSSAPI in your
script. And to get the actuall REST calls you can just run ipa -vv
<command>
Regards,
Jens Timmerman
Thank you!
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
> Does anyone have any examples or could share what they have written?
>
> I am trying to write a script and not sure what components I need.
I've been working on a python client for a bit. It will probably be made
public when I'm done.
But at the moment I'm just adding methods as I need them.
You can find what I'm allowed to share at the moment at
https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards,
Jens Timmerman
2300
days inactive
2312
days old
freeipa-users@lists.fedorahosted.org
4 comments
3 participants
participants (3)
-
Aaron Hicks -
Andrew Meyer -
Jens Timmerman