Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards, Jens Timmerman
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hi Andrew and Jens,
I’ve been using python-freeipa
https://github.com/opennode/python-freeipa
https://pypi.python.org/pypi/python-freeipa/0.1.2
So…
from python_freeipa import Client
from configuration import config, args # a thing that processes args and configparser config
client = Client(
config['freeipa']['server'],
version=config['freeipa']['version'],
verify_ssl=false
)
client.login(
config['freeipa']['user'],
config['freeipa']['password']
)
client.user_find(‘username’)
I use some basic wrapper functions around the methods though:
def ipa_user_mod(uid, **kwargs):
if config['freeipa'].getboolean('enabled') is True:
if args.dry_run is not True:
client.user_mod(uid, **kwargs)
else:
logger.info("Dry-run, last user update(s) skipped")
return True
else:
logger.info(‘freeIPA disabled')
return None
def ipa_group_mod(uid, **kwargs):
if config['freeipa'].getboolean('enabled') is True:
if args.dry_run is not True:
client.group_mod(uid, **kwargs)
else:
logger.info("Dry-run, last group update(s) skipped")
return True
else:
logger.info(‘freeIPA disabled')
return None
My group and user add functions are more complicated and contain duplicate tests etc.
From: Andrew Meyer via FreeIPA-users [mailto:freeipa-users@lists.fedorahosted.org] Sent: Friday, 22 December 2017 5:50 AM To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Jens Timmerman jens.timmerman@ugent.be; Andrew Meyer andrewm659@yahoo.com Subject: [Freeipa-users] Re: api scripts
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users <freeipa-users@lists.fedorahosted.org mailto:freeipa-users@lists.fedorahosted.org > wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards, Jens Timmerman
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org mailto:freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org mailto:freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org mailto:freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org mailto:freeipa-users-leave@lists.fedorahosted.org
Does this script prompt you to enter the data needed or do I need to hard code it?
On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards, Jens Timmerman
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Jens,I'm not familiar w/ Python. How do I pass the url, user and realm to it? Do I do something like this - './freeipaclient.py url=myurl user=username' ? Thank you!
On Thursday, December 21, 2017 2:40 PM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Does this script prompt you to enter the data needed or do I need to hard code it?
On Thursday, December 21, 2017 10:50 AM, Andrew Meyer via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Thank you
On Thursday, December 21, 2017 4:31 AM, Jens Timmerman via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards, Jens Timmerman
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Hi Andrew,
On 26/12/2017 16:35, Andrew Meyer wrote:
Jens, I'm not familiar w/ Python. How do I pass the url, user and realm to it? Do I do something like this - './freeipaclient.py url=myurl user=username' ?
If you're not familiar with python my code is probably not useful for you. It's main purpose is to be a library to be integrated into other python tools/scripts, not to be used as a command line tool.
To perform quick commands against ipa from the command line I just use the ipa client https://www.freeipa.org/page/Client
If you want to script things, then more information on the api is indeed actually pretty hard to come by.
see https://www.redhat.com/archives/freeipa-users/2015-April/msg00582.html which eventually pointed me to https://vda.li/en/posts/2015/05/28/talking-to-freeipa-api-with-sessions/
The thing here that I needed to figure out to get kerberos authentication working in python (and probably a lot of other scripting languages) is that you can just set KRB5_KTNAME=/path/to/keytabfile and use GSSAPI in your script. And to get the actuall REST calls you can just run ipa -vv <command>
Regards, Jens Timmerman
Thank you!
Hi Andrew,
On 20/12/2017 22:42, Andrew Meyer via FreeIPA-users wrote:
Does anyone have any examples or could share what they have written?
I am trying to write a script and not sure what components I need.
I've been working on a python client for a bit. It will probably be made public when I'm done. But at the moment I'm just adding methods as I need them. You can find what I'm allowed to share at the moment at https://gist.github.com/JensTimmerman/c123d5f6291e4cd542473241ce7bf4c9
feedback greatly appreciated.
Regards, Jens Timmerman
freeipa-users@lists.fedorahosted.org
-
Aaron Hicks -
Andrew Meyer -
Jens Timmerman