Lead Image © P.Gudella, 123RF.com
A REST interface for FreeIPA
Plugged In
If you have ever submitted a request to the FreeIPA framework, you will be aware that most actions are only successful if preceded by successful authentication. This can be done either with Kerberos or a password. Initially it makes no difference whether authentication is via the web interface or the ipa command-line tool. The JavaScript-based web application runs within the calling browser, and all instructions for the framework ultimately take place within the scope of a secure HTTPS connection using JSON-RPC. The ipa tool uses the framework's Python API to abstract access. If you want to use this API, you need to install the free-ipa-python
(ipa-python
) package to import the ipalib module into your scripts.
Querying the framework directly via the JSON-RPC API is especially useful for access from a system that is not part of the FreeIPA domain. This is the case, for example, if another web tool is to be used to read or manipulate data from the server. A query always comprises the desired method followed by an array of arguments and options. The method names of the JSON-RPC API are identical to those of the Python API. For example, a FreeIPA User
plugin provides classes for user management. The individual class names are identical to the arguments that need to be passed in to the ipa tool. For example, the statement for creating a new user is
ipa user-add
The corresponding class in the Python API is therefore user_add. And this is also the name of the method to be used for accessing the JSON-RPC interface.
An API browser
that describes each of these methods has existed within the graphical web interface since FreeIPA version 4.2 (Figure 1). Otherwise, it is also possible to invoke the ipa tool in verbose mode (-vv option). The output shows the
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Migration from LDAP to FreeIPA
The change from centralized user authentication on a vanilla LDAP server to the FreeIPA identity management solution is easier than many admins think. Given attention to a few points, the migration takes very little time and effort. -
Integrating FreeIPA with Active Directory
Many companies use Active Directory for centrally managing existing systems, but if you mix in Linux systems, you have to take care of a few things, such as different forms of integration. We show you how to connect the FreeIPA identity management framework as an interface to an Active Directory domain. -
ID Views smooth migration to a new identity management system
POSIX attributes are permanently connected to a user account, and they help identify the user; however, this permanent connection can lead to difficulties when migrating from one identity management system to another. ID Views help you make migration go smoothly. -
Certificate management with FreeIPA and Dogtag
The Dogtag certificate manager integrated into the FreeIPA open source toolset generates SSL/TLS certificates for intranet services and publishes them on the network. -
Password management with FreeIPA
Passwords should be safe, but easy to remember – a contradiction that can be difficult to resolve. One remedy is a password manager that stores all passwords centrally. The open source tip this month shows a different approach: FreeIPA.