Discussion:
[Freeipa-users] different apis for adding "local" users to groups vs adding users from cft?
Marc Boorshtein
2017-03-17 19:00:48 UTC
Permalink
I've got the api integrated for all local users and am looking at if
there are any differences between that and if my ipa domain is in a
CFT with an AD domain. Right now I'm using "group_add_member", should
that work for users coming from a trusted forest as well?

Thanks

Marc Boorshtein
CTO Tremolo Security
***@tremolosecurity.com
Twitter - @mlbiam / @tremolosecurity
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Alexander Bokovoy
2017-03-18 06:27:29 UTC
Permalink
Post by Marc Boorshtein
I've got the api integrated for all local users and am looking at if
there are any differences between that and if my ipa domain is in a
CFT with an AD domain. Right now I'm using "group_add_member", should
that work for users coming from a trusted forest as well?
EPARSE, but I'll try to understand what are you trying to achieve.

If you were using
ipa group-add-member external_group --external ***@AD.DOMAIN
to add AD users as external members of a group, you continue using the
same command on API level:

api.Command.group_add_member(u'external_group', external=u'***@AD.DOMAIN'})

Same with JSON-RPC.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Marc Boorshtein
2017-03-19 13:53:38 UTC
Permalink
As of yet I haven't tried using the json rpc with a cft. freeipa is on its
own. i'll give it a try and if it doesn't work this will point me in the
right direction.

Thanks
Post by Alexander Bokovoy
Post by Marc Boorshtein
I've got the api integrated for all local users and am looking at if
there are any differences between that and if my ipa domain is in a
CFT with an AD domain. Right now I'm using "group_add_member", should
that work for users coming from a trusted forest as well?
EPARSE, but I'll try to understand what are you trying to achieve.
If you were using
to add AD users as external members of a group, you continue using the
api.Command.group_add_member(u'external_group',
Same with JSON-RPC.
--
/ Alexander Bokovoy
--
Marc Boorshtein
CTO Tremolo Security
***@tremolosecurity.com
(703) 828-4902
Twitter - @mlbiam / @tremolosecurity
Loading...