Ronald Wimmer wrote:
On 20.03.23 13:44, Rob Crittenden wrote:
Ronald Wimmer via FreeIPA-users wrote:
We have several scenarios where we cannot establish an AD Trust. In these cases we are forced to create/modify/delete IPA users triggered from an IAM system. Is the IPA API the one and only way to go or would it also work if we used IPA's LDAP directly?
Using the stageuser and user API is recommended. It's certainly possible to do it directly in LDAP but we don't encourage it. It requires knowledge of how the entry is structured, what gets added automatically, etc. We also can't guarantee that there won't be changes to the objectclasses, etc. that would break any direct LDAP comms.
Apart from the obvious, what will be created when upon user creation? Is there something we would most likly not think of?
In the IPA WebGUI it looks like that a user's UID and GID could be chosen freely? That would be perfect I we want to match a user's UID with another system...
This is why we recommend stageusers so you don't have to worry about such things. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
rob
freeipa-users@lists.fedorahosted.org