On Fri, 28 Feb 2014, Petr Viktorin wrote:
On 02/28/2014 04:02 PM, Nathaniel McCallum wrote:
On Fri, 2014-02-28 at 16:43 +0200, Alexander Bokovoy wrote:
[...]
Why then to do it as a IPA CLI command at all?
This is an administrative task which can be done with a separate
ipa-otp-import command, designated to run on IPA masters.
Agreed.
1. Is there a framework for this? Or should it just be an independent
script?
There is: ipapython.admintool. Look at ipa-server-certinstall for a
simple-ish example, ask if you have any questions.
Right, forgot about that one.
2. How can I use the ipalib API? Specifically, I'd like to call
otptoken-add and pass the --key parameter with a value (not possible
from the command line).
Finalize the API (see ipaserver.install.ServerCertInstall.run), and
then call api.Command['otptoken-add'](key=...)
Or you might think about moving the otptoken-add functionality into a
function that you can call directly.
I'd still prefer to do token addition through the common interface, i.e.
not directly talking to ldap but rather using the CLI commands, maybe
batched.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
