On 25/04/13 10:30, Martin Kosek wrote:
On 04/24/2013 10:30 PM, Chris Evich wrote:On 04/24/2013 08:32 AM, Tomas Babej wrote:On 04/24/2013 01:53 PM, Arturo Borrero wrote:Hi there.I'm wondering if it's possible to get FreeIPA with a 'public user interface'. This is: a place where a standar user can update his password and other personal data. I'm thinking in something similar to google.com/accounts Does this exists? If not, it is possible to develop this addon? We are strongly evaluating this functionality in order to actually implement FreeIPA as our identity management system. Best regardsHi, every user can log in to the Web UI using their login and Kerberos password. Having no other rights, there they can only edit their contact information, address information, reset their password, etc. See /ipa/ui/ on your FreeIPA server, that is https://ipa.example.com/ipa/ui/ <https://vm-131.idm.lab.bos.redhat.com/ipa/ui/index.html#identity=user&navigation=identity&user-pkey=random&user-facet=details> Having played with it off/on a year or so ago, IIRC it's relatively easy to get apache + SSL speaking with LDAP + Kerberos. Even ignoring the direct python IPA interface. With some server-side scripting (I did it in python) you could emulate most of what's on the google accounts-page. The hardest part I found was getting my head around the lower-level LDAP + Kerberos python interfaces. However, going from understanding common-operations of both technologies from the command-line level to working with the API's isn't a very long road. Depending on how "pretty" the web-site needs to be, the "code one yourself" approach could be feasible, given educated developer resources. Since it sounds like your requirements are fairly basic, this may be an option to consider. (No I'm not volunteering, though it sounds fun :) Otherwise, I've also used the built-in web interface. It may be a bit cluttered for someone who _just_ needs to change a password or other very simplistic task (compared to google accounts-page). However if your users are somewhat technically-mided, they shouldn't have any trouble with the built-in self-service UI. It also offers a HUGE benefit to greatly extend self-service to the n-th degree, when it's multi-level rights-management features are used.Hello Chris, Thanks for info! Do you have any specific suggestions which would help you make the user self-service page more acceptable for regular users? Having users building their own selfservice pages instead of using the vanilla selfservice page does not seems like something we would like to have. We are already considering simplifying the self-service page, so any suggestions and ideas for improving it are welcome.
Hi all, thanks all for your quick and deep response. FreeIPA is an amazing tool :-) Best regards. -- Arturo Borrero González Departamento de Seguridad Informática (n...@cica.es) Centro Informático Científico de Andalucía (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / FAX: +34 955 056 650 Consejería de Economía, Innovación, Ciencia y Empleo Junta de Andalucía
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
