Skip to main content
Ctrl+K

FreeIPA 4.11-dev documentation

Contents:

  • FreeIPA design documentation
    • One-way trust with shared secret
    • Support domain controller for Samba file server as domain member on IPA client
    • Support Samba file server as a domain member on IPA client
    • Manage FreeIPA as a user from a trusted Active Directory domain
    • Include users and groups from a trusted Active Directory domain into SUDO rules
    • ID Range: new option for private groups
    • Integrate SID configuration into base IPA installers
    • Hardware Security Module (HSM) Support
    • Policies by authentication indicators
    • Extdom plugin protocol
    • Expired Certificate Pruning
    • Expiring Password Notifications
    • LDAP Grace Period
    • LDAP PAM Passthrough support
    • Password quality using libpwquality
    • Member Manager for group membership
    • IPA Migration
    • Hidden replicas
    • Disable Stale Users
    • LDAPI autobind authentication for services
    • Central management of subordinate user and group ids
    • FreeIPA and an external identity provider integration
    • IPA and an external identity provider integration - idp objects
    • Random Serial Numbers v3 (RSNv3)
    • IPA client enrollment with PKINIT
    • FreeIPA Pull Request CI (PR-CI) checker tool
    • Constrained delegation for Kerberos services
  • FreeIPA workshop
    • Introduction
    • Unit 1: Installing the FreeIPA server
    • Unit 2: Enrolling client machines
    • Unit 3: User management and Kerberos authentication
    • Unit 4: Host-based access control (HBAC)
    • Unit 5: Web application authentication and authorisation
    • Unit 6: Service certificates
    • Unit 7: Replica installation
    • Unit 8: Sudo rule management
    • Unit 9: SELinux User Maps
    • Unit 10: SSH user and host key management
    • Unit 11: Kerberos ticket policy
    • Unit 12: Authentication against external Identity Providers
    • Troubleshooting
    • Building Vagrant box images
    • Notes for workshop facilitators
  • IPA API Reference
    • IPA API Guides
      • API basic usage guide
      • JSON-RPC API usage
      • Differences between API and CLI usage
      • User Management Examples
      • Group management examples
      • Access control examples
      • Host-based Access Control (HBAC) Examples
      • Sudo rules management examples
    • IPA API Commands
      • aci_add
      • aci_del
      • aci_find
      • aci_mod
      • aci_rename
      • aci_show
      • adtrust_is_enabled
      • automember_add
      • automember_add_condition
      • automember_default_group_remove
      • automember_default_group_set
      • automember_default_group_show
      • automember_del
      • automember_find
      • automember_find_orphans
      • automember_mod
      • automember_rebuild
      • automember_remove_condition
      • automember_show
      • automountkey_add
      • automountkey_del
      • automountkey_find
      • automountkey_mod
      • automountkey_show
      • automountlocation_add
      • automountlocation_del
      • automountlocation_find
      • automountlocation_show
      • automountlocation_tofiles
      • automountmap_add
      • automountmap_add_indirect
      • automountmap_del
      • automountmap_find
      • automountmap_mod
      • automountmap_show
      • batch
      • ca_add
      • ca_del
      • ca_disable
      • ca_enable
      • ca_find
      • ca_is_enabled
      • ca_mod
      • ca_show
      • caacl_add
      • caacl_add_ca
      • caacl_add_host
      • caacl_add_profile
      • caacl_add_service
      • caacl_add_user
      • caacl_del
      • caacl_disable
      • caacl_enable
      • caacl_find
      • caacl_mod
      • caacl_remove_ca
      • caacl_remove_host
      • caacl_remove_profile
      • caacl_remove_service
      • caacl_remove_user
      • caacl_show
      • cert_find
      • cert_remove_hold
      • cert_request
      • cert_revoke
      • cert_show
      • cert_status
      • certmap_match
      • certmapconfig_mod
      • certmapconfig_show
      • certmaprule_add
      • certmaprule_del
      • certmaprule_disable
      • certmaprule_enable
      • certmaprule_find
      • certmaprule_mod
      • certmaprule_show
      • certprofile_del
      • certprofile_find
      • certprofile_import
      • certprofile_mod
      • certprofile_show
      • class_find
      • class_show
      • command_defaults
      • command_find
      • command_show
      • compat_is_enabled
      • config_mod
      • config_show
      • cosentry_add
      • cosentry_del
      • cosentry_find
      • cosentry_mod
      • cosentry_show
      • delegation_add
      • delegation_del
      • delegation_find
      • delegation_mod
      • delegation_show
      • dns_is_enabled
      • dns_resolve
      • dns_update_system_records
      • dnsconfig_mod
      • dnsconfig_show
      • dnsforwardzone_add
      • dnsforwardzone_add_permission
      • dnsforwardzone_del
      • dnsforwardzone_disable
      • dnsforwardzone_enable
      • dnsforwardzone_find
      • dnsforwardzone_mod
      • dnsforwardzone_remove_permission
      • dnsforwardzone_show
      • dnsrecord_add
      • dnsrecord_del
      • dnsrecord_delentry
      • dnsrecord_find
      • dnsrecord_mod
      • dnsrecord_show
      • dnsrecord_split_parts
      • dnsserver_add
      • dnsserver_del
      • dnsserver_find
      • dnsserver_mod
      • dnsserver_show
      • dnszone_add
      • dnszone_add_permission
      • dnszone_del
      • dnszone_disable
      • dnszone_enable
      • dnszone_find
      • dnszone_mod
      • dnszone_remove_permission
      • dnszone_show
      • domainlevel_get
      • domainlevel_set
      • env
      • group_add
      • group_add_member
      • group_add_member_manager
      • group_del
      • group_detach
      • group_find
      • group_mod
      • group_remove_member
      • group_remove_member_manager
      • group_show
      • hbacrule_add
      • hbacrule_add_host
      • hbacrule_add_service
      • hbacrule_add_sourcehost
      • hbacrule_add_user
      • hbacrule_del
      • hbacrule_disable
      • hbacrule_enable
      • hbacrule_find
      • hbacrule_mod
      • hbacrule_remove_host
      • hbacrule_remove_service
      • hbacrule_remove_sourcehost
      • hbacrule_remove_user
      • hbacrule_show
      • hbacsvc_add
      • hbacsvc_del
      • hbacsvc_find
      • hbacsvc_mod
      • hbacsvc_show
      • hbacsvcgroup_add
      • hbacsvcgroup_add_member
      • hbacsvcgroup_del
      • hbacsvcgroup_find
      • hbacsvcgroup_mod
      • hbacsvcgroup_remove_member
      • hbacsvcgroup_show
      • hbactest
      • host_add
      • host_add_cert
      • host_add_delegation
      • host_add_managedby
      • host_add_principal
      • host_allow_add_delegation
      • host_allow_create_keytab
      • host_allow_retrieve_keytab
      • host_del
      • host_disable
      • host_disallow_add_delegation
      • host_disallow_create_keytab
      • host_disallow_retrieve_keytab
      • host_find
      • host_mod
      • host_remove_cert
      • host_remove_delegation
      • host_remove_managedby
      • host_remove_principal
      • host_show
      • hostgroup_add
      • hostgroup_add_member
      • hostgroup_add_member_manager
      • hostgroup_del
      • hostgroup_find
      • hostgroup_mod
      • hostgroup_remove_member
      • hostgroup_remove_member_manager
      • hostgroup_show
      • i18n_messages
      • idoverridegroup_add
      • idoverridegroup_del
      • idoverridegroup_find
      • idoverridegroup_mod
      • idoverridegroup_show
      • idoverrideuser_add
      • idoverrideuser_add_cert
      • idoverrideuser_del
      • idoverrideuser_find
      • idoverrideuser_mod
      • idoverrideuser_remove_cert
      • idoverrideuser_show
      • idp_add
      • idp_del
      • idp_find
      • idp_mod
      • idp_show
      • idrange_add
      • idrange_del
      • idrange_find
      • idrange_mod
      • idrange_show
      • idview_add
      • idview_apply
      • idview_del
      • idview_find
      • idview_mod
      • idview_show
      • idview_unapply
      • join
      • json_metadata
      • kra_is_enabled
      • krbtpolicy_mod
      • krbtpolicy_reset
      • krbtpolicy_show
      • location_add
      • location_del
      • location_find
      • location_mod
      • location_show
      • migrate_ds
      • netgroup_add
      • netgroup_add_member
      • netgroup_del
      • netgroup_find
      • netgroup_mod
      • netgroup_remove_member
      • netgroup_show
      • otpconfig_mod
      • otpconfig_show
      • otptoken_add
      • otptoken_add_managedby
      • otptoken_del
      • otptoken_find
      • otptoken_mod
      • otptoken_remove_managedby
      • otptoken_show
      • output_find
      • output_show
      • param_find
      • param_show
      • passwd
      • permission_add
      • permission_add_member
      • permission_add_noaci
      • permission_del
      • permission_find
      • permission_mod
      • permission_remove_member
      • permission_show
      • ping
      • pkinit_status
      • plugins
      • privilege_add
      • privilege_add_member
      • privilege_add_permission
      • privilege_del
      • privilege_find
      • privilege_mod
      • privilege_remove_member
      • privilege_remove_permission
      • privilege_show
      • pwpolicy_add
      • pwpolicy_del
      • pwpolicy_find
      • pwpolicy_mod
      • pwpolicy_show
      • radiusproxy_add
      • radiusproxy_del
      • radiusproxy_find
      • radiusproxy_mod
      • radiusproxy_show
      • realmdomains_mod
      • realmdomains_show
      • role_add
      • role_add_member
      • role_add_privilege
      • role_del
      • role_find
      • role_mod
      • role_remove_member
      • role_remove_privilege
      • role_show
      • schema
      • selfservice_add
      • selfservice_del
      • selfservice_find
      • selfservice_mod
      • selfservice_show
      • selinuxusermap_add
      • selinuxusermap_add_host
      • selinuxusermap_add_user
      • selinuxusermap_del
      • selinuxusermap_disable
      • selinuxusermap_enable
      • selinuxusermap_find
      • selinuxusermap_mod
      • selinuxusermap_remove_host
      • selinuxusermap_remove_user
      • selinuxusermap_show
      • server_conncheck
      • server_del
      • server_find
      • server_mod
      • server_role_find
      • server_role_show
      • server_show
      • server_state
      • service_add
      • service_add_cert
      • service_add_delegation
      • service_add_host
      • service_add_principal
      • service_add_smb
      • service_allow_add_delegation
      • service_allow_create_keytab
      • service_allow_retrieve_keytab
      • service_del
      • service_disable
      • service_disallow_add_delegation
      • service_disallow_create_keytab
      • service_disallow_retrieve_keytab
      • service_find
      • service_mod
      • service_remove_cert
      • service_remove_delegation
      • service_remove_host
      • service_remove_principal
      • service_show
      • servicedelegationrule_add
      • servicedelegationrule_add_member
      • servicedelegationrule_add_target
      • servicedelegationrule_del
      • servicedelegationrule_find
      • servicedelegationrule_remove_member
      • servicedelegationrule_remove_target
      • servicedelegationrule_show
      • servicedelegationtarget_add
      • servicedelegationtarget_add_member
      • servicedelegationtarget_del
      • servicedelegationtarget_find
      • servicedelegationtarget_remove_member
      • servicedelegationtarget_show
      • session_logout
      • sidgen_was_run
      • stageuser_activate
      • stageuser_add
      • stageuser_add_cert
      • stageuser_add_certmapdata
      • stageuser_add_manager
      • stageuser_add_principal
      • stageuser_del
      • stageuser_find
      • stageuser_mod
      • stageuser_remove_cert
      • stageuser_remove_certmapdata
      • stageuser_remove_manager
      • stageuser_remove_principal
      • stageuser_show
      • subid_add
      • subid_del
      • subid_find
      • subid_generate
      • subid_match
      • subid_mod
      • subid_show
      • subid_stats
      • sudocmd_add
      • sudocmd_del
      • sudocmd_find
      • sudocmd_mod
      • sudocmd_show
      • sudocmdgroup_add
      • sudocmdgroup_add_member
      • sudocmdgroup_del
      • sudocmdgroup_find
      • sudocmdgroup_mod
      • sudocmdgroup_remove_member
      • sudocmdgroup_show
      • sudorule_add
      • sudorule_add_allow_command
      • sudorule_add_deny_command
      • sudorule_add_host
      • sudorule_add_option
      • sudorule_add_runasgroup
      • sudorule_add_runasuser
      • sudorule_add_user
      • sudorule_del
      • sudorule_disable
      • sudorule_enable
      • sudorule_find
      • sudorule_mod
      • sudorule_remove_allow_command
      • sudorule_remove_deny_command
      • sudorule_remove_host
      • sudorule_remove_option
      • sudorule_remove_runasgroup
      • sudorule_remove_runasuser
      • sudorule_remove_user
      • sudorule_show
      • topic_find
      • topic_show
      • topologysegment_add
      • topologysegment_del
      • topologysegment_find
      • topologysegment_mod
      • topologysegment_reinitialize
      • topologysegment_show
      • topologysuffix_add
      • topologysuffix_del
      • topologysuffix_find
      • topologysuffix_mod
      • topologysuffix_show
      • topologysuffix_verify
      • trust_add
      • trust_del
      • trust_enable_agent
      • trust_fetch_domains
      • trust_find
      • trust_mod
      • trust_resolve
      • trust_show
      • trustconfig_mod
      • trustconfig_show
      • trustdomain_add
      • trustdomain_del
      • trustdomain_disable
      • trustdomain_enable
      • trustdomain_find
      • trustdomain_mod
      • user_add
      • user_add_cert
      • user_add_certmapdata
      • user_add_manager
      • user_add_principal
      • user_del
      • user_disable
      • user_enable
      • user_find
      • user_mod
      • user_remove_cert
      • user_remove_certmapdata
      • user_remove_manager
      • user_remove_principal
      • user_show
      • user_stage
      • user_status
      • user_undel
      • user_unlock
      • vault_add_internal
      • vault_add_member
      • vault_add_owner
      • vault_archive_internal
      • vault_del
      • vault_find
      • vault_mod_internal
      • vault_remove_member
      • vault_remove_owner
      • vault_retrieve_internal
      • vault_show
      • vaultconfig_show
      • vaultcontainer_add_owner
      • vaultcontainer_del
      • vaultcontainer_remove_owner
      • vaultcontainer_show
      • whoami
    • IPA API Parameter types
      • A6Record
      • AAAARecord
      • AFSDBRecord
      • APLRecord
      • ARecord
      • AccessTime
      • Any
      • BinaryFile
      • Bool
      • Bytes
      • BytesEnum
      • CERTRecord
      • CNAMERecord
      • Certificate
      • CertificateSigningRequest
      • DHCIDRecord
      • DLVRecord
      • DNAMERecord
      • DNOrURL
      • DNParam
      • DNSNameParam
      • DNSRecord
      • DSRecord
      • Data
      • DateTime
      • Decimal
      • Dict
      • Enum
      • File
      • Flag
      • ForwardRecord
      • HINFORecord
      • HIPRecord
      • HostPassword
      • IA5Str
      • IPSECKEYRecord
      • Int
      • IntEnum
      • KEYRecord
      • KXRecord
      • LOCRecord
      • MDRecord
      • MINFORecord
      • MXRecord
      • NAPTRRecord
      • NSECRecord
      • NSRecord
      • NXTRecord
      • Number
      • OTPTokenKey
      • PTRRecord
      • Password
      • Principal
      • RPRecord
      • RRSIGRecord
      • SIGRecord
      • SPFRecord
      • SRVRecord
      • SSHFPRecord
      • SerialNumber
      • Str
      • StrEnum
      • TLSARecord
      • TXTRecord
      • URIRecord
      • UnsupportedDNSRecord
  • .rst

IPA API Reference

IPA API Reference#

  • IPA API Guides
  • IPA API Commands
  • IPA API Parameter types

previous

Notes for workshop facilitators

next

IPA API Guides

By FreeIPA Contributors

© Copyright 2022, FreeIPA Contributors.