Skip to main content
Ctrl
+
K
FreeIPA 4.11-dev documentation
Contents:
FreeIPA design documentation
One-way trust with shared secret
Support domain controller for Samba file server as domain member on IPA client
Support Samba file server as a domain member on IPA client
Manage FreeIPA as a user from a trusted Active Directory domain
Include users and groups from a trusted Active Directory domain into SUDO rules
ID Range: new option for private groups
Integrate SID configuration into base IPA installers
Hardware Security Module (HSM) Support
Policies by authentication indicators
Extdom plugin protocol
Expired Certificate Pruning
Expiring Password Notifications
LDAP Grace Period
LDAP PAM Passthrough support
Password quality using libpwquality
Member Manager for group membership
IPA Migration
Hidden replicas
Disable Stale Users
LDAPI autobind authentication for services
Central management of subordinate user and group ids
FreeIPA and an external identity provider integration
IPA and an external identity provider integration - idp objects
Random Serial Numbers v3 (RSNv3)
IPA client enrollment with PKINIT
FreeIPA Pull Request CI (PR-CI) checker tool
Constrained delegation for Kerberos services
FreeIPA workshop
Introduction
Unit 1: Installing the FreeIPA server
Unit 2: Enrolling client machines
Unit 3: User management and Kerberos authentication
Unit 4: Host-based access control (HBAC)
Unit 5: Web application authentication and authorisation
Unit 6: Service certificates
Unit 7: Replica installation
Unit 8: Sudo rule management
Unit 9: SELinux User Maps
Unit 10: SSH user and host key management
Unit 11: Kerberos ticket policy
Unit 12: Authentication against external Identity Providers
Troubleshooting
Building Vagrant box images
Notes for workshop facilitators
IPA API Reference
IPA API Guides
API basic usage guide
JSON-RPC API usage
Differences between API and CLI usage
User Management Examples
Group management examples
Access control examples
Host-based Access Control (HBAC) Examples
Sudo rules management examples
IPA API Commands
aci_add
aci_del
aci_find
aci_mod
aci_rename
aci_show
adtrust_is_enabled
automember_add
automember_add_condition
automember_default_group_remove
automember_default_group_set
automember_default_group_show
automember_del
automember_find
automember_find_orphans
automember_mod
automember_rebuild
automember_remove_condition
automember_show
automountkey_add
automountkey_del
automountkey_find
automountkey_mod
automountkey_show
automountlocation_add
automountlocation_del
automountlocation_find
automountlocation_show
automountlocation_tofiles
automountmap_add
automountmap_add_indirect
automountmap_del
automountmap_find
automountmap_mod
automountmap_show
batch
ca_add
ca_del
ca_disable
ca_enable
ca_find
ca_is_enabled
ca_mod
ca_show
caacl_add
caacl_add_ca
caacl_add_host
caacl_add_profile
caacl_add_service
caacl_add_user
caacl_del
caacl_disable
caacl_enable
caacl_find
caacl_mod
caacl_remove_ca
caacl_remove_host
caacl_remove_profile
caacl_remove_service
caacl_remove_user
caacl_show
cert_find
cert_remove_hold
cert_request
cert_revoke
cert_show
cert_status
certmap_match
certmapconfig_mod
certmapconfig_show
certmaprule_add
certmaprule_del
certmaprule_disable
certmaprule_enable
certmaprule_find
certmaprule_mod
certmaprule_show
certprofile_del
certprofile_find
certprofile_import
certprofile_mod
certprofile_show
class_find
class_show
command_defaults
command_find
command_show
compat_is_enabled
config_mod
config_show
cosentry_add
cosentry_del
cosentry_find
cosentry_mod
cosentry_show
delegation_add
delegation_del
delegation_find
delegation_mod
delegation_show
dns_is_enabled
dns_resolve
dns_update_system_records
dnsconfig_mod
dnsconfig_show
dnsforwardzone_add
dnsforwardzone_add_permission
dnsforwardzone_del
dnsforwardzone_disable
dnsforwardzone_enable
dnsforwardzone_find
dnsforwardzone_mod
dnsforwardzone_remove_permission
dnsforwardzone_show
dnsrecord_add
dnsrecord_del
dnsrecord_delentry
dnsrecord_find
dnsrecord_mod
dnsrecord_show
dnsrecord_split_parts
dnsserver_add
dnsserver_del
dnsserver_find
dnsserver_mod
dnsserver_show
dnszone_add
dnszone_add_permission
dnszone_del
dnszone_disable
dnszone_enable
dnszone_find
dnszone_mod
dnszone_remove_permission
dnszone_show
domainlevel_get
domainlevel_set
env
group_add
group_add_member
group_add_member_manager
group_del
group_detach
group_find
group_mod
group_remove_member
group_remove_member_manager
group_show
hbacrule_add
hbacrule_add_host
hbacrule_add_service
hbacrule_add_sourcehost
hbacrule_add_user
hbacrule_del
hbacrule_disable
hbacrule_enable
hbacrule_find
hbacrule_mod
hbacrule_remove_host
hbacrule_remove_service
hbacrule_remove_sourcehost
hbacrule_remove_user
hbacrule_show
hbacsvc_add
hbacsvc_del
hbacsvc_find
hbacsvc_mod
hbacsvc_show
hbacsvcgroup_add
hbacsvcgroup_add_member
hbacsvcgroup_del
hbacsvcgroup_find
hbacsvcgroup_mod
hbacsvcgroup_remove_member
hbacsvcgroup_show
hbactest
host_add
host_add_cert
host_add_delegation
host_add_managedby
host_add_principal
host_allow_add_delegation
host_allow_create_keytab
host_allow_retrieve_keytab
host_del
host_disable
host_disallow_add_delegation
host_disallow_create_keytab
host_disallow_retrieve_keytab
host_find
host_mod
host_remove_cert
host_remove_delegation
host_remove_managedby
host_remove_principal
host_show
hostgroup_add
hostgroup_add_member
hostgroup_add_member_manager
hostgroup_del
hostgroup_find
hostgroup_mod
hostgroup_remove_member
hostgroup_remove_member_manager
hostgroup_show
i18n_messages
idoverridegroup_add
idoverridegroup_del
idoverridegroup_find
idoverridegroup_mod
idoverridegroup_show
idoverrideuser_add
idoverrideuser_add_cert
idoverrideuser_del
idoverrideuser_find
idoverrideuser_mod
idoverrideuser_remove_cert
idoverrideuser_show
idp_add
idp_del
idp_find
idp_mod
idp_show
idrange_add
idrange_del
idrange_find
idrange_mod
idrange_show
idview_add
idview_apply
idview_del
idview_find
idview_mod
idview_show
idview_unapply
join
json_metadata
kra_is_enabled
krbtpolicy_mod
krbtpolicy_reset
krbtpolicy_show
location_add
location_del
location_find
location_mod
location_show
migrate_ds
netgroup_add
netgroup_add_member
netgroup_del
netgroup_find
netgroup_mod
netgroup_remove_member
netgroup_show
otpconfig_mod
otpconfig_show
otptoken_add
otptoken_add_managedby
otptoken_del
otptoken_find
otptoken_mod
otptoken_remove_managedby
otptoken_show
output_find
output_show
param_find
param_show
passwd
permission_add
permission_add_member
permission_add_noaci
permission_del
permission_find
permission_mod
permission_remove_member
permission_show
ping
pkinit_status
plugins
privilege_add
privilege_add_member
privilege_add_permission
privilege_del
privilege_find
privilege_mod
privilege_remove_member
privilege_remove_permission
privilege_show
pwpolicy_add
pwpolicy_del
pwpolicy_find
pwpolicy_mod
pwpolicy_show
radiusproxy_add
radiusproxy_del
radiusproxy_find
radiusproxy_mod
radiusproxy_show
realmdomains_mod
realmdomains_show
role_add
role_add_member
role_add_privilege
role_del
role_find
role_mod
role_remove_member
role_remove_privilege
role_show
schema
selfservice_add
selfservice_del
selfservice_find
selfservice_mod
selfservice_show
selinuxusermap_add
selinuxusermap_add_host
selinuxusermap_add_user
selinuxusermap_del
selinuxusermap_disable
selinuxusermap_enable
selinuxusermap_find
selinuxusermap_mod
selinuxusermap_remove_host
selinuxusermap_remove_user
selinuxusermap_show
server_conncheck
server_del
server_find
server_mod
server_role_find
server_role_show
server_show
server_state
service_add
service_add_cert
service_add_delegation
service_add_host
service_add_principal
service_add_smb
service_allow_add_delegation
service_allow_create_keytab
service_allow_retrieve_keytab
service_del
service_disable
service_disallow_add_delegation
service_disallow_create_keytab
service_disallow_retrieve_keytab
service_find
service_mod
service_remove_cert
service_remove_delegation
service_remove_host
service_remove_principal
service_show
servicedelegationrule_add
servicedelegationrule_add_member
servicedelegationrule_add_target
servicedelegationrule_del
servicedelegationrule_find
servicedelegationrule_remove_member
servicedelegationrule_remove_target
servicedelegationrule_show
servicedelegationtarget_add
servicedelegationtarget_add_member
servicedelegationtarget_del
servicedelegationtarget_find
servicedelegationtarget_remove_member
servicedelegationtarget_show
session_logout
sidgen_was_run
stageuser_activate
stageuser_add
stageuser_add_cert
stageuser_add_certmapdata
stageuser_add_manager
stageuser_add_principal
stageuser_del
stageuser_find
stageuser_mod
stageuser_remove_cert
stageuser_remove_certmapdata
stageuser_remove_manager
stageuser_remove_principal
stageuser_show
subid_add
subid_del
subid_find
subid_generate
subid_match
subid_mod
subid_show
subid_stats
sudocmd_add
sudocmd_del
sudocmd_find
sudocmd_mod
sudocmd_show
sudocmdgroup_add
sudocmdgroup_add_member
sudocmdgroup_del
sudocmdgroup_find
sudocmdgroup_mod
sudocmdgroup_remove_member
sudocmdgroup_show
sudorule_add
sudorule_add_allow_command
sudorule_add_deny_command
sudorule_add_host
sudorule_add_option
sudorule_add_runasgroup
sudorule_add_runasuser
sudorule_add_user
sudorule_del
sudorule_disable
sudorule_enable
sudorule_find
sudorule_mod
sudorule_remove_allow_command
sudorule_remove_deny_command
sudorule_remove_host
sudorule_remove_option
sudorule_remove_runasgroup
sudorule_remove_runasuser
sudorule_remove_user
sudorule_show
topic_find
topic_show
topologysegment_add
topologysegment_del
topologysegment_find
topologysegment_mod
topologysegment_reinitialize
topologysegment_show
topologysuffix_add
topologysuffix_del
topologysuffix_find
topologysuffix_mod
topologysuffix_show
topologysuffix_verify
trust_add
trust_del
trust_enable_agent
trust_fetch_domains
trust_find
trust_mod
trust_resolve
trust_show
trustconfig_mod
trustconfig_show
trustdomain_add
trustdomain_del
trustdomain_disable
trustdomain_enable
trustdomain_find
trustdomain_mod
user_add
user_add_cert
user_add_certmapdata
user_add_manager
user_add_principal
user_del
user_disable
user_enable
user_find
user_mod
user_remove_cert
user_remove_certmapdata
user_remove_manager
user_remove_principal
user_show
user_stage
user_status
user_undel
user_unlock
vault_add_internal
vault_add_member
vault_add_owner
vault_archive_internal
vault_del
vault_find
vault_mod_internal
vault_remove_member
vault_remove_owner
vault_retrieve_internal
vault_show
vaultconfig_show
vaultcontainer_add_owner
vaultcontainer_del
vaultcontainer_remove_owner
vaultcontainer_show
whoami
IPA API Parameter types
A6Record
AAAARecord
AFSDBRecord
APLRecord
ARecord
AccessTime
Any
BinaryFile
Bool
Bytes
BytesEnum
CERTRecord
CNAMERecord
Certificate
CertificateSigningRequest
DHCIDRecord
DLVRecord
DNAMERecord
DNOrURL
DNParam
DNSNameParam
DNSRecord
DSRecord
Data
DateTime
Decimal
Dict
Enum
File
Flag
ForwardRecord
HINFORecord
HIPRecord
HostPassword
IA5Str
IPSECKEYRecord
Int
IntEnum
KEYRecord
KXRecord
LOCRecord
MDRecord
MINFORecord
MXRecord
NAPTRRecord
NSECRecord
NSRecord
NXTRecord
Number
OTPTokenKey
PTRRecord
Password
Principal
RPRecord
RRSIGRecord
SIGRecord
SPFRecord
SRVRecord
SSHFPRecord
SerialNumber
Str
StrEnum
TLSARecord
TXTRecord
URIRecord
UnsupportedDNSRecord
.rst
.pdf
IPA API Reference
IPA API Reference
#
IPA API Guides
IPA API Commands
IPA API Parameter types