( Return to API Overview )
- createExternalGroupToRoleMap
- createExternalGroupToSystemGroupMap
- deleteExternalGroupToRoleMap
- deleteExternalGroupToSystemGroupMap
- getDefaultOrg
- getExternalGroupToRoleMap
- getExternalGroupToSystemGroupMap
- getKeepTemporaryRoles
- getUseOrgUnit
- listExternalGroupToRoleMaps
- listExternalGroupToSystemGroupMaps
- setDefaultOrg
- setExternalGroupRoles
- setExternalGroupSystemGroups
- setKeepTemporaryRoles
- setUseOrgUnit
Description
If you are using IPA integration to allow authentication of users from
an external IPA server (rare) the users will still need to be created in the Satellite
database. Methods in this namespace allow you to configure some specifics of how this
happens, like what organization they are created in or what roles they will have.
These options can also be set in the web admin interface.
Namespace:
user.external
Description:
Externally authenticated users may be members of external groups. You
can use these groups to assign additional roles to the users when they log in.
Can only be called by a satellite_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group. Must be
unique.
-
array:
- string - role - Can be any of:
satellite_admin, org_admin (implies all other roles except for satellite_admin),
channel_admin, config_admin, system_group_admin, or
activation_key_admin.
Returns:
-
struct - externalGroup
- string "name"
- array "roles"
Description:
Externally authenticated users may be members of external groups. You
can use these groups to give access to server groups to the users when they log in.
Can only be called by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group. Must be
unique.
-
array:
- string - groupName - The names of the server
groups to grant access to.
Returns:
-
struct - externalGroup
- string "name"
- array "roles"
Description:
Delete the role map for an external group. Can only be called
by a satellite_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
int - 1 on success, exception thrown otherwise.
Description:
Delete the server group map for an external group. Can only be called
by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
int - 1 on success, exception thrown otherwise.
Description:
Get the default org that users should be added in if orgunit from
IPA server isn't found or is disabled. Can only be called by a satellite_admin.
Parameters:
Returns:
-
int - Id of the default organization. 0 if there is no default.
Description:
Get a representation of the role mapping for an external group.
Can only be called by a satellite_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
struct - externalGroup
- string "name"
- array "roles"
Description:
Get a representation of the server group mapping for an external
group. Can only be called by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
struct - externalGroup
- string "name"
- array "roles"
Description:
Get whether we should keeps roles assigned to users because of
their IPA groups even after they log in through a non-IPA method. Can only be
called by a satellite_admin.
Parameters:
Returns:
-
boolean - True if we should keep roles
after users log in through non-IPA method, false otherwise.
Description:
Get whether we place users into the organization that corresponds
to the "orgunit" set on the IPA server. The orgunit name must match exactly the
Satellite organization name. Can only be called by a satellite_admin.
Parameters:
Returns:
-
boolean - True if we should use the IPA
orgunit to determine which organization to create the user in, false otherwise.
Description:
List role mappings for all known external groups. Can only be called
by a satellite_admin.
Parameters:
Returns:
-
array:
-
struct - externalGroup
- string "name"
- array "roles"
Description:
List server group mappings for all known external groups. Can only be
called by an org_admin.
Parameters:
Returns:
-
array:
-
struct - externalGroup
- string "name"
- array "roles"
Description:
Set the default org that users should be added in if orgunit from
IPA server isn't found or is disabled. Can only be called by a satellite_admin.
Parameters:
-
string sessionKey
-
int defaultOrg - Id of the organization to set
as the default org. 0 if there should not be a default organization.
Returns:
-
int - 1 on success, exception thrown otherwise.
Description:
Update the roles for an external group. Replace previously set roles
with the ones passed in here. Can only be called by a satellite_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
-
array:
- string - role - Can be any of:
satellite_admin, org_admin (implies all other roles except for satellite_admin),
channel_admin, config_admin, system_group_admin, or
activation_key_admin.
Returns:
-
int - 1 on success, exception thrown otherwise.
Description:
Update the server groups for an external group. Replace previously set
server groups with the ones passed in here. Can only be called by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
-
array:
- string - groupName - The names of the
server groups to grant access to.
Returns:
-
int - 1 on success, exception thrown otherwise.
Description:
Set whether we should keeps roles assigned to users because of
their IPA groups even after they log in through a non-IPA method. Can only be
called by a satellite_admin.
Parameters:
-
string sessionKey
-
boolean keepRoles - True if we should keep roles
after users log in through non-IPA method, false otherwise.
Returns:
-
int - 1 on success, exception thrown otherwise.
Description:
Set whether we place users into the organization that corresponds
to the "orgunit" set on the IPA server. The orgunit name must match exactly the
Satellite organization name. Can only be called by a satellite_admin.
Parameters:
-
string sessionKey
-
boolean useOrgUnit - True if we should use the IPA
orgunit to determine which organization to create the user in, false otherwise.
Returns:
-
int - 1 on success, exception thrown otherwise.