user.external

Description

If you are using IPA integration to allow authentication of users from an external IPA server (rare) the users will still need to be created in the Uyuni database. Methods in this namespace allow you to configure some specifics of how this happens, like what organization they are created in or what roles they will have. These options can also be set in the web admin interface.

Namespace:

user.external

Method: createExternalGroupToRoleMap

Description:

Externally authenticated users may be members of external groups. You can use these groups to assign additional roles to the users when they log in. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

  • string name - Name of the external group. Must be unique.

  • array :

    • string - role - Can be any of: satellite_admin, org_admin (implies all other roles except for satellite_admin), channel_admin, config_admin, system_group_admin, or activation_key_admin.

Returns:

  • * struct - externalGroup

    • string "name"

    • array "roles"

      • string - role

Method: createExternalGroupToSystemGroupMap

Description:

Externally authenticated users may be members of external groups. You can use these groups to give access to server groups to the users when they log in. Can only be called by an org_admin.

Parameters:

  • string sessionKey

  • string name - Name of the external group. Must be unique.

  • array :

    • string - groupName - The names of the server groups to grant access to.

Returns:

  • * struct - externalGroup

    • string "name"

    • array "roles"

      • string - role

Method: deleteExternalGroupToRoleMap

Description:

Delete the role map for an external group. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

  • string name - Name of the external group.

Returns:

  • int - 1 on success, exception thrown otherwise.

Method: deleteExternalGroupToSystemGroupMap

Description:

Delete the server group map for an external group. Can only be called by an org_admin.

Parameters:

  • string sessionKey

  • string name - Name of the external group.

Returns:

  • int - 1 on success, exception thrown otherwise.

Method: getDefaultOrg

Description:

Get the default org that users should be added in if orgunit from IPA server isn’t found or is disabled. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

Returns:

  • int id - Id of the default organization. 0 if there is no default

Method: getExternalGroupToRoleMap

Description:

Get a representation of the role mapping for an external group. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

  • string name - Name of the external group.

Returns:

  • * struct - externalGroup

    • string "name"

    • array "roles"

      • string - role

Method: getExternalGroupToSystemGroupMap

Description:

Get a representation of the server group mapping for an external group. Can only be called by an org_admin.

Parameters:

  • string sessionKey

  • string name - Name of the external group.

Returns:

  • * struct - externalGroup

    • string "name"

    • array "roles"

      • string - role

Method: getKeepTemporaryRoles

Description:

Get whether we should keeps roles assigned to users because of their IPA groups even after they log in through a non-IPA method. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

Returns:

  • boolean keep - True if we should keep roles after users log in through non-IPA method, false otherwise

Method: getUseOrgUnit

Description:

Get whether we place users into the organization that corresponds to the "orgunit" set on the IPA server. The orgunit name must match exactly the Uyuni organization name. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

Returns:

  • boolean use - True if we should use the IPA orgunit to determine which organization to create the user in, false otherwise

Method: listExternalGroupToRoleMaps

Description:

List role mappings for all known external groups. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

Returns:

  • array :

  • struct - externalGroup

    • string "name"

    • array "roles"

      • string - role

Method: listExternalGroupToSystemGroupMaps

Description:

List server group mappings for all known external groups. Can only be called by an org_admin.

Parameters:

  • string sessionKey

Returns:

  • array :

  • struct - externalGroup

    • string "name"

    • array "roles"

      • string - role

Method: setDefaultOrg

Description:

Set the default org that users should be added in if orgunit from IPA server isn’t found or is disabled. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

  • int defaultOrg - Id of the organization to set as the default org. 0 if there should not be a default organization.

Returns:

  • int - 1 on success, exception thrown otherwise.

Method: setExternalGroupRoles

Description:

Update the roles for an external group. Replace previously set roles with the ones passed in here. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

  • string name - Name of the external group.

  • array :

    • string - role - Can be any of: satellite_admin, org_admin (implies all other roles except for satellite_admin), channel_admin, config_admin, system_group_admin, or activation_key_admin.

Returns:

  • int - 1 on success, exception thrown otherwise.

Method: setExternalGroupSystemGroups

Description:

Update the server groups for an external group. Replace previously set server groups with the ones passed in here. Can only be called by an org_admin.

Parameters:

  • string sessionKey

  • string name - Name of the external group.

  • array :

    • string - groupName - The names of the server groups to grant access to.

Returns:

  • int - 1 on success, exception thrown otherwise.

Method: setKeepTemporaryRoles

Description:

Set whether we should keeps roles assigned to users because of their IPA groups even after they log in through a non-IPA method. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

  • boolean keepRoles - True if we should keep roles after users log in through non-IPA method, false otherwise.

Returns:

  • int - 1 on success, exception thrown otherwise.

Method: setUseOrgUnit

Description:

Set whether we place users into the organization that corresponds to the "orgunit" set on the IPA server. The orgunit name must match exactly the Uyuni organization name. Can only be called by a Uyuni Administrator.

Parameters:

  • string sessionKey

  • boolean useOrgUnit - True if we should use the IPA orgunit to determine which organization to create the user in, false otherwise.

Returns:

  • int - 1 on success, exception thrown otherwise.