管理ETH身份和访问管理系统(IAM)的用户、组和服务
ethz-iam-webservice的Python项目详细描述
ETHZ IAM网络服务
管理ETH身份和访问管理系统(IAM)的用户、组和服务
命令行界面
安装此模块时,还会安装iam
命令。始终需要的基本参数,否则将以交互方式询问它们:
$ iam -u admin-username --password MY-SECRET-PASSWORD
也可以设置以下环境变量:
^{pr2}$Group
$ iam group <group-name> -i / --info $ iam group <group-name> -m / --members $ iam group <group-name> -d / --delete $ iam group <group-name> -a user1 --add user2 $ iam group <group-name> -r user3 --remove user4
User
$ iam user username -i $ iam user username --grant-service LDAPS, -g Mailbox $ iam user username --revoke-service LDAPS, -r Mailbox $ iam user username --set-password [-s LDAPS [-s Mailbox]] $ iam user username --service-password XYZ [-s LDAPS [-s Mailbox]]
Person
您可以提供用户名、NPID或电子邮件地址。在
$ iam person username -i
$ iam person swen@ethz.ch -i
$ iam person 123445 -i
概要
登录
import ethz_iam_webservice
import getpass
e = ethz_iam_webservice.login('admin4iam', getpass.getpass())
人员
person = e.get_person('name@example.com')
person = e.get_person('some_username')
person = e.get_person(123456) # npid (internal Person identifier)
person.usernames # an array of dicts of usernames
person.data # raw webservice response
person.firstname
person.familyname
person.email
# etc.
用户
user = person.new_user('username', 'password', 'description')
user = e.get_user('username')
user.services # an array of dicts of services
user.grant_service("LDAPS")
user.grant_service("Active Directory")
user.grant_service("WLAN_VPN")
user.revoke_service("LDAPS")
user.delete()
user.add_to_group('groupname')
user.remove_from_group('groupname')
团体和团体成员
get single group-返回一个group对象,如果找不到group,则抛出ValueError
group = e.new_group(
name = 'group-name',
description = 'something meaningful',
admingroup = 'ID SIS', # responsible admin group
targets = ['AD', 'LDAPS'], # please specify at least one target system
members = ['user1', 'user2']
)
group = e.get_group('groupname')
group = e.get_group(123456) # gidNumber
group.data # all data received from webservice
group.members # returns array of usernames or group-names
group.gidNumber
group.<attribute>
添加/删除组成员
group.add_members('some', 'new', 'members')
group.set_members('just', 'these')
group.del_members('remove', 'these', 'members')
search for groups-结果始终是组列表或空列表
groups = e.get_groups(agroup='ID SIS')
groups = e.get_groups(name='starts_with*')
groups = e.get_groups(agroup='ID SIS', name='starts_with*')
邮件列表
ml = e.get_mailinglist('ID.SIS.SSDM')
ml = e.get_mailinglist('sis@id.ethz.ch')
ml.name
ml.mail
ml.gidNumber
ml.groupType
ml.displayName
...
ml.members # returns all (direct) members of that list
ml.add_members('user1', 'user2')
ml.del_members('user3, 'user4')
另请参见FAQ
- 项目
标签: