The code that Rich M gave me a while back has bit rotted. At some point, I need to get an updated version, but until then, I can continue to talk to the FreeIPA server using Python and the Requests library. In the future, I can get a session cookie, but for now, python3-request-gssapi will work to authenticate me, provided I have a valid TGT.
I pulled the requests-gssapi library from Koji, as it does not currently ship in any of the RHEL8 repos. Here is the one I installed.
https://koji.fedoraproject.org/koji/buildinfo?buildID=1371255
Note that this quick-and-dirty code runs on the IPA server itself. A better approach would be to read the Server name out of /etc/ipa/default.conf.
#!/bin/python3 import requests from requests_gssapi import HTTPSPNEGOAuth import socket hostname = socket.gethostname() url = "https://%s/ipa/json" % hostname referer = "https://%s/ipa" % hostname body = {"method":"user_find","params":[[""],{}],"id":0} r = requests.post(url, json = body, auth=HTTPSPNEGOAuth(), headers = { 'Content-Type': 'application/json', 'Accept': 'applicaton/json', 'referer': referer}) print(r.status_code) if r.status_code == 200: print(r.text) |