Query FreeIPA by manager

Posted on by

A recent question lead me down a rabbit hole: how can we list the people that report up to George Slate? While we should be able to query this from LDAP, it seems to be shut off. However, using FreeIPA’s HTTP API, we can, if you know what you are doing. I do…



First, get a kerberos ticket. 

kinit $USER@YOUNGLOGIC.COM

make a free IPA whoami query to confirm it works:

curl -k -H referer:https://$IPASERVER/ipa   -H "Content-Type:application/json"    -H "Accept:applicaton/json"   --negotiate -u :   --cacert /etc/ipa/ca.crt   -d  '{"method":"whoami","params":[[],{"version": "2.220"}],"id":0}'   -X POST    https://$IPASERVER/ipa/json


List all users that have gslate as a manager, using jq to filter out all but their usernames; 


curl -k -H referer:https://$IPASERVER/ipa   -H "Content-Type:application/json"    -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method": "user_find", "params": [[], { "all": true,"manager":"gslate" }  ]}'  -X POST    https://$IPASERVER/ipa/json | jq '.result | .result | .[] | .uid'

 ...
[
  "brubble"
]
[
  "fflintsone"
]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.