Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-02-17

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
06:09 rghose joined #openam
07:42 jf3t joined #openam
08:35 fatbloke joined #openam
09:17 m0sf3t joined #openam
09:49 aldaris joined #openam
11:42 fatbloke joined #openam
11:48 aldaris joined #openam
12:23 MegaMatt joined #openam
13:28 kala hello. both https://openam.example.com:8443/openam/json/users/demo and https://openam.example.com:8443/openam/identity/read API calls assume that it is an amAdmin, who is reading other users' profiles. Is there a way to define another user, which has this privile, but which is not amAdmin level user?
13:30 kala or is it preferred to create a read-only OpenDJ user and then provide LDAP or JSON interface directly to the OpenDJ server?
13:34 asyd ?!
13:35 asyd I'm not sure to understand why you talks about "amadmin" ?
13:35 asyd you talk about 'directory manager' i guess
13:35 kala no
13:35 kala amAdmin. the builtin administrator account to configure the OpenAM?
13:36 asyd why you tahink amadmin is involved with REST APIs ?
13:36 kala http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index.html#rest-api-crud-identity ... "Managing agent profiles, groups, realms, and users with these APIs of course require authorization. The examples shown in this section were performed with the token ID gained after authenticating as OpenAM administrator."
13:38 asyd identity/read and jsons/user/demo re reading
13:38 asyd of course you need an admin user to create stuff
13:39 kala yep. I want to give access to another system for reading user attributes
13:39 kala I don't want to give them amAdmin access
13:48 kala nevermind, jjpp gave another solution ;)
13:50 aldaris you shouldn't really use AM for identity management
13:51 jjpp there is so little missing from being able to do it that it more than tempting, obviously. :)
13:51 aldaris again, the new IdentityResource handles things a bit more worse when it comes to password update
13:52 aldaris the old REST API can be used with privileged users
13:52 jjpp you should probably offer something simple to go with openam for those who haven't anything better
13:52 jjpp (but yes, that mans that you should have some developers for that and there is never enough of them anyway)
13:53 aldaris and they usually just work on new features, or work on things that are horribly bad at the moment
14:02 kala well. yes. They say in the manual that "OpenAM is not primarily an identity data store, nor is it provisioning software. For storing identity data, consider OpenDJ. For provisioning, consider OpenIDM. Both of these products provide REST APIs as well."
14:02 kala but providing direct access to LDAP server as the identity store is also not the best practice, I would argue?
14:03 kala or perhaps it is tempting to think of OpenAM as the universal platform for our needs and I don't see other options
14:05 asyd aldaris: the new REST API need a privileged user even to obtain a token or read user attribute?
14:09 fatbloke joined #openam
14:17 kala asyd: if you query your own attributes. Then its ok, you just need your session token
14:17 kala but if you want to query other user's attributes
14:17 kala then you need admin token
14:23 asyd ah yeah off course
14:24 asyd there is a REST API in opendj isn't it? ;p
14:24 aldaris yeah, shiny and nice
14:52 rghose joined #openam
14:53 rghose hello, am getting "An error occured while sending One Time Password". Can u tell me what is wrong?
14:53 rghose I configured local sendmail, and I can send mails using it
15:02 aldaris have a look at the logs
15:28 MegaMatt joined #openam
16:07 rghose1 joined #openam
16:10 aldaris joined #openam
16:17 fatbloke joined #openam
17:15 rghose joined #openam
18:46 aldaris joined #openam
20:41 MegaMatt joined #openam
22:01 MegaMatt joined #openam
22:31 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary