2019-12-03 07:03:05 +01:00
|
|
|
# Interacting with the Server
|
|
|
|
|
|
|
|
|
|
To interact with Kanidm as an administration, you'll need to use our command line tools
|
|
|
|
|
|
|
|
|
|
## From (experimental) packages
|
|
|
|
|
|
2020-01-27 13:30:09 +01:00
|
|
|
Kanidm currently supports:
|
2020-12-02 02:12:07 +01:00
|
|
|
* Fedora 33
|
|
|
|
|
* OpenSUSE leap 15.2
|
2020-01-27 13:30:09 +01:00
|
|
|
* Tumbleweed
|
2019-12-03 07:03:05 +01:00
|
|
|
|
2020-10-14 05:05:45 +02:00
|
|
|
### OpenSUSE Tumbleweed
|
2019-12-03 07:03:05 +01:00
|
|
|
|
2020-10-14 05:05:45 +02:00
|
|
|
Kanidm is part of OpenSUSE Tumbleweed since October 2020. This means you can install
|
|
|
|
|
the clients with:
|
|
|
|
|
|
|
|
|
|
zypper ref
|
|
|
|
|
zypper in kanidm-clients
|
|
|
|
|
|
|
|
|
|
### OpenSUSE Leap 15.2
|
|
|
|
|
|
|
|
|
|
Leap 15.2 is still not fully supported with Kanidm. For an experimental client, you can
|
|
|
|
|
try the development repository. Using zypper you can add the repository with:
|
2019-12-03 07:03:05 +01:00
|
|
|
|
|
|
|
|
zypper ar obs://home:firstyear:kanidm home_firstyear_kanidm
|
2020-06-18 02:30:42 +02:00
|
|
|
zypper mr -f home_firstyear_kanidm
|
2019-12-03 07:03:05 +01:00
|
|
|
|
|
|
|
|
Then you need to referesh your metadata and install the clients.
|
|
|
|
|
|
|
|
|
|
zypper ref
|
|
|
|
|
zypper in kanidm-clients
|
|
|
|
|
|
|
|
|
|
### Fedora
|
|
|
|
|
|
2020-10-14 05:05:45 +02:00
|
|
|
Fedora is still experimentally supported through the development repository. You need to add the repository metadata into the correct directory.
|
2019-12-03 07:03:05 +01:00
|
|
|
|
|
|
|
|
cd /etc/yum.repos.d
|
2020-12-02 02:12:07 +01:00
|
|
|
wget https://download.opensuse.org/repositories/home:/firstyear:/kanidm/Fedora_33/home:firstyear:kanidm.repo
|
2020-06-18 02:30:42 +02:00
|
|
|
|
2020-10-14 05:05:45 +02:00
|
|
|
You can then install with:
|
|
|
|
|
|
|
|
|
|
dnf install kanidm-clients
|
|
|
|
|
|
2019-12-03 07:03:05 +01:00
|
|
|
## From source
|
|
|
|
|
|
|
|
|
|
After you check out the source (see github), navigate to:
|
|
|
|
|
|
|
|
|
|
cd kanidm_tools
|
2020-06-18 02:30:42 +02:00
|
|
|
cargo install --path .
|
2019-12-03 07:03:05 +01:00
|
|
|
|
2020-01-27 13:30:09 +01:00
|
|
|
## Check the tools work
|
2019-12-03 07:03:05 +01:00
|
|
|
|
|
|
|
|
Now you can check your instance is working. You may need to provide a CA certificate for verification
|
|
|
|
|
with the -C parameter:
|
|
|
|
|
|
2020-09-18 05:19:57 +02:00
|
|
|
kanidm login --name anonymous
|
2019-12-03 07:03:05 +01:00
|
|
|
kanidm self whoami -C ../path/to/ca.pem -H https://localhost:8443 --name anonymous
|
|
|
|
|
kanidm self whoami -H https://localhost:8443 --name anonymous
|
|
|
|
|
|
2020-06-18 02:30:42 +02:00
|
|
|
Now you can take some time to look at what commands are available - please ask for help at anytime.
|
2019-12-03 07:03:05 +01:00
|
|
|
|
2020-09-18 05:19:57 +02:00
|
|
|
## Authenticating a user with the command line
|
|
|
|
|
|
|
|
|
|
To authenticate as a user for use with the command line, you need to use the `login` command
|
|
|
|
|
to establish a session token.
|
|
|
|
|
|
|
|
|
|
kanidm login --name USERNAME
|
|
|
|
|
kanidm login --name admin
|
|
|
|
|
|
|
|
|
|
Once complete, you can use kanidm without reauthenticating for a period of time for administration.
|
|
|
|
|
|
2019-12-03 07:03:05 +01:00
|
|
|
## Kandim configuration
|
|
|
|
|
|
|
|
|
|
You can configure kanidm to help make commands simpler by modifying ~/.config/kanidm OR /etc/kanidm/config
|
|
|
|
|
|
|
|
|
|
uri = "https://idm.example.com"
|
|
|
|
|
verify_ca = true|false
|
|
|
|
|
verify_hostnames = true|false
|
|
|
|
|
ca_path = "/path/to/ca.pem"
|
|
|
|
|
|
|
|
|
|
Once configured, you can test this with:
|
|
|
|
|
|
|
|
|
|
kanidm self whoami --name anonymous
|
2020-09-18 05:19:57 +02:00
|
|
|
|
