There are the library functions for user functions. It depends on the lib.resolver and lib.realm.

There are and must be no dependencies to the token functions (lib.token) or to webservices!

This code is tested in tests/test_lib_user.py

privacyidea.lib.user.User(*args, **kwds)[source]
The user has the attributes
login, realm and resolver.

Usually a user can be found via “login@realm”.

A user object with an empty login and realm should not exist, whereas a user object could have an empty resolver.

privacyidea.lib.user.create_user(*args, **kwds)[source]

This creates a new user in the given resolver. The resolver must be editable to do so.

The attributes is a dictionary containing the keys “username”, “email”, “phone”, “mobile”, “surname”, “givenname”, “password”.

We return the UID and not the user object, since the user could be located in several realms!

  • resolvername (basestring) – The name of the resolver, in which the user should be created
  • attributes (dict) – Attributes of the user

The uid of the user object

privacyidea.lib.user.get_user_from_param(param, optionalOrRequired=True)[source]

Find the parameters user, realm and resolver and create a user object from these parameters.

An exception is raised, if a user in a realm is found in more than one resolvers.

Parameters:param (dict) – The dictionary of request parameters
Returns:User as found in the parameters
Return type:User object
privacyidea.lib.user.get_user_info(*args, **kwds)[source]

return the detailed information for a user in a resolver

  • userid (string) – The id of the user in a resolver
  • resolvername – The name of the resolver

a dict with all the userinformation

Return type:


privacyidea.lib.user.get_user_list(*args, **kwds)[source]
privacyidea.lib.user.get_username(*args, **kwds)[source]

Determine the username for a given id and a resolvername.

  • userid (string) – The id of the user in a resolver
  • resolvername – The name of the resolver

the username or “” if it does not exist

Return type:


privacyidea.lib.user.split_user(*args, **kwds)[source]

Split the username of the form user@realm into the username and the realm splitting myemail@emailprovider.com@realm is also possible and will return (myemail@emailprovider, realm).

If for a user@domain the “domain” does not exist as realm, the name is not split, since it might be the user@domain in the default realm

We can also split realmuser to (user, realm)

Parameters:username (string) – the username to split
Returns:username and realm
Return type:tuple