Forum Discussion
bsdpruegelknabe
Nimbostratus
Nimbostratuscreate_user doesn't work or I'm to dumb?!
Hello,
the most possibillity is that I didn't understood to use create_user propperly...
Well, I hope anyone can help me here.
I use perl (yeah, I know, bite me... ;-p ) to create users on an F5 LB via Script.
My SOAP-Request looks like:
---
$soapResponse=$cu->create_user (SOAP::Data->name('users')->value(
'user' => {
'name' => $username,
'full_name' => $username'
},
'role' => $userrole,
'password' => '',
'home_directory' => '/home/'.$username,
'login_shell' => '/bin/false',
'user_id' => '0',
'group_id' => '500'
)
);
---
With the uri: 'urn:iControl:Management/UserManagement'
If I read on http://devcentral.f5.com/wiki/default.aspx/iControl/Management__UserManagement__create_user.html correctly - this should work. But doesn't. Can anyone give me an hint what I'm missing, please. :-)
TIA
bsdpruegelknabe
- Check out this thread in the forums where I posted a create_user perl script subroutine.
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=1&postid=15013&view=topic
Click here
The main issue is that the create_user iControl method takes an array of UserInfo structures. You are just passing in a scalar value. The server is trying to coerce this into an array and it can't do it so it's treating it like an array size of 0.
Let me know if anything else comes up.
BTW, I've got a soft spot in my heart for SOAP::Lite since that is the first toolkit I used when initially developing iControl.
-Joe 
bsdpruegelknabePosted By Joe on 11/03/2008 7:10 AM
The main issue is that the create_user iControl method takes an array of UserInfo structures. You are just passing in a scalar value. The server is trying to coerce this into an array and it can't do it so it's treating it like an array size of 0.
Aw... now it works! That was the missing link I didn't get from the documentation. Many thanks! :-)
Let me know if anything else comes up.
Well, yes. There is something.
I need to create accounts *without* passwords since the Authentication should go against LDAP or Radius. If there is a password at the /etc/shadow the box would only use that. Is there a way to avoid a password and to set '!!' at the passwordfield at the shadow, like the GUI does?
cu
bsdpruegelknabe- I just used the create_user API with a empty string as the passwd and this value was entered into /etc/shadow
joeuser:!!:14217:0:99999:7:::
I don't know much about external authorization but that seems to be what you are asking for isn't it? I just put a zero length string in the password field of the UserInfo structure.
-Joe - Here's the code I used
sub handle_create() { my ($UserName, $FullName, $Role, $Password) = @_; Some defaults for testing if ( $FullName eq "" ) { $FullName = "Fred Garvin"; } if ( $Role eq "" ) { $Role = USER_ROLE_ADMINISTRATOR; } if ( $Password eq "" ) { $Password = $UserName; } if ( $Password eq "" ) { $Password = ""; } $UserID = { name => $UserName, full_name => $FullName }; $UserInfo = { user => $UserID, role => $Role, password => $Password, home_directory => "/home/$UserName", login_shell => "/bin/bash", user_id => 0, group_id => 500 }; $soapResponse = $UserManagement->create_user( SOAP::Data->name(users => [$UserInfo]) ); }
I tested this on 9.4.5. If this isn't working with 9.3-HF3, then you'll likely have to create a support ticket with product support for your version. If you can send me your code, I can test it on my BIG-IP.
-Joe - bsdpruegelknabeThats the code I use:
my $host='hostnameoflb'; my %urls=( 'url' => "https://$host:443/iControl/iControlPortal.cgi", 'uri_usermgmt' => 'urn:iControl:Management/UserManagement', ); my @admins=("smurf", "gargamel", "azrael"); my $do=create_user( 'admins' => \@admins, ); sub create_user { my %config=@_; for (@{$config{'admins'}}) { my $pass=''; push @userdef, { 'user' => { 'name' => $_, 'full_name' => $_, }, 'role' => 'USER_ROLE_ADMINISTRATOR', 'password' => $pass, 'home_directory' => '/home/'.$_, 'login_shell' => '/bin/false', 'user_id' => '0', 'group_id' => '500', } } my $soap=soap_object('uri' => $urls{'uri_usermgmt'}); my $res=$soap->create_user(SOAP::Data->name('users' => [@userdef])); } sub soap_object { my %config=@_; my $soap=SOAP::Lite -> uri($config{'uri'}) -> proxy($urls{'url'}); eval { $soap->transport->http_request->header( 'Authorization' => 'Basic '.$enc_credentials ); }; return $soap; }
The only thing what is missing at this codesniped is the creation of guestusers. But thats likewise the 'for (@{$config{'admins'}}) {' part and the content of @admins comes from a file or database.
cu,
bsdpruegelknabe - I just ran your code and it created the following /etc/shadow entry on my device
smurf:!!:14223:0:99999:7:::
Looks like you are doing things right but there is something about your version with regards to empty passwords. Not much more we can do here so you'll likely have to take this up with Product Support and open a ticket to get dev looking into why it's not working for you.
-Joe - bsdpruegelknabeOk. I will try to get a ticket out of this.
At least I'm not as dumb as I thought in the first place.
Many thanks for your effort here!
cu,
bsdpruegelknabe
