Forum Discussion
Create users Local User DB by CLI
Hello folks,
im looking for create users inside the localdb in APM module by CLI.
i verified that doesn't exitst a command for this purpose and i tried also to add user directly in the db table auth_user, but seems like that the appliance does'nt digest this configuration despite i can see new users added to the table:
MYSQL_PW=`perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw`
MYSQL_PW="$(/usr/bin/perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw)"
INSERT INTO auth_user (uid, uname, instance, password, user_groups, login_failures, lockout_start, tt1) VALUES ('14365', 'username', '/Common/instance', 'password', '', '0', '0', '1700135315');
--------------------+
| uid | uname | instance | password | user_groups | login_failures | passwd_expire | lockout_start | ttl | dynamic_user | deleted | suspended | locked_out | change_passwd | last_modified |
+-------+-----------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
| 14365 | username | /Common/instance | password | 0| 0| 0| 0| 0| 0 | 0 | 0 | 0 | 0 |
Do you know how i can create users by CLI/API?
best regards
- Lucas_ThompsonEmployee
Create the AAA localdb instance first.
Then create a user:
Then use mysql client to see what was created:
[admin@west:ModuleNotLicensed::Active:Standalone] ~ # echo $MYSQL_PW
OPRDwipY5G
[admin@west:ModuleNotLicensed::Active:Standalone] ~ # mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 20011
Server version: 5.5.53-MariaDB MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------------------------------------+
| Database |
+--------------------------------------------------+
| information_schema |
| APMOAuth462bbe3b0c958855218bbb824dcd87e5605fd1e6 |
| APMOAuthe68c35d65693688c184d29379e2226b69c08777b |
| AVR |
| cnf |
| f5authdb |
| logdb |
| mysql |
| performance_schema |
| test |
+--------------------------------------------------+
10 rows in set (0.00 sec)
MariaDB [(none)]> use f5authdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [f5authdb]> show tables;
+--------------------+
| Tables_in_f5authdb |
+--------------------+
| auth_user |
| auth_user_data |
| auth_user_details |
| mdm_device |
| mdm_status |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [f5authdb]> select * from auth_user;
+-------+-------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
| uid | uname | instance | password | user_groups | login_failures | passwd_expire | lockout_start | ttl | dynamic_user | deleted | suspended | locked_out | change_passwd | last_modified |
+-------+-------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
| 16460 | fred | /Common/mylocaluserdbinstance | {SSHA}5cnywrcbZ3wKbn6gi//HMj4zv7ipxPya | | 0 | NULL | 0 | 1700160452 | 0 | 0 | 0 | 0 | 0 | 2023-11-16 10:50:57 |
+-------+-------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
1 row in set (0.00 sec)
MariaDB [f5authdb]>Now you should be able to manipulate that user and create more users in the same pattern. Please understand that direct DB manipulation like this isn't strictly supported, but it should work as long as you're careful. Be sure to make frequent database backups and test often.
I would also suggest to NOT use local DB at all if you have a large user database and using an external auth server instead. Setting up an open source LADP server such as OpenLDAP has never been easier now that we have industry standard automation such as Docker Compose:
https://hub.docker.com/r/bitnami/openldap/
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com