Forum Discussion

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 26, 2017

    e.g.

    // user creation

root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) create auth user santa password santa partition-access add { all-partitions { role operator }}
root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) create auth user dasher password dasher partition-access add { all-partitions { role guest }}
root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) list auth user
auth user admin {
    description "Admin User"
    encrypted-password $6$AhgyrnEG$cTQ.WtWY9qEbCcM2xy5FzU8DEmFNNrme4koQCN4A14XIqKgEmI4sm2h8vvALZGre8h4jSfVVvIYsJsoOK3IDw.
    partition Common
    partition-access {
        all-partitions {
            role admin
        }
    }
    shell none
}
auth user dasher {
    description dasher
    encrypted-password $6$zY3kn0qg$LVzxid2UayJvZJoW.lxBWVpXhQhswVSCCiX/quk5ALnEqJyE1qYKSNyBeFSX04ZBnUJuqPwQ09nyW/RvXbSo21
    partition Common
    partition-access {
        all-partitions {
            role guest
        }
    }
    shell none
}
auth user santa {
    description santa
    encrypted-password $6$ufPs5vrK$hCew9WcysBQDrZBvNAMN.IswgPV8YKFFjiCUA05rbpMB3FDRRnbkuTjqdmNgOcZnLHfsuPNFj8FITilImLOoF1
    partition Common
    partition-access {
        all-partitions {
            role operator
        }
    }
    shell none
}

// rest

[root@bip1a:Active:In Sync] config  curl -sk -u admin:admin https://localhost/mgmt/tm/auth/user |jq '.items[]|{name, role: .partitionAccess[].role}'
{
  "name": "admin",
  "role": "admin"
}
{
  "name": "dasher",
  "role": "guest"
}
{
  "name": "santa",
  "role": "operator"
}
    • oded_mass_23314's avatar
      oded_mass_23314
      Icon for Nimbostratus rankNimbostratus
      Dec 26, 2017

      Thanks. but this does not include the local-db users of the APM module (the ones you see via Access Policy -> Local Users DB). they are stored in a MySQL db. Any idea on how to retrieve them from a remotes system preferably with the REST Api ?

       

  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Dec 26, 2017

    e.g.

    // user creation

root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) create auth user santa password santa partition-access add { all-partitions { role operator }}
root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) create auth user dasher password dasher partition-access add { all-partitions { role guest }}
root@(bip1a)(cfg-sync In Sync)(Active)(/Common)(tmos) list auth user
auth user admin {
    description "Admin User"
    encrypted-password $6$AhgyrnEG$cTQ.WtWY9qEbCcM2xy5FzU8DEmFNNrme4koQCN4A14XIqKgEmI4sm2h8vvALZGre8h4jSfVVvIYsJsoOK3IDw.
    partition Common
    partition-access {
        all-partitions {
            role admin
        }
    }
    shell none
}
auth user dasher {
    description dasher
    encrypted-password $6$zY3kn0qg$LVzxid2UayJvZJoW.lxBWVpXhQhswVSCCiX/quk5ALnEqJyE1qYKSNyBeFSX04ZBnUJuqPwQ09nyW/RvXbSo21
    partition Common
    partition-access {
        all-partitions {
            role guest
        }
    }
    shell none
}
auth user santa {
    description santa
    encrypted-password $6$ufPs5vrK$hCew9WcysBQDrZBvNAMN.IswgPV8YKFFjiCUA05rbpMB3FDRRnbkuTjqdmNgOcZnLHfsuPNFj8FITilImLOoF1
    partition Common
    partition-access {
        all-partitions {
            role operator
        }
    }
    shell none
}

// rest

[root@bip1a:Active:In Sync] config  curl -sk -u admin:admin https://localhost/mgmt/tm/auth/user |jq '.items[]|{name, role: .partitionAccess[].role}'
{
  "name": "admin",
  "role": "admin"
}
{
  "name": "dasher",
  "role": "guest"
}
{
  "name": "santa",
  "role": "operator"
}
    • oded_mass_23314's avatar
      oded_mass_23314
      Icon for Nimbostratus rankNimbostratus
      Dec 26, 2017

      Thanks. but this does not include the local-db users of the APM module (the ones you see via Access Policy -> Local Users DB). they are stored in a MySQL db. Any idea on how to retrieve them from a remotes system preferably with the REST Api ?

       

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 26, 2017

    i am not much familiar with apm but this is what i found.

    there is rfe but not yet implemented. ID441055 [APM][RFE] LocalDB Enhancements

    i do not feel this is right but i understand we may run ldbutil via rest call.

    // ldbtuil

[root@B10200-R8-S37:Active:In Sync (Sync Only)] config  ldbutil --list
uid="34765" uname="dasher" instance="/Common/instance1" password="{SSHA}V/trBAh3hn8pi9hhkesG7rvMZOUbFyQr" user_groups="" login_failures="0" passwd_expire="NULL" lockout_start="0" ttl="1514289883" dynamic_user="0" deleted="0" suspended="0" locked_out="0" change_passwd="0" last_modified="2017-12-26 20:04:43" first_name="" last_name="" email=""
uid="58564" uname="santa" instance="/Common/instance1" password="{SSHA}WoRGo2uLGMaPN6EYbViVJ6olFpdep4G6" user_groups="" login_failures="0" passwd_expire="NULL" lockout_start="0" ttl="1514282636" dynamic_user="0" deleted="0" suspended="0" locked_out="0" change_passwd="0" last_modified="2017-12-26 18:03:56" first_name="" last_name="

// rest

] curl -sk -u admin:admin -X POST -H 'content-type: application/json' -d '
{
  "command": "run",
  "utilCmdArgs": "-c \"ldbutil --list\""
}
' https://172.24.8.37/mgmt/tm/util/bash |jq .commandResult |awk '{for(i=1;i<=NF;i++) {t=match($i,/uname=(.*)?/); if(t) {print $i}}}'
uname=\"dasher\"
uname=\"santa\"