Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Create users Local User DB by CLI

Satoshino
Cirrus
Cirrus

Hello folks,

im looking for create users inside the localdb in APM module by CLI.

i verified that doesn't exitst a command for this purpose and i tried also to add user directly in the db table auth_user, but seems like that the appliance does'nt digest this configuration despite i can see new users added to the table:

MYSQL_PW=`perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw`

MYSQL_PW="$(/usr/bin/perl -MPassCrypt -nle 'print PassCrypt::decrypt_password($_)' /var/db/mysqlpw)"

INSERT INTO auth_user (uid, uname, instance, password, user_groups, login_failures, lockout_start, tt1) VALUES ('14365', 'username', '/Common/instance', 'password', '', '0', '0', '1700135315');

 

--------------------+
| uid   | uname     | instance                      | password                               | user_groups | login_failures | passwd_expire | lockout_start | ttl        | dynamic_user | deleted | suspended | locked_out | change_passwd | last_modified       |
+-------+-----------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
| 14365 | username | /Common/instance          | password                               | 0|           0|          0|          0|       0|            0 |       0 |         0 |          0 |             0 | 

Satoshino_0-1700151848948.png

 

Do you know how i can create users by CLI/API?

best regards

1 REPLY 1

Lucas_Thompson
F5 Employee
F5 Employee

Create the AAA localdb instance first.

Lucas_Thompson_0-1700164289556.png

Then create a user:

Lucas_Thompson_1-1700164356530.png

 

 

Then use mysql client to see what was created:

[admin@west:ModuleNotLicensed::Active:Standalone] ~ # echo $MYSQL_PW
OPRDwipY5G
[admin@west:ModuleNotLicensed::Active:Standalone] ~ # mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 20011
Server version: 5.5.53-MariaDB MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------------------------------------+
| Database |
+--------------------------------------------------+
| information_schema |
| APMOAuth462bbe3b0c958855218bbb824dcd87e5605fd1e6 |
| APMOAuthe68c35d65693688c184d29379e2226b69c08777b |
| AVR |
| cnf |
| f5authdb |
| logdb |
| mysql |
| performance_schema |
| test |
+--------------------------------------------------+
10 rows in set (0.00 sec)

MariaDB [(none)]> use f5authdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [f5authdb]> show tables;
+--------------------+
| Tables_in_f5authdb |
+--------------------+
| auth_user |
| auth_user_data |
| auth_user_details |
| mdm_device |
| mdm_status |
+--------------------+
5 rows in set (0.00 sec)

MariaDB [f5authdb]> select * from auth_user;
+-------+-------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
| uid | uname | instance | password | user_groups | login_failures | passwd_expire | lockout_start | ttl | dynamic_user | deleted | suspended | locked_out | change_passwd | last_modified |
+-------+-------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
| 16460 | fred | /Common/mylocaluserdbinstance | {SSHA}5cnywrcbZ3wKbn6gi//HMj4zv7ipxPya | | 0 | NULL | 0 | 1700160452 | 0 | 0 | 0 | 0 | 0 | 2023-11-16 10:50:57 |
+-------+-------+-------------------------------+----------------------------------------+-------------+----------------+---------------+---------------+------------+--------------+---------+-----------+------------+---------------+---------------------+
1 row in set (0.00 sec)

MariaDB [f5authdb]>

 

Now you should be able to manipulate that user and create more users in the same pattern. Please understand that direct DB manipulation like this isn't strictly supported, but it should work as long as you're careful. Be sure to make frequent database backups and test often.

I would also suggest to NOT use local DB at all if you have a large user database and using an external auth server instead. Setting up an open source LADP server such as OpenLDAP has never been easier now that we have industry standard automation such as Docker Compose:

https://hub.docker.com/r/bitnami/openldap/