Forum Discussion

bsdpruegelknabe's avatar
bsdpruegelknabe
Icon for Nimbostratus rankNimbostratus
Nov 03, 2008

create_user doesn't work or I'm to dumb?!

Hello,

 

 

the most possibillity is that I didn't understood to use create_user propperly...

 

Well, I hope anyone can help me here.

 

I use perl (yeah, I know, bite me... ;-p ) to create users on an F5 LB via Script.

 

 

My SOAP-Request looks like:

 

---

 

$soapResponse=$cu->create_user (SOAP::Data->name('users')->value(

 

'user' => {

 

'name' => $username,

 

'full_name' => $username'

 

},

 

'role' => $userrole,

 

'password' => '',

 

'home_directory' => '/home/'.$username,

 

'login_shell' => '/bin/false',

 

'user_id' => '0',

 

'group_id' => '500'

 

)

 

);

 

---

 

With the uri: 'urn:iControl:Management/UserManagement'

 

 

If I read on http://devcentral.f5.com/wiki/default.aspx/iControl/Management__UserManagement__create_user.html correctly - this should work. But doesn't. Can anyone give me an hint what I'm missing, please. :-)

 

 

 

TIA

 

bsdpruegelknabe
dev
devops
iControl

7 Replies

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Nov 03, 2008
    Check out this thread in the forums where I posted a create_user perl script subroutine.

     

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=1&postid=15013&view=topic

     

    Click here

     

     

     

    The main issue is that the create_user iControl method takes an array of UserInfo structures. You are just passing in a scalar value. The server is trying to coerce this into an array and it can't do it so it's treating it like an array size of 0.

     

     

    Let me know if anything else comes up.

     

     

    BTW, I've got a soft spot in my heart for SOAP::Lite since that is the first toolkit I used when initially developing iControl.

     

     

    -Joe
  • bsdpruegelknabe's avatar
    bsdpruegelknabe
    Icon for Nimbostratus rankNimbostratus
    Nov 04, 2008

    Posted By Joe on 11/03/2008 7:10 AM

     

     

    The main issue is that the create_user iControl method takes an array of UserInfo structures. You are just passing in a scalar value. The server is trying to coerce this into an array and it can't do it so it's treating it like an array size of 0.

     

     

     

     

     

    Aw... now it works! That was the missing link I didn't get from the documentation. Many thanks! :-)

     

     

     

    Let me know if anything else comes up.

     

     

     

     

    Well, yes. There is something.

     

    I need to create accounts *without* passwords since the Authentication should go against LDAP or Radius. If there is a password at the /etc/shadow the box would only use that. Is there a way to avoid a password and to set '!!' at the passwordfield at the shadow, like the GUI does?

     

     

     

    cu

     

    bsdpruegelknabe
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Dec 04, 2008
    I just used the create_user API with a empty string as the passwd and this value was entered into /etc/shadow

     

     

    joeuser:!!:14217:0:99999:7:::

     

     

     

    I don't know much about external authorization but that seems to be what you are asking for isn't it? I just put a zero length string in the password field of the UserInfo structure.

     

     

    -Joe
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Dec 09, 2008
    Here's the code I used

     

     

    sub handle_create() 
 { 
   my ($UserName, $FullName, $Role, $Password) = @_; 
  
    Some defaults for testing 
   if ( $FullName eq "" ) { $FullName = "Fred Garvin"; } 
   if ( $Role eq "" ) { $Role = USER_ROLE_ADMINISTRATOR; } 
   if ( $Password eq "" ) { $Password = $UserName; } 
   if ( $Password eq "" ) { $Password = ""; } 
  
   $UserID = { 
     name => $UserName, 
     full_name => $FullName 
   }; 
  
   $UserInfo = { 
     user => $UserID, 
     role => $Role, 
     password => $Password, 
     home_directory => "/home/$UserName", 
     login_shell => "/bin/bash", 
     user_id => 0, 
     group_id => 500 
   }; 
  
   $soapResponse = $UserManagement->create_user( 
     SOAP::Data->name(users => [$UserInfo]) 
   ); 
 }

     

     

    I tested this on 9.4.5. If this isn't working with 9.3-HF3, then you'll likely have to create a support ticket with product support for your version. If you can send me your code, I can test it on my BIG-IP.

     

     

    -Joe
  • bsdpruegelknabe's avatar
    bsdpruegelknabe
    Icon for Nimbostratus rankNimbostratus
    Dec 10, 2008
    Thats the code I use:

     

     

    
my $host='hostnameoflb';

my %urls=(
        'url' => "https://$host:443/iControl/iControlPortal.cgi",
        'uri_usermgmt' => 'urn:iControl:Management/UserManagement',
);

my @admins=("smurf", "gargamel", "azrael");
my $do=create_user(
        'admins' => \@admins,
);      
       
sub create_user {
        my %config=@_;
        for (@{$config{'admins'}}) {
                my $pass='';
                push @userdef, {
                        'user' => {
                                'name' => $_,
                                'full_name' => $_,
                        },
                        'role' => 'USER_ROLE_ADMINISTRATOR',
                        'password' => $pass,
                        'home_directory' => '/home/'.$_,
                        'login_shell' => '/bin/false',
                        'user_id' => '0',
                        'group_id' => '500',
                }
        }
        my $soap=soap_object('uri' => $urls{'uri_usermgmt'});
        my $res=$soap->create_user(SOAP::Data->name('users' => [@userdef]));
}

sub soap_object {
        my %config=@_;
        my $soap=SOAP::Lite
                -> uri($config{'uri'})
                -> proxy($urls{'url'});
        eval { $soap->transport->http_request->header( 'Authorization' => 'Basic '.$enc_credentials ); };
        return $soap;
}

     

     

    The only thing what is missing at this codesniped is the creation of guestusers. But thats likewise the 'for (@{$config{'admins'}}) {' part and the content of @admins comes from a file or database.

     

     

    cu,

     

    bsdpruegelknabe
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Dec 10, 2008
    I just ran your code and it created the following /etc/shadow entry on my device

     

     

    smurf:!!:14223:0:99999:7:::

     

     

     

    Looks like you are doing things right but there is something about your version with regards to empty passwords. Not much more we can do here so you'll likely have to take this up with Product Support and open a ticket to get dev looking into why it's not working for you.

     

     

    -Joe
  • bsdpruegelknabe's avatar
    bsdpruegelknabe
    Icon for Nimbostratus rankNimbostratus
    Dec 11, 2008
    Ok. I will try to get a ticket out of this.

     

    At least I'm not as dumb as I thought in the first place.

     

     

    Many thanks for your effort here!

     

     

     

    cu,

     

    bsdpruegelknabe