Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6741
Views
11
Helpful
2
Replies

REST API : how to specify Domain in the Login data

guillerm
Level 1
Level 1

‎06-21-2017 02:28 PM - edited ‎03-01-2019 05:15 AM

hello,

we have just changed the login method to the APIC from a local user to an LDAP/AD user : this works great with the GUI or CLI,
but, I just noticed, that my Python script, used to extract APIC config and convert it in various Excel sheets, does not work anymore :

the login request in the python does not work;

the login data format used in this Python is this one :
    login_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <imdata totalCount="1">
    <aaaUser name="''' + APIC_USER + '''" pwd="''' + APIC_PW + '''"/>
    </imdata>'''

APIC_USER  and APIC_PW are 2 variables entered by the user running this Python script ;

I tried this format to integrate the new LDAP method we created (I did not find examples in CISCO APIC REST docs) but it did not work :
    login_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <imdata totalCount="1">
    <aaaUser name="''' + APIC_USER + '''" pwd="''' + APIC_PW + '''" domain="LDAP"/>
    </imdata>'''

I tried to use the APIC "show inspector" tool to trace the login of a user from an already logged user,

but it only seems to trace the activity of the already logged user ;

any idea is welcome

thanks

Labels:
0 Helpful
2 Replies 2

mtimm
Cisco Employee
Cisco Employee

‎06-21-2017 02:39 PM

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html#concept_D16AC6DC9CCD4351A4A40287487F061A

aaaLogin—Sent as a POST message, this method logs in a user and opens a session. The message body contains an aaa:User object with the name and password attributes, and the response contains a session token and cookie. If multiple AAA login domains are configured, you must prepend the user's name with apic:domain\\.

And:

This example shows how to request a list of valid login domains:

GET https://apic-ip-address/api/aaaListDomains.json

RESPONSE:
{
  "imdata": [{
    "name": "ExampleRadius"
  },
  {
    "name": "local",
    "guiBanner": "San Jose Fabric"
  }]
}

In the preceding example, the response data shows two possible login domains, 'ExampleRadius' and 'local.' The following example shows a user login message for the ExampleRadius login domain:

POST https://apic-ip-address/api/aaaLogin.json

{
  "aaaUser" : {
    "attributes" : {
      "name" : "apic:ExampleRadius\\georgewa",
      "pwd" : "paSSword1"
    }
  }
}

akushch28
Level 1
Level 1
In response to mtimm

‎01-14-2018 11:23 AM

after 3 hours unable to get RESTFUL SUCCESS when login into the APIC, I can now finally REST.

 

When using TACACS or LDAP for authentication:

 

 

username = 'apic:ACS\\'
username += str(inputArgs.user)

Thanks for this mtimm

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License