Solved: Re: ISE 2.4 : ERS Online SDK : error running :Use Cases 'Change password' Python script : CRUD opera...

gillessapene · ‎07-25-2019

I am trying to run the Use Cases 'Change password' Python script and I getting the error message : CRUD operation exception

C:\Users\Administrator\AppData\Local\Programs\Python\Python37\gilles>python change-password.py
Status: 500
Header:
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONIDSSO=91C476392912A50CFB768B8BD2DB6704; Path=/; Secure; HttpOnly
Set-Cookie: APPSESSIONID=E80055AF89A5AC1699D745A93811D991; Path=/ers; Secure; HttpOnly
Pragma: no-cache
Date: Thu, 25 Jul 2019 09:54:18 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 352
Connection: close
Server:


Body:
{
  "ERSResponse" : {
    "operation" : "PUT-update-internaluser",
    "messages" : [ {
      "type" : "ERROR",
      "code" : "CRUD operation exception"
    } ],
    "link" : {
      "rel" : "related",
      "href" : "https://xx.xx.xx.xx:9060/ers/config/internaluser/11d2fbff-fa22-4a67-b13f-ed7f033245c2",
      "type" : "application/xml"
    }
  }
}

I was wondering if it is related to the "name" which is set in the json :

req_body_json = """  {{
    "InternalUser" : {{
        "id" : "{}",
        "name" : "noenable",
        "password" : "{}",
        "customAttributes" : {{
        }}
    }}
}}
""".format(user_id,new_passwd)

"noenable" is the tacacs identity which corresponds to the id .

Has someone already had this error message. It seems to be a generic error.

gillessapene · ‎07-26-2019

I think that I have found the issue.

you need to PUT the entire json and not only the pasword and enablePassword values else it will empty the missing values (exemple : the firstname value will be replaced with "" , same for the lastname value).

That means that , would you like to change the password of the tacacs account : xxx

1) run a GEt internaluser filtered with xxx; you will get the id

2) run a GET internaluser/id; you will get the account detail in a json format. Just change the value of "password" and "enablePassword" with the new ones.

3) run a PUT internaluser/id and pass the updated json.

Hope it helps

View solution in original post

gillessapene · ‎07-26-2019

I think that I have found the issue.

you need to PUT the entire json and not only the pasword and enablePassword values else it will empty the missing values (exemple : the firstname value will be replaced with "" , same for the lastname value).

That means that , would you like to change the password of the tacacs account : xxx

1) run a GEt internaluser filtered with xxx; you will get the id

2) run a GET internaluser/id; you will get the account detail in a json format. Just change the value of "password" and "enablePassword" with the new ones.

3) run a PUT internaluser/id and pass the updated json.

Hope it helps

hslai · ‎07-26-2019

I agree with you that the error message is not helpful. Below working for me to change the password:

{
  "InternalUser" : {
    "id" : "myInternalUser-01-UUID",
    "name" : "myInternalUser-01",
    "password" : "newPassword^123"
  }
}

gillessapene · ‎07-29-2019

Yes it will work with your json file, but it will empty the missing fields ( first name, last name,..)

paul · ‎07-29-2019

Hsing,

If this is true that the REST API blanks out the other attributes, there should be a bug filed on this behavior. That is not how the other update functions work. The update function should only update the attributes specified in the REST call.

ISE 2.4 : ERS Online SDK : error running :Use Cases 'Change password' Python script : CRUD operation exception