Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
2
Replies

API/programmable interface to rotate specific system users passwords

witold.jagielski
Level 1
Level 1

‎10-21-2021 03:59 AM

Hi all,

 

I'm looking for an official Cisco answer on following question:

 

It there any programmable interface/API which gives option to rotate password for following CUCM users:

osadmin

ccmadmin

user used for LDAP sync

user used for DRF backup

 

Thanks!

 

Labels:
0 Helpful
2 Replies 2

BjoernMartin
Spotlight
Spotlight

‎10-21-2021 04:55 AM

Hi.

 

The Account OS Admin for DRF Backup and OSPlatform things cannot be changed via API.
The only way would be through this procedure (pwrecovery).
https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/213527-changing-cucm-os-admin-and-security-pass.pdf

 

To change AppAdmin like ccmadmin you can do API Call updateAppUser to reset/update password.

 

And users who are synchronized via the ldap server like (Active directory) and cucm has LDAP authentication enabled,
the password can only be changed in the ldap server (Active Directory for example).
Microsoft has an API to do that.
https://docs.microsoft.com/de-de/graph/api/passwordauthenticationmethod-resetpassword?view=graph-rest-beta&tabs=http

 

best regards

0 Helpful

dstaudt
Cisco Employee
Cisco Employee
In response to BjoernMartin

‎10-21-2021 01:08 PM - edited ‎10-21-2021 01:20 PM

  • The LDAP client credentials (for connecting to the LDAP server) should be manageable via AXL <updateLdapAuthentication> (for the user-sync/authentication backhaul connection) or <updateLdapSearch> (for the on-device LDAP directory/lookup connection)
  • It is possible to drive CUCM CLI operations (e.g. to change the OS admin credentials per the above link) via application, e.g. with Python via Paramiko, though this is more like web scraping than a formal API and can get tricky/impossible for complex commands (note this is not an officially 'supported' API/automation interface).  But, for these simple password management commands it should likely be pretty easy.  There's a comment with a Paramiko code example here which may be helpful.
0 Helpful
Customers Also Viewed These Support Documents