07-24-2019 07:26 AM
I am working on a Python script to change a tacacs password based on a tacacs account as an input.
The script runs REST API commands.
The first one is to get the tacacs account "id", using the identity as an input parameter
The second one is to get the details of the identity, using the above "id" as an input parameter.
I want to change the password, so I need to know if I have to change the enable password or not,
I am surprised because the output json contains :"enablePassword": "*******", even if there is no enable password. I have run an identity list export to confirm.
Is there a way to know if the identity has an enable password or not so I have to change the password + the enable password.
or the password only.
Here is the output of the API query:
{ "InternalUser": { "id": "11d2fbff-fa22-4a67-b13f-ed7f033245c2", "name": "noenable", "enabled": true, "password": "*******", "firstName": "zzz", "lastName": "yyy", "changePassword": false, "identityGroups": "4844b750-1421-11e9-ac18-de49dabd0b44", "expiryDateEnabled": false, "enablePassword": "*******", "customAttributes": { "Address": "", "Phone_number": "", "Real_Name": "", "cmd-set": "", "priv_lvl": "", "max_priv_lvl": "" }, "passwordIDStore": "Internal Users", "link": { "rel": "self", "href": "https://x.x.x.x:9060/ers/config/internaluser/11d2fbff-fa22-4a67-b13f-ed7f033245c2", "type": "application/xml" } } }
Thanks
Solved! Go to Solution.
07-26-2019 09:45 AM
This seems a current limitation so I opened a bug -- CSCvq68524
Perhaps, you may use a group or the description field to indicate whether a user has the enable password set.
07-29-2019 04:19 AM
It s a good idea for a workaround.
It must be possible to export all the identities in a csv file , then to look at the ones which don't have an enable passowrd and to add a comment in the description field before reimporting the csv file.
To be honest I don't like to do a mass update on a production server :)
Thanks anyway.
Gilles
07-26-2019 09:45 AM
This seems a current limitation so I opened a bug -- CSCvq68524
Perhaps, you may use a group or the description field to indicate whether a user has the enable password set.
07-29-2019 04:19 AM
It s a good idea for a workaround.
It must be possible to export all the identities in a csv file , then to look at the ones which don't have an enable passowrd and to add a comment in the description field before reimporting the csv file.
To be honest I don't like to do a mass update on a production server :)
Thanks anyway.
Gilles
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide