cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco ISE API - ERS Active Directory Get-By-Name function

Hi,

 

I'm testing some python code to pull user information / account statuses from ISE which is using Active Directory as an External Source. I've successfully used some of the other ISE ERS AD functions to get Admin users, Get Join Point and Get join point details. However I now wish to view detail on a specific user and to do this I'm trying to use the "Get-by-name" api function, passing the ad username to it. Unfortunately I am getting Error 404 not found back all the time (tried multiple user accounts).

FYI I'm using GET with the URL https://1.1.1.1:9060/ers/config/activedirectory/name/fred.bloggs   (as an example) with the same Basic Auth which has previously worked with other functions.

 

On the ISE I'm able to find AD users no problem using the "Attributes" tab in External Identity sources, and all tests pass using the ISE AD Diagnostics tool.

 

Has anyone got any suggestions please? 

 

Many Thanks

 

Paul

2 Comments

Hi,

 

I have the same issue on every /activedirectory routes, I can't even retrieve a join point ID from the api. The /adminuser routes are working fine.

 

On the /activedirectory route, the HTTP code returned is a 404 but when you take a closer look to the response headers, you can see a "Internal Server Error": "Unexpected Exeption:: 500", . It look like an exception caught on the backend is 'hidden' by returning a 404 instead.

For example, these call will return a 404 with the 'unexpected exception' header (tested with token based and basic auth, same result):

- GET  https://{ise_hostname}:9060/ers/config/activedirectory?filter=name.EQ.whatever   (GET-ALL with filter on 'name')

- GET  https://{ise_hostname}:9060/ers/config/activedirectory/name/whatever   (GET-BY-NAME)

 

@paul.cummings.uk  how did you manage to retrieve join point IDs from the API ?

 

Thanks in advance !

paul.cummings.uk
Beginner

@DenisBattistini91953 

GET  https://{ise_hostname}:9060/ers/config/activedirectory 

That should give you a "SearchResult" containing any AD joins you have on the ISE and give you the join ids you need for other queries.

As long as you're doing an authenticated GET and you've passed the desired "Content-Type" and "Accept" key/values in your header it should work.

 

Cheers