Security

Is there a way to UPDATE or DELETE operations from an external server?

The appexternal user seems to only have SELECT permission on the database.

Which database?

I am looking to implement a rotating password script for a particular guest user.

Trying to avoid the XML API which I am not familiar with, SQL would be a piece of cake.

 

So looks like I need to modify tipsDB -> cpg_nwamdpsuser. But the perms are:

 

ALTER TABLE cpg_nwamdpsuser OWNER TO postgres;
GRANT ALL ON TABLE cpg_nwamdpsuser TO postgres;
GRANT SELECT ON TABLE cpg_nwamdpsuser TO appuser;
GRANT SELECT, UPDATE, INSERT, DELETE ON TABLE cpg_nwamdpsuser TO appadmin;

 

However appadmin isn't allowed to login externally via pg_hba.conf.

You cannot make changes to that database with the appexternal account because there is an API available to make changes.

So in a nutshell, no way to make change to tipsDB via SQL? Must use the XML API?

For guest users, yes the XML API needs to be used.

I've done exactly this for a customer.  See my thread here, http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-Guest-automating-weekly-password-change/m-p/200645#M15084

Thanks, I just finished writing a script to do much the same thing but using wget. It's always nice to find things can be done with a simple shell command :)

For anyone checking this later, the basics of this is 

 

/usr/bin/wget https://<clearpass>/tipsapi/config/write/GuestUser --no-check-certificate --user=apiadmin --password=<pass> --header=\"Content-Type:text/xml\" --post-file=<guestUserFile> --output-document=<resultFile> --quiet

 

..where <guestUserFile> is the xml as per the API guide.