Security

Reply
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Clearpass SQL API

Is there a way to UPDATE or DELETE operations from an external server?

The appexternal user seems to only have SELECT permission on the database.


--
ACMA ACMP
Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: Clearpass SQL API

Which database?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Clearpass SQL API

I am looking to implement a rotating password script for a particular guest user.

Trying to avoid the XML API which I am not familiar with, SQL would be a piece of cake.

 

So looks like I need to modify tipsDB -> cpg_nwamdpsuser. But the perms are:

 

ALTER TABLE cpg_nwamdpsuser OWNER TO postgres;
GRANT ALL ON TABLE cpg_nwamdpsuser TO postgres;
GRANT SELECT ON TABLE cpg_nwamdpsuser TO appuser;
GRANT SELECT, UPDATE, INSERT, DELETE ON TABLE cpg_nwamdpsuser TO appadmin;

 

However appadmin isn't allowed to login externally via pg_hba.conf.


--
ACMA ACMP
Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: Clearpass SQL API

You cannot make changes to that database with the appexternal account because there is an API available to make changes.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Clearpass SQL API

So in a nutshell, no way to make change to tipsDB via SQL? Must use the XML API?


--
ACMA ACMP
Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: Clearpass SQL API

For guest users, yes the XML API needs to be used.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: Clearpass SQL API

I've done exactly this for a customer.  See my thread here, http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-Guest-automating-weekly-password-change/m-p/200645#M15084


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Clearpass SQL API

Thanks, I just finished writing a script to do much the same thing but using wget. It's always nice to find things can be done with a simple shell command :)


--
ACMA ACMP
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Clearpass SQL API

For anyone checking this later, the basics of this is 

 

/usr/bin/wget https://<clearpass>/tipsapi/config/write/GuestUser --no-check-certificate --user=apiadmin --password=<pass> --header=\"Content-Type:text/xml\" --post-file=<guestUserFile> --output-document=<resultFile> --quiet

 

..where <guestUserFile> is the xml as per the API guide.

 

 


--
ACMA ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: