User removal via API not working

Question

Hello,

I'm creating script for removal of inactive users from XG firewalls. I'm able to remove OTP tokens of the user, but can't remove user itself. It always returns error code 500 (Operation could not be performed on Entity.)

The strange thing is that it returns the same code even if I entered non-existing username instead of saying "Object doesn't exist". It looks like the request itself is wrong.

I can remove the account via GUI without any issues.

I'm using the following request:

<Request><Login><Username>admin</Username><Password>xxxxxxx</Password></Login><Remove><User transactionid=""><Username>test</Username></User></Remove></Request>

Here is the content of /log/apiparser.log

INFO Sep 06 09:24:36Z [32308]: Start Remove Handler,Component : User
ERROR Sep 06 09:24:36Z [32308]: Key:ISCrEntity is not found in RequestMap File for User.
INFO Sep 06 09:24:36Z [32308]: Mapping file for User component is /_conf/csc/IOMappingFiles//1900.1/identity/users.xml
WARNING Sep 06 09:24:36Z [32308]: Mapping element Mode is not needed now.
ERROR Sep 06 09:24:36Z [32308]: Flag setting for this opcode is 16.
INFO Sep 06 09:24:37Z [32308]: Opcode response: status:500
INFO Sep 06 09:24:37Z [32308]: End Remove Handler, Status : Success, Component : User, Transaction :

INFO Sep 06 09:24:37Z [32308]: Command:/scripts/apiparser_generate_tar.sh /sdisk/api-1662456275924800.txt /sdisk/API-1662456275924800/sdisk/APIXMLOutput/1662456275766.xml /sdisk/API-1662456275924800.tar /sdisk/API-1662456275924800.log 0 status:3
INFO Sep 06 09:24:37Z [32308]: No need to create Tar file. Response file is /sdisk/APIXMLOutput/1662456275766.xml

Has anybody here experience with user removal via API who could help me?

Thanks,

Ondrej

This thread was automatically locked due to age.

Vishal_R · Accepted Answer

Hi, Ondřej Valentík I have tried the below API for user delete/remove in local LAB and it worked for me. reqxml=adminXXXXXXX test1test1 Output: Authentication Successful Configuration applied successfully.

Vishal_R · Answer

Hi Ondřej Valentík Just now I have tried with AD user in my local LAB setup and user delete via API works fine for me. Please find the below snapshot and logs for reference. CSC Debug logs for reference: INFO Sep 20 13:14:26Z [delete_user:10557]: opcode 'delete_user': time taken: 0.121519984 seconds DEBUG Sep 20 13:14:26Z [worker:10557]: {"response":{"method":"opcode","name":"delete_user","version":"1.14","type":"text","length":93,"data":{ "deleteObjects": [ "vishal.r@sophos.creed " ], "status": "200", "statusmessage": "success" },"statusCode":200,"statusStrlen":2,"statusString":"OK"}} DEBUG Sep 20 13:14:26Z [worker:10557]: # OPCODE Exited: 'delete_user' with Status: '200' API stauts in Browser: Authentication Successful Configuration applied successfully. So for your scenario still I would suggest opening a support case if there are any challenges to deleting AD users via API to have next investigation.

Ondřej Valentík · Answer

Hi Vishal, I have found the solution during preparation materials for support case. Let me summarize the real usage of User Remove API which is not described in documentation: 1/ Tag must contain parameter transactionid="" => . This I have found in another thread before I opened this thread. 2/ Tag is ignored at all and is not needed in request even if it is mentioned in documentation as mandatory 3/ Account username must be specified between tags which is mandatory. The confusing point here is that doesn't contain the Name attribute of the user account, but Username attribute The reason why the tests were successful in your AD environment and for local users in my environment is that the name of the user and username were the same. In my AD environment the Name of the account is different than Username and that's why the request was not working for me. Another story is why the response is OK even if the user removal was not successful. It looks that the reponse just says that request was correct and accepted. The question is what is wrong? API documentation or API implementation? I will open support case to clarify it for future usage.

Vishal_R · Answer

Hi Ondřej Valent&iacute;k I checked internally and found that the issue is not on the documentation side but on the API side. This will be fixed in V19.0.2 MR-2 and the reference ID is NC-88291

User removal via API not working

Top Replies