Description
Scope
Solution
This article provides some basic commands on how to use cURL to perform query and update on FortiAuthenticator user LDAP.
Scope
FortiAuthenticator 4.0.x
Solution
In order to use the API, an admin user must be created with the web service access enabled as in the following screenshot. A valid email address must be provided under the User Information section as it will receive the secret key needed to be used in the cURL server connection.
The cURL program for the appropriate platform can be downloaded from http://curl.haxx.se/download.html
The cURL syntax is as follows:
The credentials shown below are an example only, the correct credentials must be provided during admin user creation.
To list all Local users
To list all LDAP users
To list available token
It is a two step process to assign token to LDAP user.
1) List the existing LDAP user information.
The following output will be displayed
2) Run the following command to assign available token to user ID = 3 together with the email address. Email address is needed when assigning token as it will send the information required to register the mobile token.
Note: replace the ID “3” without bracket, with the correct ID from the user listing. For example, https://10.129.0.60/api/v1/ldapusers/<3>/
The cURL program for the appropriate platform can be downloaded from http://curl.haxx.se/download.html
The cURL syntax is as follows:
curl –k –v –u “: ” https:// /api/v1/ /?format=json
To list all Local users
curl -k -v -u "szadmin:ytYq8QwNPhpNlPJqAPIeGVBB0xQsFkaau80WW4Xy" https://10.129.0.60/api/v1/localusers/?format=json
To list all LDAP users
curl -k -v -u "szadmin:ytYq8QwNPhpNlPJqAPIeGVBB0xQsFkaau80WW4Xy" https://10.129.0.60/api/v1/ldapusers/?format=json
To list available token
curl -k -v -u "szadmin:ytYq8QwNPhpNlPJqAPIeGVBB0xQsFkaau80WW4Xy" https://10.129.0.60/api/v1/fortitokens/?status=available
It is a two step process to assign token to LDAP user.
1) List the existing LDAP user information.
curl -k -v -u "szadmin:ytYq8QwNPhpNlPJqAPIeGVBB0xQsFkaau80WW4Xy" https://10.129.0.60/api/v1/localusers/?username=<ldapusername>
The following output will be displayed
< HTTP/1.1 200 OK < Date: Sun, 13 Dec 2015 09:28:58 GMT < Server: Apache < Vary: Accept,Accept-Language,Cookie < X-Frame-Options: SAMEORIGIN < Content-Language: en < Cache-Control: no-cache < Transfer-Encoding: chunked < Content-Type: application/json < {"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 1}, "objects": [{"active": true, "dn": "CN=stan,CN=Users,DC=sz,DC=com,DC=local", "email": "", "first_name": "stan", "ftm_act_method": "email", "id": 3, "last_name": "", "mobile_number": "", "resource_uri": "/api/v1/ldapusers/3/", "server_address": "10.129.0.50", "server_name": "SZ_AD","token_auth": false, "token_serial": "", "token_type": "", "username": "stan"}
2) Run the following command to assign available token to user ID = 3 together with the email address. Email address is needed when assigning token as it will send the information required to register the mobile token.
curl -k -v -u "szadmin:ytYq8QwNPhpNlPJqAPIeGVBB0xQsFkaau80WW4Xy" -X PATCH -d {\"token_auth\":\"true\",\"token_type\":\"ftm\",\"email\":\"test@abc.com\"} -H "Content-Type: application/json" https://10.129.0.60/api/v1/ldapusers/3/
