Configuring, Deleting, and Querying User Information
Setting User Information
Setting User Information
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"allowExpired": "no",
"expiration": "2020-12-01T00:00:00.000+00:00",
"expires": "yes",
"name": "UserA",
"pwd": "xcvF!tryu",
"pwdEncryptType": "clear"
}}}]}}
{
imdata:[]
}
<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<userext-items>
<user-items>
<User-list>
<name>UserA</name>
<allowExpired>no</allowExpired>
<expiration>2020-12-01T00:00:00.000+00:00</expiration>
<expires>yes</expires>
<pwd>xcvF!tryu</pwd>
<pwdEncryptType>clear</pwdEncryptType>
</User-list>
</user-items>
</userext-items>
</System>
The aaaUser object sets the user information for a specified, user. The MO for the user is an MO with a name that has the format user-<*username*>, where username is the name of the user.
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
username UserA password xcvF!tryuusername UserA expire 2020-12-01e
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaUser | sys/userext/user-{[name]} |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| allowExpired | aaa:Boolean (scalar:Enum8) | Allow expired user to be configured | SELECTION: 0 - no 1 - yes DEFAULT: no |
| expiration | aaa:Date (scalar:Date) | Account Expiration Date | DATE FORMAT: %Y-%m-%dT%H:%M:%S.%f%z DEFAULT: never |
| expires | aaa:Boolean (scalar:Enum8) | A property to enable an expiration date for the locally-authenticated user account. | SELECTION: 0 - no 1 - yes DEFAULT: no |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| pwd | aaa:Passwd (string:Basic) | The system user password. | MAX SIZE: 126 DEFAULT: ! |
| pwdEncryptType | aaa:KeyEncUserPass (scalar:Enum8) | Password Encryption Type | SELECTION: 0 - clear 5 - Encrypt 255 - unspecified DEFAULT: Encrypt |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a User
Deleting a User
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "testname",
"status": "deleted"
}}}]}}
{
imdata:[]
}
<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<userext-items>
<user-items>
<User-list xc:operation="delete">
<name>testname</name>
</User-list>
</user-items>
</userext-items>
</System>
You can use an POST request to set user password configuration information.
CLI Command
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no username testname password XTY&14op
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaUser | sys/userext/user-{[name]} |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Querying Password Configuration Information
Querying Password Configuration Information
GET http://<IP_Address>/api/mo/sys/userext/user-testname.json
{
"totalCount": "1",
"imdata": [
{
"aaaUserEp": {
"attributes": {
"childAction": "",
"descr": "",
"dn": "sys/userext",
"lcOwn": "local",
"modTs": "2015-06-29T17:20:01.622+00:00",
"monPolDn": "uni/fabric/monfab-default",
"name": "rootep",
"ownerKey": "",
"ownerTag": "",
"pwdMaxLength": "127",
"pwdMinLength": "4",
"pwdSecureMode": "yes",
"pwdStrengthCheck": "no",
"status": "",
"uid": "0"
}}}]}
GET: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:
<User-list>
<name>UserA</name>
<accountStatus>active</accountStatus>
<allowExpired>no</allowExpired>
<clearPwdHistory>no</clearPwdHistory>
<expiration>2020-12-01T00:00:00.000+00:00</expiration>
<expires>yes</expires>
<isSnmpNotify>no</isSnmpNotify>
<pwdLifeTime>0</pwdLifeTime>
<pwdSet>true</pwdSet>
<userdomain-items>
<UserDomain-list>
<name>all</name>
<role-items>
<UserRole-list>
<name>network-operator</name>
<privType>noDataPriv</privType>
</UserRole-list>
</role-items>
</UserDomain-list>
</userdomain-items>
</User-list>
DME Request
You use an HTTP GET request to retrieve aaaUserEp information. An aaaUserEp object is a user endpoint, which is a local user. A user is assigned a role, which determines the user's privileges, and belongs to a security domain, which determines the user's scope of control
In the switch MO database, the RN for the aaaUserExp object is /sys/userext.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
aaaUserEp Properties
The following table contains information about the aaaUserEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| childAction | mo:ModificationChildAction scalar:Bitmask32 | Delete or ignore. For internal use only. | SELECTION:
|
| descr | pol:Descr | Description of the specified attribute | |
| dn | reference:BinRef | A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module. | |
| lcOwn | NA | NA | NA |
| modTs | mo:TStamp (scalar:Date) | The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| monPolDn | reference:BinRef | The monitoring policy attached to this observable object. | |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| ownerKey | naming:Descr (string:Basic) | The key for enabling clients to own their data for entity correlation. | MAX SIZE: 128 |
| ownerTag | naming:Descr1024 (string:Basic) | A tag for enabling clients to add their own data. For example, to indicate who created this object. | MAX SIZE: 64 |
| pwdMaxLength | scalar:Uint16 | Password max length | RANGE: [0, 65535] DEFAULT: 127 |
| pwdMinLength | scalar:Uint16 | Password min length | RANGE: [0, 65535] DEFAULT: 8 |
| pwdSecureMode | aaa:Boolean (scalar:Enum8) | Password secure-mode | SELECTION: 0 - no 1 - yes DEFAULT: yes |
| pwdStrengthCheck | aaa:Boolean (scalar:Enum8) | The password strength check, which specifies if the system enforces the strength of the user password. | SELECTION: 0 - no 1 - yes DEFAULT: yes |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| uid | scalar:Uint16 | A unique identifier for this object. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring User Information
Configuring User Information
POST http://<mgmt0_IP>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"allowExpired": "no",
"expiration": "never",
"name": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<user-items>
<User-list>
<name>SampleString_123</name>
<allowExpired>no</allowExpired>
<expiration>never</expiration>
</User-list>
</user-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
username SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUser | sys/userext/user-[SampleString_123] |
| aaaUserEp | sys/userext |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| allowExpired | aaa:Boolean (scalar:Enum8) | Allow expired user to be configured | SELECTION: 0 - no 1 - yes DEFAULT: no |
| expiration | aaa:Date (scalar:Date) | Account Expiration Date | DATE FORMAT: %Y-%m-%dT%H:%M:%S.%f%z DEFAULT: never |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaUser | sys/userext/user-{[name]} |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| allowExpired | aaa:Boolean (scalar:Enum8) | Allow expired user to be configured | SELECTION: 0 - no 1 - yes DEFAULT: no |
| expiration | aaa:Date (scalar:Date) | Account Expiration Date | DATE FORMAT: %Y-%m-%dT%H:%M:%S.%f%z DEFAULT: never |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting User Information
Deleting User Information
POST http://<mgmt0_IP>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaUser": {
"attributes": {
"name": "SampleString_123",
"status": "deleted"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<user-items>
<User-list nc:operation="delete">
<name>SampleString_123</name>
</User-list>
</user-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no username SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUser | sys/userext/user-[SampleString_123] |
| aaaUserEp | sys/userext |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaUser | sys/userext/user-{[name]} |
aaaUser Properties
The following table contains information about the aaaUser properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Maximum Simultaneous Logins
Configuring Maximum Simultaneous Logins
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"attributes": {
"maxLogins": "5"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<maxLogins>5</maxLogins>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
user max-logins 5
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
aaaUserEp Properties
The following table contains information about the aaaUserEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| maxLogins | scalar:Uint32 | Maximum Simultaneous Logins | RANGE: [0 , 7] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
For detailed information about classes and attributes in the payload, see the NX-API DME Model Reference: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Maximum Simultaneous Logins
Deleting the Maximum Simultaneous Logins
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"attributes": {
"maxLogins": "0"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<maxLogins>0</maxLogins>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no user max-logins
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
aaaUserEp Properties
The following table contains information about the aaaUserEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| maxLogins | scalar:Uint32 | Maximum Simultaneous Logins | RANGE: [0 , 7] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
For detailed information about classes and attributes in the payload, see the NX-API DME Model Reference: https://developer.cisco.com/media/dme/index.html
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: