'update-user.sh' Script Source Code

#!/bin/bash
###########################################################################
# update-user.sh                                                          #
# This script demonstrates how to use the ISE ERS Update Internal User    #
# API by executing a curl Linux command.                                  #  
#                                                                         #
# USAGE:                                                                  #
# 'update-user.sh <username> <password>                                   #
#                             <ise-ip-address> <user-id> <userxml file>'  #
#                                                                         #
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION!                #
# The curl -k switch allows connections to SSL sites without trusting     #
# the server certificates.                                                #
# For production, it is required to add certificate check.                #                                         
###########################################################################

if [ $# -ne 5 ]
  then
    echo "Missing Arguments, Expected: update-user.sh <username> <password> \
<ise-ip-address> <user-id> <path to xml file of internaluser in xml representation>"
    exit	
fi

echo "about to update internaluser id: "$4 " on server: "$3" username: " $1", file contains user in xml representation: "$5

curl -v -X PUT -k -H 'Content-type: application/vnd.com.cisco.ise.identity.internaluser.1.2+xml' \
         https://$1:$2@$3:9060/ers/config/internaluser/$4 -d "$( cat $5 )" 

Script Execution

>update-user.sh ers password 10.56.52.187 d7799da0-d2c8-11e2-a70b-005056a43a36 updated-user.xml
about to update internaluser id: d7799da0-d2c8-11e2-a70b-005056a43a36 on server: 10.56.52.187 username:  ers,
     file contains user in xml representation: updated-user.xml
* About to connect() to 10.56.52.187 port 9060
*   Trying 10.56.52.187... connected
* Connected to 10.56.52.187 (10.56.52.187) port 9060
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Request CERT (13):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*        subject: /CN=pmbu-dev-vm47.cisco.com
*        start date: 2013-06-02 10:19:58 GMT
*        expire date: 2014-06-02 10:19:58 GMT
*        common name: pmbu-dev-vm47.cisco.com (does not match '10.56.52.187')
*        issuer: /CN=pmbu-dev-vm47.cisco.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'ers'
> PUT /ers/config/internaluser/d7799da0-d2c8-11e2-a70b-005056a43a36 HTTP/1.1
> Authorization: Basic ZXJzOmRlZmF1bHQxQQ==
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 10.56.52.187:9060
> Accept: */*
> Content-type: application/vnd.com.cisco.ise.identity.internaluser.1.2+xml
> Content-Length: 468
>
> <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
> <ns3:internaluser
>        xmlns:ns2 = "ers.ise.cisco.com"
>        xmlns:ns3 = "identity.ers.ise.cisco.com"
>        name = "newuser"
>        description = "updated description">
>        <changePassword>true</changePassword>
>        <customAttributes/>
>	 <enablePassword>qWeRtY12345</enablePassword>
>        <enabled>false</enabled>
>        <firstName>updatedFN</firstName>
>        <lastName>updatedLN</lastName>
>        <password>aAbBcC123</password>
> 	 <passwordIDStore>newExternalIDStore</passwordIDStore>
>        <expiryDateEnabled>true</expiryDateEnabled>
>        <expiryDate>2016-12-11</expiryDate>
> </ns3:internaluser>HTTP/1.1 200 OK
< Pragma: No-cache
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 UTC
< Set-Cookie: JSESSIONIDSSO=0BC725E54383F7B1C08B2B6461BED951; Path=/; Secure
< Set-Cookie: JSESSIONID=7F160907CEC234207C0AF06F7E1CCD79; Path=/ers; Secure
< Date: Tue, 11 Jun 2013 19:08:56 GMT
< Content-Type: application/vnd.com.cisco.ise.ers.updatedfields.1.0+xml
< Content-Length: 559
< Server:
Connection #0 to host 10.56.52.187 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:updatedFields xmlns:ns2 = "ers.ise.cisco.com">
       <updatedField field = "description">
              <newValue>updated description</newValue>
              <oldValue>created using curl demo</oldValue>
       </updatedField>
       <updatedField field = "firstName">
              <newValue>updatedFN</newValue>
              <oldValue>firstn</oldValue>
       </updatedField>
       <updatedField field = "lastName">
              <newValue>updatedLN</newValue>
              <oldValue>lastn</oldValue>
       </updatedField>
       <updatedField field = "enabled">
              <newValue>false</newValue>
              <oldValue>true</oldValue>
       </updatedField>
       <updatedField field="passwordIdStore">
               <newValue>newExternalIDStore</newValue>
          <oldValue>Internal Users</oldValue>
       </updatedField>
         <updatedField field="expiryDateEnabled">
              <newValue>true</newValue>
              <oldValue>false</oldValue>
       </updatedField>
       <updatedField field="expiryDate">
              <newValue>2016-12-11</newValue>
              <oldValue>2016-05-03</oldValue>
       </updatedField>
</ns2:updatedFields>