Configuring, Deleting, and Querying User Information

Setting User Information

Setting User Information

POST http://<IP_Address>/api/mo/sys/userext.json

{
 "aaaUserEp": {
  "children": [
    {
      "aaaUser": {
        "attributes": {
          "allowExpired": "no",
          "expiration": "2020-12-01T00:00:00.000+00:00",
          "expires": "yes",
          "name": "UserA",
          "pwd": "xcvF!tryu",
          "pwdEncryptType": "clear"
}}}]}}

{
    imdata:[]
}

<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
  <userext-items>
    <user-items>
      <User-list>
        <name>UserA</name>
        <allowExpired>no</allowExpired>
        <expiration>2020-12-01T00:00:00.000+00:00</expiration>
        <expires>yes</expires>
        <pwd>xcvF!tryu</pwd>
        <pwdEncryptType>clear</pwdEncryptType>
      </User-list>
    </user-items>
  </userext-items>
</System>

The aaaUser object sets the user information for a specified, user. The MO for the user is an MO with a name that has the format user-<username>, where username is the name of the user.

Note: This example was added in Release 7.0(3)I7(2).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

username UserA password xcvF!tryu
username UserA expire 2020-12-01e

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a User

Deleting a User

POST http://<IP_Address>/api/mo/sys/userext.json

{
 "aaaUserEp": {
   "children": [
    {
      "aaaUser": {
        "attributes": {
          "name": "testname",
          "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
  <userext-items>
    <user-items>
      <User-list xc:operation="delete">
        <name>testname</name>
      </User-list>
    </user-items>
  </userext-items>
</System>

Note: This example was added in Release 7.0(3)I7(2).

You can use an POST request to set user password configuration information.


CLI Command

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no username testname password XTY&14op

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying Password Configuration Information

Querying Password Configuration Information

GET http://<IP_Address>/api/mo/sys/userext/user-testname.json

{
  "totalCount": "1",
  "imdata": [
    {
      "aaaUserEp": {
        "attributes": {
          "childAction": "",
          "descr": "",
          "dn": "sys/userext",
          "lcOwn": "local",
          "modTs": "2015-06-29T17:20:01.622+00:00",
          "monPolDn": "uni/fabric/monfab-default",
          "name": "rootep",
          "ownerKey": "",
          "ownerTag": "",
          "pwdMaxLength": "127",
          "pwdMinLength": "4",
          "pwdSecureMode": "yes",
          "pwdStrengthCheck": "no",
          "status": "",
          "uid": "0"
}}}]}

GET:  http://<IP_Address>/restconf/data/Cisco-NX-OS-device:

<User-list>
    <name>UserA</name>
    <accountStatus>active</accountStatus>
    <allowExpired>no</allowExpired>
    <clearPwdHistory>no</clearPwdHistory>
    <expiration>2020-12-01T00:00:00.000+00:00</expiration>
    <expires>yes</expires>
    <isSnmpNotify>no</isSnmpNotify>
    <pwdLifeTime>0</pwdLifeTime>
    <pwdSet>true</pwdSet>
    <userdomain-items>
        <UserDomain-list>
            <name>all</name>
            <role-items>
                <UserRole-list>
                    <name>network-operator</name>
                    <privType>noDataPriv</privType>
                </UserRole-list>
            </role-items>
        </UserDomain-list>
    </userdomain-items>
</User-list>


DME Request\n

You use an HTTP GET request to retrieve aaaUserEp information. An aaaUserEp object is a user endpoint, which is a local user. A user is assigned a role, which determines the user's privileges, and belongs to a security domain, which determines the user's scope of control

In the switch MO database, the RN for the aaaUserExp object is /sys/userext.

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html