Re: API for LDAP Account units

Sigbjorn · ‎2020-05-28

Are there plans to implement API calls for LDAP account units?

I'm hoping to automate updating the service account password used to authenticate to the domain controller in a AD Query setup.

Or is there an 'unsupported' way to do this with the generic-object api ?

Timothy_Hall · ‎2020-05-28

You can probably do this with dbedit, but I wouldn't recommend going that route.

In case you haven't seen it, LDAP/AU objects are listed in the following thread along with other operations that can't be performed through the Management API, and must instead be accomplished through the SmartConsole/SmartDashboard:

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Functionality-API-vs-SmartConsole...

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

PhoneBoy · ‎2020-05-30

@Omer_Kleinstern any insights?

Omer_Kleinstern · ‎2020-06-01

We do not currently support LDAP Account units in Management API, it is in the future plans.

Unfortunately, it is not possible to do via generic-object API.

JozkoMrkvicka · ‎2020-06-01

May I guess? not supported even with R81 ?

Kind regards,
Jozko Mrkvicka

PhoneBoy · ‎2020-06-01

It wasn't listed in the R81 EA notes at least.

Sigbjorn · ‎2020-06-02

Thank you for the feedback.. We'll have to make a manual routine then.

cezar_varlan1 · ‎2022-12-12

I would make a movie of this process but it would hit the top 10 - how to waste time doing nothing useful charts.

When you define de LDAP server you need to first have an object defined. Then the object is selected from a drop-down list with no filter/search (think of a customer that has 20000 objects defined) and how you can choose just the starting letter. If the starting letter is for example naming convention for location and it is an A, how many scrolls is that?

Try to do this with countless Smart Console jams and blocks with maybe 5 min waiting time.

Then think of the customer having multiple geographies and 30+ AD Servers to add.

This takes me roughly 2 days to complete and hope that the Smart Console does not go "Not Responding" permanently.

cezar_varlan1 · ‎2022-12-12

Do try this, then please escalate and solve it. I will post the recording in a few days, it will be fun.

JozkoMrkvicka · ‎2022-12-12

I will name the relevant host object starting with "aaaaa", so it will be very first in the drop-down menu. Once selected and published, rename the "aaaaa" host object to your desired name based on naming convention.

Kind regards,
Jozko Mrkvicka

pmo · ‎2023-05-29

Hi Omer,

>it is in the future plans

Any news about this?

Is it possible in R81.10 or R81.20 API to create LDAP Account Units?

Timothy_Hall · ‎2023-05-30

Doesn't appear possible in the latest R81.20/v1.9 API, see my post here:

Functionality - Mgmt API vs. SmartConsole - Revisited for R81.20/v1.9

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

PhoneBoy · ‎2023-05-30

Not in R81.10 or R81.20.
I recommend engaging with your local Check Point office around this requirement.

Vincent_Bacher

In case anyone is interested:
Since the whole thing still hasn't been implemented, I did it all via psql_client and discovered in the process that you can also spit out the psql results nicely via json.

psql_client cpm postgres -t -c ‘SELECT json_agg(row_to_json(t)) FROM (SELECT name, objid as uid, domainid FROM dleobjectderef_data WHERE cpmitype = “ldap_au” AND dlesession = 0 AND NOT deleted) t;’ | jq .

If I could now send the whole thing to management with the run script, which either doesn't work or I haven't managed to do yet, then I would have a nice API workaround.

This works on multi-domain management. Due to a lack of standard management, I was unable to test it on such a system.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Are you a member of CheckMates?

API for LDAP Account units