Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gabriel_v
Participant

add user groups in R80.10 usign the web api

Hi, I need to add user groups to a R80.10 via the web api. I've been taking a look to this article ( https://community.checkpoint.com/docs/DOC-2844  ) that explain how to add users to an existing group using the generic object api. Unfortunately I cannot find any source of documentation for the generic object api syntax specifically for creating new user groups. Please, could someone help me with that ?

Thanks in advance.

5 Replies
Robert_Decker
Advisor

Hi,

Generic objects API is a temporary solution until there will be an appropriate API command for a specific class type.

Therefore, you should use the exact class-path for user group object and its fields - probably from GuiDbEdit utility.

Once you have this, you use the same syntax as in the referenced post.

Robert.

0 Kudos
gabriel_v
Participant

Hi Robert, thanks for your quick response. I'm not  familiar with the generic object api and I couldn't  find any available documentation about it so I don't know how to determine the appropriate class for the group objects. I can use GuiDbEdit to get the required fields but anyways there are fields present in the json that are missing in  group object on GuiDbEdit  like "userc". Any help would be appreciated 🙂

Thanks,

0 Kudos
PhoneBoy
Admin
Admin

The generic object API is not really documented.

You may be able to work out the right bits as well from this thread: Missing API possibility to set vpn-community-star objects 

Keep in mind the Generic Objects API has several caveats:

Disclaimer

These APIs provide direct access to different objects and fields in the database. As a result if an objects schema change, scripts that relied on specific schema fields may break.

 

As the generic-object(s) API calls have direct access to change different objects and fields in the database, they do not always provide data validation to ensure that the data added to the fields are following required format for this field. Therefore you have to ensure that the script or 3rd party system you are using to integrate with the management server is doing appropriate data validation before sending the API call.

 

When you have the option, always prefer to use the documented API calls and not the generic API calls as

  • They are doing data validation
  • They are documented
  • They are future compatible
  • They are tested
  • They are supported by Technical Assistance Center (TAC)

With this in mind, you might find it easier to use dbedit to do this, which can be invoked using a run-script API call: how to use the web api to run the run-script

Relevant documentation on dbedit: Editing the objects_5_0.C file via Check Point database editing utilities 

I can't find the exact syntax for adding a user to a group offhand, but the basic syntax to modify an attribute of a user (in this case, user joe.roberts, changing his color to black) is:

modify users joe.roberts color black
update_all

You can do multiple modify commands before doing a single update_all at the end.
You can also put all the dbedit commands in a file and do something like the following from the management to run it:

dbedit -local -f commands.txt

I would modify a couple of users by hand in SmartConsole so you know exactly what changes you need to make by reviewing $FWDIR/conf/users.C on the management.

dbedit has similar caveats to using the generic-object API. 

gabriel_v
Participant

Hi Dameon, It was imposible to add an user to a user group using dbedit, it always end up in a dbedit core dump, my guess is that something has changed in the database schema  on 80.10 and dbedit is not handling it properly. I found a workaround using the generic object api and guessing the class name.

{
"create":"com.checkpoint.objects.classes.dummy.CpmiUserGroup",
"name":"api-test-group-3"
}

this request seems to create a valid user group ( looks good on SmartConsole at least ).

Thanks,

PhoneBoy
Admin
Admin

Great to hear you got it working. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events