仅创建VPN用户和IBMid限制

时间:2017-03-02 22:36:24

标签: ibm-cloud-infrastructure

在SoftLayer引入IBMID身份验证后,我们对如何管理仅具有VPN状态的用户(userStatusID = 1022)感到困惑

用于创建客户门户网站用户的API服务是http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer/createObject,但注意到一个名为http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_OpenIdConnect/createObject的新服务

所以想知道 SoftLayer_User_Customer_OpenIdConnect 是否正在替换为 SoftLayer_User_Customer ,或者是否为#34; Legacy" SoftLayer帐户仍然使用客户门户用户名+密码架构与新帐户的IBMID身份验证。

使用python进行的一些测试表明,SoftLayer_User_Customer仍然有效,并且需要在API调用中将用户名指定为AccountNumber_user@domain.com,以及VPN用户的密码(即使文档声明' 注意,两个密码参数都不再使用')

...
def create_user(username,password,vpnPassword):
    userinfo = {
        'username': username,
        'firstName': 'FIRSTNAME',
        'lastName': 'USERNAME',
        'email': 'user@domain.com',
        'companyName': 'MyCompanyName',
        'address1': 'MyAddress1',
        'city': 'MyCity',
        'country': 'MyCountry',
        'postalCode': 'MyPostalCode',
        'userStatusId': 1022,
        'timezoneId': 117
    }
    created_user = client['SoftLayer_User_Customer'].createObject(
        userinfo,
        password,
        vpnPassword)
    return created_user
...
newUsername = '111111_user@domain.com'
vpn_password = '@VPN_4_pwd'
...
new_user = create_user(newUsername,password,vpn_password)
...

查看是否有人可以提供有关使用什么服务的说明以及创建VPN Only用户的正确方法,现在使用IBMid。

由于

2 个答案:

答案 0 :(得分:0)

Your method is fine for creating the user. Since both of the password parameters are now ignored upon creation, you must call updateVpnPassword after the user is created to set the VPN password.

I believe you must also set the sslVpnAllowedFlag attribute for the user and enable the SSL_VPN_ENABLED permission.

Your flow would be something like this:

  1. Create User
  2. Add SSL_VPN_ENABLED permission (addPortalPermission)
  3. Enable sslVpnAllowedFlag for user (editObject)
  4. Set VPN password (updateVpnPassword)

答案 1 :(得分:0)

SoftLayer_User_Customer::createObject方法适用于旧版用户,SoftLayer_User_Customer_OpenIdConnect::createObject方法适用于blueId用户。目前,使用这些服务中的任何一个都没有问题,但是有一些方法仅限于每种用户(legacy / blueId)

如果你想为用户设置vpn访问权限,首先你需要创建用户,然后你需要编辑它的标志,你可以尝试以下脚本,以便在一次运行中完成这个任务

"""
This script creates a VPN user

Important manual pages:
http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_OpenIdConnect/createObject
http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_OpenIdConnect/editUser

License: http://sldn.softlayer.com/article/License
Author: SoftLayer Technologies, Inc. <sldn@softlayer.com>
"""
import SoftLayer

# Your SoftLayer API username. and apiKey
USERNAME = 'set me'
API_KEY = 'set me'

# template for user
templateObject = {'address1': 'test',
                  'city': 'Tokyo',
                  'companyName': 'testCompany',
                  'country': 'JP',
                  'email': 'noreply@softlayer.com',
                  'firstName': 'user',
                  'lastName': 'test',
                  'postalCode': '114-123',
                  'timezoneId': 158,
                  'userStatusId': 1022,
                  'username': 'testrcv123'}

editTemplate = {'sslVpnAllowedFlag': 'true',
                  'pptpVpnAllowedFlag': 'true'}
# set password and vpn password
password = 'Password123*-'
vpnPassword = 'Password123*-'

# Declare the API client
client = SoftLayer.Client(username=USERNAME, api_key=API_KEY)
customerService = client['SoftLayer_User_Customer_OpenIdConnect']

try:
    user = customerService.createObject(templateObject, password, vpnPassword)
    print(user)
    editUser = customerService.editObject(editTemplate, id=user['id'])
    print("User edited?: %s" % editUser)
except SoftLayer.SoftLayerAPIError as e:
    print("Error faultCode=%s, faultString=%s" % (e.faultCode, e.faultString))
相关问题
最新问题