This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Import users into Advanced Authentication Local DB

Dear Community,

our client has newly installed Advanced Authentication and does not have any eDir or AD base.

The client has used competitive product with 1000+ users, which we want to migrate to AA. Since as written above the client does not have any external DB we would like to import those users directly to AA Local.

I would like to know if this is possible anyhow and maybe if anyone tried to import CSV somehow or write directly to AA local database. We have to make this as fast as possible so I would kindly ask for your help if someone has any experience with importing into local AA database on premise.

With kind regards,

Sebastian Novak

  • Suggested Answer

    0  

    Hello Sebastian,

    The best way to approach this is to use the API, if you can export the users to some sort of list or CSV file, then:

    Tracing the admin portal for adding a user to the local db.. This API is being called.

     

    https://aaserver.example.com/rest/admin/api/local_users

    POST method

    {

      "id": null,

      "loginame": "username",

      "fname": "John",

      "lname": "Doe",

      "desc": "test account",

      "password": "password",

      "confirmation": "password",

      "last_fail_at": "",

      "is_locked": false,

      "errors": {}

    }

     

    The server responds with

    {

        "id": "0daf67166cf511ee8f6f0242ac110002",

        "loginame": "username",

        "fname": "John",

        "lname": "Doe",

        "desc": "test account",

        "repo_id": "2917e52c96b211ea916a0242ac110003",

        "repo": {

            "id": "2917e52c96b211ea916a0242ac110003",

            "name": "LOCAL",

            "tenant_name": "TOP",

            "class_name": "LocalRepo",

            "config": {

                "tenant_name": "TOP",

                "fast_sync_enabled": true,

                "sync_data": {

                    "last_full_sync_result": "",

                    "last_full_sync_error": "",

                    "last_fast_sync_result": "",

                    "last_fast_sync_error": ""

                }

            }

        }

    }

    You could write an utility to create the users from a list and assign them a common password. We would need to satisfy the value for loginame and password to generate entries in the local db.

    Also you could do this with Postman by using the CSV to provide “test” data. You can have postman repeatedly call the API then.

    Hope that helps.

    Thanks.

    Regards,

    Luciano Testa

  • 0 in reply to   

    Dear Luciano,

    I have tried to do this call via postman but I keep getting error 404. When doing it from AdminUI it works like you wrote.

    I am using next curl generated by postman:

    curl --location 'aa.unicode.si/.../local_users' \
    --header 'Accept: application/json, text/javascript, */*;q=0.01' \
    --header 'Host: aa.unicode.si' \
    --header 'Pragma: no-cache' \
    --header 'Origin: https://aa.unicode.si' \
    --data '{
        "id":null,
        "loginame":"VPN-Test-Cajkovski",
        "fname":"Cajkovski",
        "lname":"Test",
        "desc":"Account imported from CSV",
        "password":"random generated",
        "confirmation":"random generated",
        "last_fail_at":"",
        "is_locked":false,
        "errors":{}
    }'
    Can you maybe see if I missed something out? Maybe I should add some kind of authentication session in cookie or something like that?
    With kind regards,
    Sebastian Novak

     

  • 0   in reply to 

    This is an undocumented admin API. So you would need to first login as a user that is full admin prior to making the call to add users to the local db.

    You could also try to use SLAnalyser to automate this.

    For this we would suggest that you use the browser developer tools or fiddler and trace the logon to the admin portal to see what is required for logon to the admin API.