User Tools

Site Tools


public:importing_user_csv_file_via_xml_api

Importing User .csv file via XML API

*This fix is for firmware after v18.0 MR3 and v17.5 MR14

SFOS has an XML API that provides a way to automatically manage most objects and features that can be controlled via the Webadmin user interface, and User objects are no exception. The current work around to the old CSV import feature for bulk adding of on-device user accounts is to use this service. For more detailed explanation visit this site

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/124698/importing-user-definitions-into-xg-firewall-after-v18-0-mr3-and-v17-5-mr14

Enabling XML API on your firewall

1) Log in to your XG Firewall as an Administrator account

2) Go to Backup & firmwareAPI

3) Under API configuration, check the Enabled box

4) Under Allowed IP address, enter the IP address of the computer where you are going to run this program

Installing Python 3 and preparing dependencies

Install Python 3 on your computer

  • Python 3 comes built in to some Unix-based systems, including MacOS
  • For Windows systems, you can download and install the latest Python installer from https://www.python.org
  • For Linux distributions, your system's default package manager will almost certainly have a suitable package ready to install

For MacOS

Although Python 3 is now included in MacOS (since version 10.15), python 2 is still the default. To solve this run the program as python3 instead of python. When run this way you may get an error about missing the 'requests' module, in which case you can install the python3 version:

python3 -m pip install requests

For Windows

1) When installing Python on Windows, make sure to select the option to “Add Python to PATH” on the first screen of the installer. This will allow you to run python scripts from a Windows command prompt

2) After installation completes, open a new Command Prompt window

3) Install additional libraries that are required to run this program - run

C:\Users\John> pip install requests python-certifi-win32

4) If you have enabled TLS decryption on your XG Firewall and get a certificate error running this command, you can either create a decryption exclusion for the domain pypi.org or get a copy of your firewall's root CA certificate in a file and rerun the command as follows:

C:\Users\John> pip install requests python-certifi-win32 --cert mycacert.pem

Prepare your csv file

This script expects you to provide a csv file, with fields separated by commas. The file must have the following columns - Name, Username, Password, Email Address, Group:

Example:

Name,Username,Password,Email Address,Group
Nigel Brown,nbrown,Pa5s!w0rd19,nigel.brown@example.com,Open Group
Gina Lopez,glopez,e1Azjr8q9^21,gina.lopez@example.com,Open Group

Downloading and running the script

1) Download this zip and extract it to a directory on your computer. The rest of these instructions assume you saved it in 'Downloads', and that the csv file containing the users you want to add is in 'Documents' and called users.csv

2) Run the following command, substituting your firewall's hostname or IP address, admin username and password.

python3 Downloads/UserImport.py -f x.x.x.x -i Documents/users.csv -u admin -p A1B2c3d4!!E5 -a

3) If you see exception messages related to certificate trust issues, try running the same command again, but add '-n' as an additional command-line qualifier.

python3 Downloads/UserImport.py -f x.x.x.x -i Documents/users.csv -u admin -p A1B2c3d4!!E5 -a -n

Troubleshooting

1) If you get an error message of the connection timing out:

Confirm what port is being utilized in the Admin settings

1) Go to AdministrationAdmin and User Settings

2) Under Admin console and end-user interaction check the Admin console HTTPS port

* The default for the python program is port 4444

* If your port is different edit the text on line 175/6 of the Python code; it should then read

        callurl = ('https://' + stuff.firewall +
                 ':4444/webconsole/APIController')

2) My passwords do not meet password complexity

Line 36 (sci35), Status 510
   Invalid password - doesn't meet complexity requirements
   

1) Go to AdministrationAdmin and User SettingsUser password complexity settings

2) Disable Enable password complexity check

3) Reboot device and double check that Enable password complexity check is still disabled

4) Re-run the python command

public/importing_user_csv_file_via_xml_api.txt · Last modified: 2024/01/25 03:31 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki