Updating account password through API ?

If you have Orion NPM 12.0 or Orion Platform 2016.2.100 then you should have the following verbs available to you on the "Orion.Accounts" entity

CreateOrionAccount which takes arguments  accountId and password

and

ChangePassword which takes arguments accountId and password

you will need admin rights on the server to call those verbs.

Hi derhally,

Thank you for the reply. I'm not sure about the verbs ? I've been using the API using queries such as these two lines (preceding code defines the connection to the server

# build query string

my $query = sprintf("SELECT Caption, IPAddress FROM Orion.Nodes n WHERE n.CustomProperties.xxxx = 'yyyy'");

my $response = $client->GET('/SolarWinds/InformationService/v3/Json/Query?query=' . uri_encode($query));

Or through the module : Net::SolarWinds::REST.

I'm not so familiar with verbs. If you could provide an example of how you use it, it would help a lot.

Best regards,

Example below shows how to call ChangePassword verb. I tested it for NPM 12.0.1 and works fine.

#!/usr/bin/perl

use strict;

use warnings;

use REST::Client;

use MIME::Base64;

use URI::Encode qw(uri_encode);

use JSON::Parse ':all';

use JSON;

################################################################################

# Configuration

################################################################################

my $username = 'domain\username';  # user/pass works too for local SW accounts

my $password = 'password_here';

my $hostname = 'your_hostname';

################################################################################

# Execution

################################################################################

my $client = REST::Client->new();

# don't verify SSL certs                                                                                                       

$client->getUseragent()->ssl_opts(verify_hostname => 0);                                                                       

$client->getUseragent()->ssl_opts(SSL_verify_mode => 'SSL_VERIFY_NONE');

# add authentication header

$client->setHost('https://' . $hostname . ':17778');

$client->addHeader('Authorization', 'Basic ' . encode_base64("$username:$password", ''));

# set account login and new password

my $accountId = 'account_login';  # e.g. guest

my $pwd = 'new_password';

#invoke verb

my @params = ($accountId , $pwd);

my $verbResponse = $client->POST('/SolarWinds/InformationService/v3/Json/Invoke/Orion.Accounts/ChangePassword',

  encode_json(\@params),

               {'Content-Type' => 'application/json',

                'Accept' => 'application/json'});

print 'Response: ' . $client->responseContent() . "\n";

print 'Response status: ' . $client->responseCode() . "\n";

Hello Tomas, thank you for your reply. This looks promising !

I found the corresponding documentation : http://solarwinds.github.io/OrionSDK/schema/Orion.Accounts.html

SolarWinds Information Service v3.0 Schema Documentation

It's getting easier to understand now. One question though :

how could one verify the current password before allowing a user to change it ?

I was not able to find a way to check if password is correct using verbs.

However this idea may work:

Check if user can log in using provided user name and password.

I would try to login with user login and password and execute simple query where authorization is not needed  (e.g. SELECT count(*) as c FROM Metadata.Entity).

Then I would check HTTP status response code:

print 'Response code: ' . $client->responseCode() . "\n";

status = 200 - all OK, user logged in

status = 403 - access problem (bad password, disabled or expired account).

Ok so I guess it has to be hardcoded. I'll implement this way. It should be an optional param to the verb (actualPassword)

Thanks, your help really made my day.

any idea if this can be done for cloud accounts were looking to auto rotate the shared passwords as we are currently doing it manually with AWS then updating solarwinds?

At this time, credential management operations in the API are limited to creating new credentials, not updating the passwords on existing ones. I'll add your vote to that feature request though.

tdanner​ looking at something similar, we have a customer (with NCM backups) who wants to update their device passwords every 10 or so days, and I am looking at a way to use the API to not only run the update scripts, but also to update the profile password. This functionality would be very helpful. Is there an actual feature request for this?

Yes. The internal tracking number is CORE-11083.