aradial user management http api v1 api request should use the following url format: ... which is...

Aradial User Management HTTP API Specification


©2008 Aradial This document contains proprietary and confidential information of Aradial and shall not be reproduced or transferred to other documents, disclosed to others, or used for any purpose other than that for which it is furnished, without the prior written consent of Aradial. It shall be returned to the Aradial upon request.

The trademark and service marks of Aradial, including the Aradial logo, are the exclusive property of Aradial, and may not be used without permission. All other marks mentioned in this material are the property of their respective owners.

Document Information

Software Version: 3.8 Document Version: 1.3 Publication Date: September 2008


Contents

1. Introduction.......................................................................................................................... 4 Document Purpose and Scope ................................................................................................... 4

2. Principles of the API ........................................................................................................... 5 HTTP Server............................................................................................................................... 5 HTTP Method............................................................................................................................. 5 URL Format................................................................................................................................ 5 Security........................................................................................................................................ 5 The Page Parameter.................................................................................................................... 6 Query Mechanism ...................................................................................................................... 6 Date and time formats ................................................................................................................ 8

3. User Management API ....................................................................................................... 9 Create User.................................................................................................................................. 9 Update User .............................................................................................................................. 12 Delete User................................................................................................................................ 19 Get User List ............................................................................................................................. 21 Get Single User......................................................................................................................... 24 Get User Online Sessions......................................................................................................... 26 Get User Session History ......................................................................................................... 29

4. Group management API .................................................................................................. 32 Create a group........................................................................................................................... 32 Update Group............................................................................................................................ 37 Delete a group........................................................................................................................... 40 Get Group List .......................................................................................................................... 42 Get a Single Group ................................................................................................................... 45

5. Dynamic Authorization APIs .......................................................................................... 47 Passive Disconnect a Session................................................................................................... 47 Radius Forwarder ..................................................................................................................... 49 Disconnect Session................................................................................................................... 50 Change of Authorization .......................................................................................................... 52 RADIUS User Request ............................................................................................................ 54 Disconnect User........................................................................................................................ 56


1. Introduction

Document Purpose and Scope This document describes the HTTP variant of Aradial User Management API. This API is used to manage user profiles in Aradial user database. The API provides CRUD (Create/Read/Update/Delete) operations for the user profile entity, and specifically it provides the following operations: • Add a user • Modify a user • Delete a user • Search for a user • Get user online sessions • Get user session history

The document includes the following chapters:

• Chapter 1 – Introduction • Chapter 2 – Principles of the API • Chapter 3 – Provides a detailed description of the User Management API • Chapter 4 – Group management APIs • Chapter 5 – Miscellaneous APIs


2. Principles of the API

HTTP Server The API is implemented by the Aradial Admin web server. This is the same server that implements the Aradial Admin application, although a separate instance of the server can be deployed to serve the API.

HTTP Method The API has the form of an HTTP request, with a POST or GET method. Except for the Add/Modify user operations, which must use the POST method, all other operations can use either POST or GET.

URL Format The API request should use the following URL format:

Example:

Security All API requests must include authentication information, according to the HTTP basic authentication scheme. The authentication information must point to an Aradial user with the “API” administration rights, which is a special type of user role that is used for the user management API. Example: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== Note: The user name and password are base64 encoded.

http://{address of Aradial Admin}:{Port Of Aradial Admin}/Admin

http://localhost:8000/Admin


NOTE: Aradial default database does not contain any user with an API admin rights. Therefore, before using the API, such a user must be created in the Aradial user database and used in all API invocations.

The Page Parameter The page parameter is used in all the API operations and is used determine the type of operation used by the request. Examples: • In order to update user information, the page name is "UserEdit" • In order to get user sessions, the page name is "UserSessions".

Query Mechanism The User Management API provides a mechanism for performing complex queries. A complex query is described using one or more HTTP parameters as described below: Name Description qdb_XXX A Parameter with the "qdb_" prefix describes an expression to be

included in the "where" clause of the query SQL statement that will be performed on the Aradial database. The XXX is the field name for which the value is checked. The relation operation associated with the parameter is equality (Match for Strings), except if specified otherwise (See the op_XXX parameter). The Field name may have on of the following formats: • fieldname – No type is specified, considered to be string • $fieldType$fieldName – The field type is specified, and may be

one of the following: o S – String o N – An integer number o F – Floating point number o D – Date. The date format should be according to the

"DateFormat" setting in the "Misc" configuration section, or "MM-DD-YY" if not specified.

o T – Time of day, should be in "hh[:mm][:ss] format o I - IP Address, should be in numeric format

(xxx.yyy.zzz.aaa) op_XXX A parameter with the "op_" prefix describes the relational operation to

do for a single qdb_ parameter. This parameter must be placed before the qdb_XXX parameter to which it relates. The operator should be one of the following: ">", "<" and "=".

qdb_clause This parameter is a simple expression that is added to the "where" part of the SQL select statement.


Query Samples Sample1 Query Parameters:

Resulting where clause:

Sample2 Query Parameters:


Sample3 Query Parameters:


qdb_Users.UserId=a%

Where Users.UserId = ‘a%’

op_$N$Users.TimeBank=> qdb_$N$Users.TimeBank=20 op_$N$Users.TimeBank=< qdb_$N$Users.TimeBank=50

Where Users.TimeBank > 20 and Users.TimeBank < 50

op_$N$Users.TimeBank=> qdb_$N$Users.TimeBank=20 op_$N$Users.TimeBank=< qdb_$N$Users.TimeBank=50 qdb_Clause=Users.GroupName in ("Group1", "Group2", "Group3")

Where Users.TimeBank > 20 and Users.TimeBank < 50 And Users.GroupName in ("Group1", "Group2", "Group3")


Date and time formats All date fields ($D$) can be sent either by the Date Format derived from the configuration settings format (not recommended), or by the following format:

For Date:

DYYYY-MM-DD

For Date Time:

TYYYY-MM-DD hh:mm:ss


3. User Management API This chapter provides detailed description of the User Management API operations. The parameters of each operation may have one of the following types: • M – Mandatory • O – Optional • C – Conditional. The parameter may be mandatory or not, depending on some condition,

which is specified in the parameter description. • OV – Optional for VOIP module only

Create User

Description Add a user profile to the Aradial user profile database.

Http Method Must be POST.

Parameters Name Description Type Page Selects the Create User operation. Must be

“UserEdit”. M

Add Indicates that this is an add operation. Must have a value of “1”.

M

Db_Users.UserId The user name for the new user. M Password The plain password of the new user. This

parameter is mandatory if Aradial is configured to store passwords locally. Otherwise it is not used.

C

PasswordEncryptionType If this option exists with non empty value, it is assumed that the "Password" field is already encrypted according to the numeric value as bellow: 0 - Plain password. 1 - Sha encrypted password. 2 -Unix Crypt (By DES) encryption password. 5 - Unix Crypt (By MD5) encryption password. 7 – Plain MD5 hash in hexadecimal form

O

AcceptPassword When specified, allows the password score to be lower then the password warning score. This parameter is used to skip the password scoring

O


mechanism. db_$N$Users.PasswordSource Indicate the source of the password: 0 –

According to the group, 1 – From the Aradial user entity record, 2 - Operation system, 3-LDAP database, 4 – Secure ID.

O

db_$N$Users.UserActive A Flag indicating whether the user is active (0 – Not Active, 1 – Active)

O

db_$D$Users.StartDate The user’s start date. O db_$D$Users.UserExpiryDate The user’s expiration date O db_$RS$Users.GroupName The user group name M db_$N$UserDetails.AdminType The user administration privilege type O db_Users.CallerID The user caller ID O db_Users.CallBackNumber The user call back number O db_$N$Users.UserService The user service number. Note that the parameter

must contain the number of the service, as defined in the Aradial NasCfgDbd configuration file.

O

db_$F$Users.KBBank The initial KB Bank value to set for the user (bytes)

O

db_$N$Users.UseKBBank A flag to indicate whether the KB bank is used or not (1 = Yes, 0 =No)

O

db_$N$Users.TimeBank The initial time bank value to set for the user (In seconds)

O

db_$N$Users.UseTimeBank A flag to indicate whether the time bank is used or not (1 = Yes, 0 =No)

O

RelativeExpirationTime The time of the expiration time relative to now O db_$F$Users.Balance The initial monetary balance to set for the user OV db_Users.TariffID The ID of the Tariff associate with the user. The

Tariff defines the rating plan used for the user OV

db_$I$Users.UserIP The remote IP of the user. O db_Users.FilterName The filter name. O db_Users.NASAttributes User level parameters used for personalized

authorization definitions. O

db_UserDetails.FirstName The user first name O db_UserDetails.LastName The user last name O db_UserDetails.Company The user company O db_UserDetails.Email The user email O db_UserDetails.Address1 The user address (Line 1) O db_UserDetails.Address2 The user address (Line 2) O db_UserDetails.City The user city O db_$GS$UserDetails.State The user state O db_$GS$UserDetails.Country The user country O db_UserDetails.Zip The user Zip O db_UserDetails.PhoneHome The user home phone number. O db_UserDetails.PhoneFax The user Fax number O db_UserDetails.CustomInfo1 Custom information O


db_UserDetails.CustomInfo2 Custom information O db_UserDetails.CustomInfo3 Custom information O db_UserDetails.CustomInfo4 Custom information O db_UserDetails.Comments Comments O

Return Result Success Result Following is the format of a success result:

Failure Result Following is the format of a failure result:

Example Add a user with a user name of "joe", password "1234", GroupName="Analog" and a Service of PPP (number 1). For the example, it is assumed that there is a user with name "API, that has "API" rights, and a password of "1111". The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111

<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="User" name="{UserId}" /> </Result>

<Result> <Status value="Error" /> <Operation type="added" /> <Reason value="{ErrorReason}" /> </Result>


Parameters:

The excepted return result is:

Update User

Description Update a user profile in the Aradial user profile database.


Parameters Name Description Type Page Selects the Update User operation. Must be

“UserEdit”. M

Modify Indicates that this is an update operation. Must have a value of “1”.

M

UserId The user name of the user to update. M Password The plain password of the new user. O PasswordEncryptionType If this option exists with non empty value, it is

assumed that the "Password" field is already encrypted according to the numeric value as bellow: 0 - Plain password. 1 - Sha encrypted password. 2 -Unix Crypt (By DES) encryption password.

O

Page=UserEdit Add=1 Db_Users.UserId=Joe Password=1234 db_$RS$Users.GroupName=Analog db_$N$Users.UserActive=1 db_$N$Users.UserService=1

<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="User" name="joe" /> </Result>


5 - Unix Crypt (By MD5) encryption password. 7 – Plain MD5 hash in hexadecimal form

AcceptPassword When specified, allows the password score to be lower then the password warning score. This parameter is used to skip the password scoring mechanism.

O

db_$N$Users.PasswordSource Indicate the source of the password: 0 – According to the group, 1 – From the Aradial user entity record, 2 - Operation system, 3-LDAP database, 4 – Secure ID.

O

db_$N$Users.UserActive A Flag indicating whether the user is active (0 – Not Active, 1 – Active)

O

db_$D$Users.StartDate The user start date. O db_$D$Users.UserExpiryDate The user expiration date O db_$RS$Users.GroupName The user group name O db_$N$UserDetails.AdminType The user administration privilege type O db_Users.CallerID The user caller ID O db_Users.CallBackNumber The user call back number O db_$N$Users.UserService The user service number. Note that the parameter

must contain the number of the service, as defined in the Aradial NasCfgDbd configuration file.

O

db_$I$Users.UserIP The remote IP of the user. O db_Users.FilterName The filter name. O db_$F$Users.KBBank An absolute KB Bank value to set for the user

(bytes) O

db_$FI$Users.KBBank An incremental KB Bank to add to the user (Instead of the previous option)

O

db_$N$Users.TimeBank An absolute time bank to set for the user (In seconds)

O

db_$NI$Users.TimeBank An incremental time bank to add for the user (In seconds) (Instead of the previous option)

O

RelativeExpirationTime Cause to either add the value to the expiration time, or relative to now in case the expiration time is NULL. (In seconds)

O

db_$F$Users.Balance An absolute monetary balance to give for the user OV db_$FI$Users.Balance An incremental monetary balance to add for the

user (Instead of the previous option) OV

db_Users.NASAttributes User level parameters used for personalized authorization definitions.

O

db_UserDetails.FirstName The user first name O db_UserDetails.LastName The user last name O db_UserDetails.Company The user company O db_UserDetails.Email The user email O db_UserDetails.Address1 The user address (Line 1) O db_UserDetails.Address2 The user address (Line 2) O


db_UserDetails.City The user city O db_$GS$UserDetails.State The user state O db_$GS$UserDetails.Country The user country O db_UserDetails.Zip The user Zip O db_UserDetails.PhoneHome The user home phone number. O db_UserDetails.PhoneFax The user Fax number O db_UserDetails.CustomInfo1 Custom information O db_UserDetails.CustomInfo2 Custom information O db_UserDetails.CustomInfo3 Custom information O db_UserDetails.CustomInfo4 Custom information O db_UserDetails.Comments Comments O UserLockout This parameter is used to Lock or Unlock a user: 1

– Lock, 0 - Unlock O



Example 1 – Modify user service Modify the service of the user “joe” to Rlogin (number 7 according to NasCfgDbs). The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111

<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="{UserId}" /> </Result>

<Result> <Status value="Error" /> <Operation type="updated" /> <Reason value="{ErrorReason}" /> </Result>


Parameters:


Example 2 – Locking a user Locking the user Joe

HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:


Example 3 – Unlocking a user Unlocking the user Joe

Page=UserEdit Modify=1 UserId=Joe db_$N$Users.UserService=1

<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="joe" /> </Result>

Page=UserEdit Modify=1 UserId=Joe UserLockout=1





Example 4 – Activating a user Make the user joe active


Page=UserEdit Modify=1 UserId=Joe UserLockout=0


Page=UserEdit Modify=1 UserId=Joe db_$N$Users.UserActive=1



Example 5 – Disabling a user Disable the user joe.



Example 6 – Change user group Change the group of user "joe" to "Wifi"

HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111


Page=UserEdit Modify=1 UserId=Joe db_$N$Users.UserActive=0



Parameters:


Page=UserEdit Modify=1 UserId=Joe db_$RS$Users.GroupName=Wifi



Delete User

Description Delete one or more users from the Aradial user database.

Http Method Get or POST.

Parameters Name Description Type Page Selects the Update User operation. Must be

“UserEdit”. M

ConfirmDelete Indicates that this is a delete operation. Must have a value of “1”.

M

$Delete${UserId} The parameter name contains the user name of the user to delete as a suffix. The parameter value should be “1”. Multiple such parameters can be used in order to perform delete of multiple users. Example: $Delete$joe

M



<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="User" name="{UserId}" /> </Result>

<Result> <Status value="Error" /> <Operation type="deleted" /> <Reason value="{ErrorReason}" /> </Result>


Example Delete the user “joe”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


Page=UserEdit ConfirmDelete=1 $Delete$Joe=1

<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="User" name="joe" /> </Result>


Get User List

Description Fetch a list of users according to some criterion. The query is defined using the query mechanism (see Query Mechanism for details) and may include any column from the Users and UserDetails Aradial database tables.

Http Method Get.

Parameters Name Description Type Page Selects the get user list operation. Must be

“UserHit”. M

RowNumber The row number of the result set to start from. This parameter can be used to browse a result set in case of large result sets. The default size of a returned result set is 20. This setting can be modified in Aradial Admin (Adv. Configuration/Interface/Number of Rows per Hit Page).

O

OnePage Returns the entire result set, regardless of its size. This parameter must have a value of 1. Note: This option is only available starting from Aradial version 3.17.

O

qdb_XXX See the Query Mechanism for details. O op_xxx See the Query Mechanism for details. O qdb_clause See the Query Mechanism for details. O



The result contains a set of <TR>…</TR> elements, one for each user in the result set. Each such element contains all the fields of the user from the Users and UserDetails tables. Failure Result Following is the format of a failure result:

Example Fetch all users with a username that begins with an “a”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111

<Users> <TR> <TD fieldName="Users.UserId">{User1-Id}</TD> <TD fieldName="Users.PasswordSource">{User1-PasswordSource}</TD> <TD fieldName="Users.Password">{User1-Password}</TD> . . </TR> . . <TR> <TD fieldName="Users.UserId">{UserN-Id}</TD> <TD fieldName="Users.PasswordSource">{UserN-PasswordSource}</TD> <TD fieldName="Users.Password">{UserN-Password}</TD> . . </TR> </Users>

<Result> <Status value="Error" /> <Operation type="" /> <Reason value="{ErrorReason}" /> </Result>


Parameters:


Page=UserHit qdb_Users.UserId=a%

<Users> <TR> <TD fieldName="Users.UserId">abraham</TD> <TD fieldName="Users.PasswordSource">0</TD> <TD fieldName="Users.Password"> password123</TD>

<TD fieldName="Users.GroupName">Analog</TD> . . </TR> . . <TR> <TD fieldName="Users.UserId">arnold12</TD> <TD fieldName="Users.PasswordSource">0</TD> <TD fieldName="Users.Password"> schwartzeneger</TD>

<TD fieldName="Users.GroupName">Wifi</TD> . . </TR> </Users>


Get Single User

Description Fetch a single user based on the user name of the user. This method is used for simple retrieval of users based on user name, while the Get User List may be used for more complex queries involving multiple users.

Http Method Get.

Parameters Name Description Type Page Selects the get user details operation. Must be

“UserEdit”. M

UserId The user name of the user to fetch. M


The result contains a set of <TD>…</TD> elements, one for each column of the user from the Users and UserDetails tables. Failure Result Following is the format of a failure result:

<User> <TD fieldName="Users.UserId">{User-Id}</TD> <TD fieldName="Users.PasswordSource">{User-PasswordSource}</TD> <TD fieldName="Users.Password">{User-Password}</TD> <TD fieldName="Users.GroupName">{User-GroupName}</TD> . . </User>



Example Fetch the user “joe”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


Page=UserEdit UserId=joe

<User> <TD fieldName="Users.UserId">joe</TD> <TD fieldName="Users.PasswordSource">0</TD> <TD fieldName="Users.Password"> password666</TD>

<TD fieldName="Users.GroupName">Analog</TD> . . <TD fieldName="UserDetails.FirstName">Joe</TD> <TD fieldName="UserDetails.LastName">Bent</TD> . . </User>


Get User Online Sessions

Description Fetch the list of the current online (active) sessions. Note that either the entire list of active session or the active sessions for a specific user are fetched.

Http Method Get.

Parameters Name Description Type Page Selects the get user online sessions operation.

Must be “Sessions”. M

UserId Fetch the active sessions for a specific user name. O SortBy Selects the sort order for the sessions. Valid

values: • NAS Name • Online Since • Time Online • User

O

Ascending Selects the sort direction of the result. Valid values are: • Ascending - default • Descending.

O


O


O



The result contains a set of <TR>…</TR> elements, one for each session in the result set. Failure Result Following is the format of a failure result:

Example Fetch all active sessions for the user DemoUser1. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111

<Sessions> <TR> <TD fieldName="UserId">{Session1-UserId}</TD> <TD fieldName="NasIndex">{Nas Index}</TD> <TD fieldName="NasID">{Nas ID}</TD> <TD fieldName="NASName">{Session1-NASName}</TD> <TD fieldName="NASPort">{Session1-NASPort}</TD> <TD fieldName="AcctSessionID">{Accounting Session ID}</TD> <TD fieldName="UserIndex">{The User index}</TD> <TD fieldName="GroupIndex">{The Group index}</TD> <TD fieldName="Service">{The Service}</TD> <TD fieldName="UserIP">{The User IP}</TD> <TD fieldName="StartTime>{Session1-StartTime}</TD> <TD fieldName="SessionTime">{Session1-SessionTime}</TD> </TR> . . </Sessions>



Parameters:


Page=Sessions UserId=DemoUser1

<Sessions> <TR>

<TD fieldName="UserId">DemoUser1</TD> <TD fieldName="NASIndex">1</TD> <TD fieldName="NASID">127.0.0.1</TD> <TD fieldName="NASName">NasSim</TD> <TD fieldName="NASPort">0</TD> <TD fieldName="AcctSessionId">180412</TD> <TD fieldName="UserIndex">1</TD> <TD fieldName="GroupIndex">4</TD> <TD fieldName="Service">WLAN-AP</TD> <TD fieldName="UserIP"></TD> <TD fieldName="StartTime">Sun 11:57</TD> <TD fieldName="SessionTime">01:15:19</TD>

</TR> </Sessions>


Get User Session History

Description Fetch a list of past sessions for a given user. The query is defined using the query mechanism (see Query Mechanism for details). The query may include any column from the AccountingLog, Users and UserDetails tables.

Http Method Get.

Parameters Name Description Type Page Selects the get user session history operation.

Must be “UserSessions”. M


O


O

qdb_XXX See the Query Mechanism for details. O op_xxx See the Query Mechanism for details. O qdb_clause See the Query Mechanism for details. O

Return Result Success Result


Following is the format of a success result:

The result contains a set of <TR>…</TR> elements, one for each session in the result set. Failure Result Following is the format of a failure result:

Example Fetch all sessions for DemoUser1 between the dates 1-1-2005 and 1-31-2005. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111


<UserSessions> <TR> <TD fieldName="UserId">{Session1-UserId}</TD> <TD fieldName="NASName">{Session1-NASName}</TD> <TD fieldName="NASPort">{Session1-NASPort}</TD> <TD fieldName="InTime>{Session1-InTime}</TD> <TD fieldName="Service">{Session1-Service}</TD> <TD fieldName="CallerId">{Session1-CallerId}</TD> <TD fieldName="AcctOutputOctets">{Session1-OutputOctets}</TD> <TD fieldName="AcctInputOctets">{Session1-InputOctets}</TD> <TD fieldName="FramedAddress">{Session1-FramedAddress}</TD> </TR> . . </UserSessions>


Parameters:


Page=UserSessions qdb_Users.UserId=DemoUser1 op_$D$AcctDate=> qdb_$D$AcctDate=1/1/2005 op_$D$AcctDate=< qdb_$D$AcctDate=1/31/2005

<UserSessions> <TR>

<TD fieldName="UserId">DemoUser1</TD> <TD fieldName="NASName">NasSim</TD> <TD fieldName="NASPort">1</TD> <TD fieldName="InTime">01/07/05 20:46:41 </TD> <TD fieldName="Service">PPP</TD> <TD fieldName="CallerId"></TD> <TD fieldName="AcctOutputOctets">0</TD> <TD fieldName="AcctInputOctets">0</TD> <TD fieldName="FramedAddress">255.255.255.254</TD>

</TR> <TR>

<TD fieldName="UserId">DemoUser1</TD> <TD fieldName="NASName">NasSim</TD> <TD fieldName="NASPort">1</TD> <TD fieldName="InTime">01/14/05 19:14:41 </TD> <TD fieldName="Service">PPP</TD> <TD fieldName="CallerId"></TD> <TD fieldName="AcctOutputOctets">0</TD> <TD fieldName="AcctInputOctets">0</TD> <TD fieldName="FramedAddress">255.255.255.254</TD>

</TR> </UserSessions>


4. Group management API

Create a group

Description Create a new group in the Aradial database.


Parameters Name Description Type Page Selects the Create Group operation. Must be

“GroupEdit”. M

Add Indicates that this is an add operation. Must have a value of “1”.

M

db_$RS$GroupName The Group name. M db_$N$IsSubGroup Indicate whether its SubGroup: 1- SubGroup,

0-Group M

db_$N$NASIndex The NAS Index, should be 0 if not SubGroup. O db_$N$Active Indicate whether the group is Active (1-

Active, 0-Not Active). O

db_$N$Service The default service ID that associated with this group.

O

db db_$N$EnableCallback A Flag indicating whether to enable callback (1 – Enable, 0 – Disabled)

O

db_IPPool The list of IP Pools that are used by this group. O db_$N$MultiSessionAsMultiLnk Indicate whether to treat multi session as

multilink (1 – Enable, 0 – Disabled) O

db_$RN$PasswordSource The Password source: 0 - According to default settings. 1- Aradial users database 2 - From OS 3 - From LDAP database 4 - From as Secure ID device 5 - No Password

O

db_$N$AutoAddOnFirstConnect Determine whether to AutoAdd the users on 1st connect. (1 – Enable, 0 – Disabled)

O


db_$I$RemoteIP The remote IP of the user. O db_FilterName The filter name. O db_CallerIDTemplate The CallerID template. O db_NASAttributes Group level parameters used for personalized

authorization definitions. O

db_$N$MaxTotGroupSess The maximum number of sessions for this group (0 – No Limit)

O

db_$N$MaxSameUserSess The maximum number of sessions for each user in this group (0 – No Limit)

O

db_$N$NoAccessBySesLimit A flag to determine whether to apply the session limit setting (1 = Yes, 0 =No)

O

db_$F$SessionLimit The session limit in seconds. O db_$F$IdleTime The session idle time O db_$N$BusinessEntityIndex The index of a business entity that is related to

this group. OV

db_$RN$AutoExpirePolicy The AutoExpire Policy: 0 - None 1- Minutes 2 - Hours 3 - Days

O

db_$N$AutoExpireTime The AutoExpire time (According to Policy). O db_$D$AcctStartDate The start date to accept this group. O db_$D$AcctExpireDate The end date to accept this group. O db_AfterAddUserCommand An operation to do when adding a user to this

group. O

db_$N$BlackList The Black List Id O db_$N$WhiteList The White List Id O db_OnUpdateCommand An operation to do when updating a user from

this group. O

db_AfterDelUserCommand An operation to do when deleting a user from this group

O

db_OnPasswordChangeCommand An operation to do when changing a password of a user in this group.

O

db_OnDeActiveCommand An operation to do when deactivating a user in this group.

O

db_OnReActiveCommand An operation to do when reactivating an user in this group

O




Example – Create a group Add a group with the name "Series1" that has Service of PPP (number 1) and limit the maximum user sessions to 1 The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111

<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="User" name="{GroupName}" /> </Result>

<Result> <Status value="Error" /> <Operation type="added" /> <Reason value="{ErrorReason}" /> </Result>


Parameters:


Example – Create a sub group Add a sub group to series1 for NAIndex 1. For that NAS, allow users to login twice. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:

Page=GroupEdit Add=1 db_$RS$GroupName=Series1 db_$N$IsSubGroup=0 db_$N$Active=1 db_$N$Service=1 db_$N$MaxSameUserSess=1 db_$N$MaxTotGroupSess=0

<Result> <Status value="Success" /> <Operation type="added" /> <Entity type="Group" name="Series1" /> </Result>

Page=GroupEdit Add=1 db_$RS$GroupName=Series1 db_$N$NASIndex=1 db_$N$Active=1 db_$N$Users.UserService=1 db_$N$MaxSameUserSess=2


Update Group

Description Update a group in the Aradial database.


Parameters Name Description Type Page Selects the Update Group operation. Must be

“GroupEdit”. M

Modify Indicates that this is an update operation. Must have a value of “1”.

M

GroupName The original Group name. M NASIndex The original NAS Index O db_$RS$GroupName The Group name. O db_$N$IsSubGroup Indicate whether it is a SubGroup: 1-

SubGroup, 0-Group O

db_$N$NASIndex The updated NAS Index, should be 0 if not SubGroup.

O

db_$N$Active Indicate whether he group Active (1- Active, 0-Not Active).

O

db_$N$Service The default service ID that associated with this group.

O

db db_$N$EnableCallback A Flag indicating whether to enable callback (1 – Enable, 0 – Disabled)

O

db_IPPool The list of IP Pools that are used by this group. O db_$N$MultiSessionAsMultiLnk Indicate whether to treat multi session as

multilink (1 – Enable, 0 – Disabled) O

db_$RN$PasswordSource The Password source: 0 - According to default settings. 1- Aradial users database 2 - From OS 3 - From LDAP database 4 - From as Secure ID device 5 - No Password

O

db_$N$AutoAddOnFirstConnect Determine whether to Auto Add the users on 1st connect. (1 – Enable, 0 – Disabled)

O

db_$I$RemoteIP The remote IP of the user. O db_FilterName The filter name. O db_CallerIDTemplate The CallerID template. O


db_NASAttributes Group level parameters used for personalized authorization definitions.

O

db_$N$MaxTotGroupSess The maximum number of sessions for this group (0 – No Limit)

O

db_$N$MaxSameUserSess The maximum number of sessions for each user in this group (0 – No Limit)

O

db_$N$NoAccessBySesLimit A flag to whether to apply the session limit setting (1 = Yes, 0 =No)

O

db_$F$SessionLimit The session limit in seconds. O db_$F$IdleTime The session idle time O db_$N$BusinessEntityIndex The index of a business entity that is related to

this group. OV

db_$RN$AutoExpirePolicy The Auto Expire Policy: 0 - None 1 - Minutes 2 - Hours 3 – Days

O

db_$N$AutoExpireTime The Auto Expire time (According to Policy). O db_$D$AcctStartDate The start date to accept this group. O db_$D$AcctExpireDate The end date to accept this group. O db_$N$BlackList The Black List Id O db_$N$WhiteList The White List Id O db_AfterAddUserCommand An operation to do when adding a user to this

group. O

db_OnUpdateCommand An operation to do when updating a user from this group.

O

db_AfterDelUserCommand An operation to do when deleting a user from this group

O

db_OnPasswordChangeCommand An operation to do when changing a password to a user in this group.

O

db_OnDeActiveCommand An operation to do when deactivating a user in this group.

O

db_OnReActiveCommand An operation to do when reactivating a user in this group

O


<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="User" name="{GroupName }" /> </Result>



Example 1 – Modify user service Modify the service of the Group “Series1” to Rlogin (number 7 according to NasCfgDbs). The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method POST Authentication API/1111 Parameters:


<Result> <Status value="Error" /> <Operation type="updated" /> <Reason value="{ErrorReason}" /> </Result>

Page=GroupEdit Modify=1 GroupName=Series1 db_$N$Service=7

<Result> <Status value="Success" /> <Operation type="updated" /> <Entity type="group" name="Series1" /> </Result>


Delete a group

Description Delete a group from the Aradial database.

Http Method Get or POST.

Parameters Name Description Type Page Selects the Update Group operation. Must be

“GroupEdit”. M

ConfirmDelete Indicates that this is a delete operation. Must have a value of “1”.

M

GroupName The group name to delete M NASIndex The NASIndex if SubGroup O



<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="group" name="{GroupName}" /> </Result>

<Result> <Status value="Error" /> <Operation type="deleted" /> <Reason value="{ErrorReason}" /> </Result>


Example Delete the group “Series1”. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


Page=GroupEdit ConfirmDelete=1 GroupName=Series1

<Result> <Status value="Success" /> <Operation type="deleted" /> <Entity type="group" name="Series1" /> </Result>


Get Group List

Description Fetch all the groups or all subgroups of a group

Http Method Get.

Parameters Name Description Type Page Selects the get group list operation. Must be

“GroupHit”. M

MainGroup The main group, in case of fetch a sub group. O


The result contains a set of <TR>…</TR> elements, one for each user in the result set. Each such element contains all the fields of the Group table.

<Groups> <TR> <TD fieldName="GroupName">{Group1-Id}</TD> <TD fieldName=" Service">{Group1-Service}</TD> <TD fieldName=" IPPool">{Group1- IPPoold}</TD> . . </TR> . . <TR> <TD fieldName="GroupName">{GroupN-Id}</TD> <TD fieldName=" Service">{GroupN-Service}</TD> <TD fieldName=" IPPool">{GroupN- IPPoold}</TD> . . </TR> </Groups>



Example – Fetch All main groups Fetch all Groups The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:



Page=GroupHit

<Groups> <TR> <TD fieldName="GroupName">Wifi 1</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool1</TD> . . </TR> . . <TR> <TD fieldName="GroupName">Analog</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool2</TD> . . </TR> </Groups>


Example – Fetch a sub group Fetch all SubGroups of the group "Analog" The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


Page=GroupHit MainGroup=Analog

<Groups> <TR> <TD fieldName="GroupName"> Analog </TD> <TD fieldName=" NASIndex">1</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Poo3</TD> . . </TR> . . <TR> <TD fieldName="GroupName">Analog</TD> <TD fieldName=" NASIndex">2</TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool4</TD> . . </TR> Groups>


Get a Single Group

Description Fetch a single group based on the GroupName or GroupName and NASIndex

Http Method Get.

Parameters Name Description Type Page Selects the get user details operation. Must be

“UserEdit”. M

GroupName The group name to fetch. M NASIndex The NAS Index, if Sub Group O


The result contains a set of <TD>…</TD> elements, one for each column of the group. Failure Result Following is the format of a failure result:

Example Fetch the Group “Wifi”.

<Group> <TD fieldName="GroupName"> {Name} </TD> <TD fieldName=" Service">{Service}</TD> <TD fieldName=" IPPool">{Pools}</TD> . . </Group>



The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


<Group> <TD fieldName="GroupName"> Wifi </TD> <TD fieldName=" Service">1</TD> <TD fieldName=" IPPool">Pool1</TD> . . </Group>

Page=GroupEdit GroupName=Wifi


5. Dynamic Authorization APIs

Passive Disconnect a Session

Description Do a passive disconnect to a specific session. See "Get User Online Sessions" in order to fetch the correct session.

Http Method Get or Post.

Parameters Name Description Type Page Selects the "Session Delete" operation. Must be

“SessionDelete”. M

NasId The NAS ID (From the fetch) M NasPort The NAS Port (From the fetch) M AcctSessId The Accounting session ID (From the fetch) M


Failure Result

<Result> <Status value="Success" /> <Operation type="DeleteSession" /> </Result>


Following is the format of a failure result:

Example Delete the Session with NASId= 127.0.0.1, NasPort=200 and Account session ID=Sess00001. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


<Result> <Status value="Success" /> <Operation type="DeleteSession" /> </Result>


Page= SessionDelete NasId = 127.0.0.1 NasPort=20 AcctSessId=Sess00001


Radius Forwarder

Description A generic method to send a Radius request on the Radius server.


Parameters Name Description Type Page Selects the "Radius Forwarder" operation. Must be

“RadForward”. M

Rad_ReqCode The radius request code. M Rad_SuccessCode The response code to consider as success M RadAttr_{Attribute Name} A radius attribute to populate in the request.

Where: • Attribute Name – The Radius Attribute

name.

O




<Result> <Status value="Success" /> <Operation type="RadForward" /> </Result>


Disconnect Session

Description Causes to disconnect a single session. This is done using a PoD request from the server to the NAS.



“RadForward”. M

Rad_ReqCode The radius request code. Must be "40" for this case.

M

Rad_SuccessCode The response code to consider as success, Must be "41" for this case.

M

RadAttr_User-Name The UserName to disconnect. M RadAttr_Client-Id The Client Identifier M

RadAttr_NAS-Port-Id The NAS port ID O RadAttr_Acct-Session-Id The Accounting Session ID M






Example – Send POD request to a single user session Send a PoD request for the session "Session001", Port "200", Client Identifier "127.0.0.1" and user "Joe". The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


<Result> <Status value="Success" /> <Operation type=" RadForward " /> </Result>

Page= RadForward Rad_ReqCode =40 Rad_SuccessCode=41 RadAttr_User-Name=joe RadAttr_Client-Id=127.0.0.1 RadAttr_NAS-Port-Id=200 RadAttr_Acct-Session-Id=Session001


Change of Authorization

Description Sends a Change of Authorization (CoA) message to the NAS to change the authorization parameters of a specific session. This is done using a CoA request from the RADIUS server to the user session.



“RadForward”. M

Rad_ReqCode The radius request code. Must be "43" for this case.

M

Rad_SuccessCode The response code to consider as success. Must be "44" for this case.

M

RadAttr_User-Name The UserName associated with the session. M RadAttr_Client-Id The Client Identifier M

RadAttr_Acct-Session-Id The Accounting Session ID M CoA-Service The name of the CoA service to use for the CoA

message. This service is defined in NasCfgDbs as a System Service.

M

RadAttr_NAS-Port-Id The NAS port ID O





Example – Send CoA request for system service “CoA- Session-Timeout” Send a CoA request to the session "Session001", Port "200", Client Identifier "127.0.0.1" and user "Joe" using the “CoA-Session-Timeout” system service. The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:


<Result> <Status value="Success" /> <Operation type=" RadForward " /> </Result>

Page= RadForward Rad_ReqCode =43 Rad_SuccessCode=44 RadAttr_User-Name=joe RadAttr_Client-Id=127.0.0.1 RadAttr_NAS-Port-Id=200 RadAttr_Acct-Session-Id=Session001 CoA-Service=CoA-Session-Timeout



RADIUS User Request

Description A generic method to send a RADIUS request to all of the sessions of a given user.

This method loops over the user sessions and for each one, sends a RADIUS request that contains the “User-Name”, “Client-Id", “NAS-Port-Id”, “Acct-Session-Id” RADIUS attributes and a set of custom attributes according to the HTTP parameters with the “RadAttr_” prefix.



“RadForward”. M

Rad_ReqCode The radius request code. M UserId The UserId M RadAttr_{Attribute Name} A RADIUS attribute to populate in the request in

addition to “User-Name”, “Client-Id", “NAS-Port-Id” and “Acct-Session-Id”. Where: • Attribute Name – The RADIUS Attribute

name.

O


<Result> <Status value="Success" /> <Operation type="RadUserRequest" /> </Result>


Disconnect User

Description Causes to disconnect all users sessions using RADIUS User Request. This is done using POD from the server to all User Sessions.


Parameters Name Description Type Page Selects the "RADIUS User Request" operation.

Must be “RadUserRequest”. M

Rad_ReqCode The RADIUS request code. Must be "40" for this case.

M

UserId The User Name to disconnect. M



Example 1 – Send POD request to all user sessions Send POD request to all sessions of the user "Joe"




The following HTTP request will be used: HTTP Variable Value URL http://localhost:8000/Admin Method GET Authentication API/1111 Parameters:



Page=RadUserRequest Rad_ReqCode =40 UserId=joe

aradial user management http api v1 api request should use the following url format: ... which is...

Documents