API vs GUI - add/remove from group

Artur Sobczyk

October 14, 2021 14:39

When adding and removing a user from a primary group using GUI the use values go back to values before adding to a group.

When using Powershell and the documentation at https://support.cerberusftp.com/hc/en-us/articles/360005334400-Cerberus-Group-Modifications-with-PowerShell

When I add using powershell and then remove using powershell or through gui, some values are not being returned to the values before adding the group.

Namely:

- User Can Change Password goes from checked to unchecked

- Max Logins goes from Unlimited to 0 (cant login)

- Allowed protocols get all unchecked

Why are those values not remembered when using Powershell vs GUI ?

Comments

6 comments

Official comment
Permanently deleted user
Development

October 15, 2021 15:08
Hello Artur,

It looks like you've found a bug in the PowerShell example code:

Both instances of this line are incorrect:
```
{
   $existingUser.$propName = @{priority = "user"; prioritySpecified = $true}
}
```
Instead, they should read:
```
{
    $existingUser.$propName.priority = "user"; 
    $existingUser.$propName.prioritySpecified = $true
}
```
The previous code was incorrectly "blanking out" the 'value' of these properties.

We will get the documentation updated as soon as possible.

Thanks for bringing this to our attention!
Jeff Scott
Product Support

October 14, 2021 15:08
Hello Arthur,

Could you please provide us with a snippet of the code you are using when removing the users from a group? We are currently running some tests to see if there is something missing.
0

Artur Sobczyk

October 14, 2021 15:16

$newTestUserName = "xxx"
$newTestGroupName = "yyy"

[CerberusFtp.GetUserInformationRequest] $userInfoRequest = $requestWithCreds
$userInfoRequest.userName = $newTestUserName

[CerberusFtp.GetUserInformationResponse] $existingUserResponse = $CerberusSvc.GetUserInformation($userInfoRequest)

if (-not $existingUserResponse.result){
  Write-Error "Failed to find user $newTestUserName : $($existingUserResponse.message)"
} else {
  Write-Host "Successfully found $newTestUserName"
 
  $existingUser = $existingUserResponse.UserInformation

  $existingUser.groupList = @(@{name=$newTestGroupName})

  foreach ($propName in @( "authMethod"
                            "disableAfterTime"
                            "ipAllowedList"
                            "isAllowPasswordChange"
                            "isAnonymous"
                            "isDisabled"
                            "isSimpleDirectoryMode"
                            "maxLoginsAllowed"
                            "maxUploadFilesize"
                            "protocols"
                            "requireSecureControl"
                            "requireSecureData")
  ) {
    $existingUser.$propName = @{priority = "group"; prioritySpecified = $true}
  }

 [CerberusFtp.AddUserRequest] $modifyUserRequest = $requestWithCreds
  $modifyUserRequest.User = $existingUser

  [CerberusFtp.AddUserResponse] $modifyUserResponse = $CerberusSvc.AddUser($modifyUserRequest)

  if (-not $modifyUserResponse.result){
    Write-Error "Failed to update exiting user: $($modifyUserResposne.message)"
  } else {
    Write-Host "Successfully made $newTestUserName a member of $newTestGroupName"
  }
}

# remove from group
[CerberusFtp.GetUserInformationRequest] $getUserRequest = $requestWithCreds
$getUserRequest.userName = $newTestUserName

[CerberusFtp.GetUserInformationResponse] $getUserResponse = $CerberusSvc.GetUserInformation($getUserRequest)

if (-not $getUserResponse.result){
 Write-Error "Failed to retrieve user: $(getUserResponse.message)"
} else {
  Write-Host "Successfuly retrieved $($getUserResponse.UserInformation.name)"

  $existingUser = $getUserResponse.UserInformation
 
  if ($existingUser.groupList.Count -lt 1){
    Write-Error "Cannot remove user from group; user is not a member of any group"
  } else {
      $previousMembership = $existingUser.groupList
    $existingUser.groupList = @()
  
  foreach ($propName in @( "authMethod"
                         "disableAfterTime"
                         "ipAllowedList"
                         "isAllowPasswordChange"
                         "isAnonymous"
                         "isDisabled"
                         "isSimpleDirectoryMode"
                         "maxLoginsAllowed"
                         "maxUploadFilesize"
                         "protocols"
                         "requireSecureControl"
                         "requireSecureData")
 ) {
   $existingUser.$propName = @{priority = "user"; prioritySpecified = $true}
 }

     [CerberusFtp.AddUserRequest] $modifyUserRequest = $requestWithCreds
    $modifyUserRequest.User = $existingUser

    [CerberusFtp.AddUserResponse] $modifyUserResponse = $CerberusSvc.AddUser($modifyUserRequest)

    if (-not $modifyUserResponse.result){
      Write-Error "Failed to update exiting user: $($modifyUserResponse.message)"
    } else {
      Write-Host "Successfully removed $newTestUserName from $($previousMembership.name -join ', ')"
    }
  }
}

Artur Sobczyk

October 14, 2021 15:19
user "xxx" pre-exists

with no primary or secondary group

password never expires - yes

user can change password - yes

disabled - no

max logons - unlimited

allowed protocols - only https

group "yyy" prexists

members 0

user can change password - yes

disabled - yes

max logons - unlimited

protocols - only https
0
Jeff Scott
Product Support

October 14, 2021 19:20
Thanks, Artur. Our development team is reviewing this information, and we will provide an update as soon as we can. We appreciate your patience.
0
Artur Sobczyk

October 18, 2021 08:26
Yes, that works!

Thank you for fast response.
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?