How to create user with python-gvm that uses LDAP authentication?

Hi all,

is the create_user function in python-gvm missing a parameter to choose LDAP-authentication for the user that is to be created?

The documentation doesn’t show a corresponding parameter.

I also noticed that although the “password” parameter is marked as optional the function throws an error “Response Error 400. Empty password”, when not passing a password.

I’m using the current version of python-gvm on pypi (23.4.0) and the Greenbone community containers.

Any help is appreciated.

David

Alright - so I took another look at the API documentation and did some digging in the source code and just want to share what I’ve found so far.

Apparently there is no native way to create a new user that uses LDAP as authentication source. But one can modify an existing local user to use LDAP. This is hinted at in the documentation of the modify_user function:

auth_source (Optional [ UserAuthType ]) – Source allowed for authentication for this user.

For some reason the “UserAuthType” object is undocumented. It should appear in the “Enums” section at the top of the documentation, but it is missing. I was able to find it in the source code though and worked my way backwards from there.

UserAuthType provides the following three constants:

FILE = "file"
LDAP_CONNECT = "ldap_connect"
RADIUS_CONNECT = "radius_connect"

So I endend up with the following (incomplete) construct:

# [...]
from gvm.protocols.gmpv224 import UserAuthType
# [...]
response = gmp.create_user(
    name = user_name,
    password = 'secret-password'
)

uuid = response.get("id")

response = gmp.modify_user(
    user_id = uuid,
    auth_source = UserAuthType.LDAP_CONNECT
)

As mentioned above the password argument for create_user is not optional, but has to be a non empty string. However if you don’t pass it again to modify_user it will be reset as stated in the documentation.

Hopefully this is helpful to someone coming across a similar problem.