Tutorial: Using the Command Line to Bulk Update User Configurations
Bulk edit user configurations in Access Server 3.0 using the API or confdba. Export, modify, and reimport settings ot update multiple users at once.
Overview
This tutorial explains how to bulk edit user configurations in Access Server 3.x. You can update multiple users at once by exporting their configurations, modifying the data, and importing them back using either the Web API or the confdba tool.
Prerequisites
Access Server 3.0.x installed.
Console access and the ability to get root privileges.
(Optional) A remote machine for running API calls.
Existing Access Server user accounts.
Access Server 3.0 introduces new API endpoints for managing user properties and access rules in bulk:
/userprop/set— Set user properties./userprop/access/set— Set user access control rules.
This tutorial uses the sacli apicall command, but you can also use cURL or the Swagger UI. Refer to Tutorial: Test the New Web API (OpenAPI) in Access Server 3.0.
1.1 Edit user properties
Example Goal
brandonqa: local auth + admin privilegeslaurenqa: autologin enabled
Connect to the Access Server console and get root privileges.
Create a JSON file:
nano userpropset.json
Add the following data to this new file:
[ {"name": "brandonqa","auth_method": "local","admin": "true"}, {"name": "laurenqa","autologin": "true"} ]Save and exit (
Ctrl+x,y,Enter).Apply the changes:
sacli --value_file "/root/userpropset.json" --method POST --url 'api/userprop/set' apicall
Verify:
sacli UserPropGet
Example output:
"brandonqa": { "prop_superuser": "true", "type": "user_compile", "user_auth_type": "local" }, "laurenqa": { "prop_autologin": "true", "type": "user_connect"
Tip
We are storing the script in the
rootdirectory.If you want to perform API calls via the cURL command or using the embedded Swagger UI, refer to Tutorial: Test the New Web API (OpenAPI) in Access Server 3.0, and use the content of
userpropset.json fileas the data/schema values.
1.2 Edit access control rules
Example Goal
brandonqa: Allow access to 192.0.2.10 via NAT.laurenqa: Allow access to 192.0.2.20 via ROUTE.
Create the JSON file:
nano userpropacl.json
Add:
{ "items_set": [ { "username": "brandonqa", "access_route": { "type": "nat", "accept": true, "subnet": { "netip": "192.0.2.10", "prefix_length": 32, "ipv6": false, "service": [] } }, "type": "access_to_ipv4" }, { "username": "laurenqa", "access_route": { "type": "route", "accept": true, "subnet": { "netip": "192.0.2.20", "prefix_length": 32, "ipv6": false, "service": [] } }, "type": "access_to_ipv4" } ] }Save and exit (
Ctrl+x,y,Enter).Apply the changes:
sacli --value_file "/root/userpropacl.json" --method POST --url 'api/userprop/access/set' apicall
Verify:
sacli UserPropGet
Example output:
"brandonqa": { "access_to.0": "+NAT:192.0.2.10", "prop_superuser": "true", "type": "user_compile", "user_auth_type": "local" }, "laurenqa": { "access_to.0": "+ROUTE:192.0.2.20", "prop_autologin": "true", "type": "user_compile"
Tip
We are storing the script in the
rootdirectory.If you want to perform API calls via the cURL command or using the embedded Swagger UI, refer to Tutorial: Test the New Web API (OpenAPI) in Access Server 3.0, and use the content of
userpropset.json fileas the data/schema values.
Tip
This method also works for previous Access Server versions.
Example Goal
brandonqa: Allow access to 192.0.2.10 via NAT.laurenqa: Allow access to 192.0.2.20 via ROUTE.
Export the current user configuration:
sacli UserPropGet > userprop.json
Edit
userprop.jsonusingnano, or copy it to a remote machine for editing.Modify the file by adding the necessary access rules. Example modified file:
{ "__DEFAULT__": { "prop_autogenerate": "true", "type": "user_default" }, "brandonqa": { "access_to.0": "+NAT:192.0.2.10", "type": "user_compile" }, "laurenqa": { "access_to.0": "+ROUTE:192.0.2.20", "type": "user_compile" }, "openvpn": { "prop_superuser": "true", "pvt_password_digest": "...", "type": "user_compile", "user_auth_type": "local" } }Apply the updated file:
/usr/local/openvpn_as/scripts/confdba -ulf /root/userprop.json
Verify the changes:
sacli UserPropGet