Conz Absent Member.
Absent Member.
2014 views

Push proxy rights through SOAP (PHP?)

I have an urgent(obviously=p) need to push full proxy rights for a specific user to all our Groupwise accounts.
Does anyone have a script that can do this for all or a single user or has an example on how to access GW over SOAP with PHP and possibly with the trusted key ?
PHP is the only modern language that I can manage to build something from scratch but I have never used SOAP before and I'd like to not accidentally delete the entire PO 😉
Labels (1)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

It is quite cumbersome to use PHP to make SOAP requests.
There is a developer that got it working.
(You can search previous postings to find his library.)
Normally giving proxy rights of a user to every account is not a recommended
approach.
Normally you would use a trusted application.

That is about as much as I can offer.
Preston



>>>


> I have an urgent(obviously=p) need to push full proxy rights for a
> specific user to all our Groupwise accounts.
> Does anyone have a script that can do this for all or a single user or
> has an example on how to access GW over SOAP with PHP and possibly with
> the trusted key ?
> PHP is the only modern language that I can manage to build something
> from scratch but I have never used SOAP before and I'd like to not
> accidentally delete the entire PO 😉


0 Likes
Conz Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

Is there something that can do this already out there ?
I found a php client in the SDK and I've been tinkering with it, but I have a feeling I'm sending the wrong login request. If I can successfully log in it should be easy to send further SOAP requests.

When I send the login request I get the following: code: 53509 - Directory Services Data missing
I botched together the login request by just hardcoding the trusted name and Key and I am supplying my own login name as the 'username' (supposedly it doesn't need a user password like this ?)

Original:

public function loginRequest(loginRequest $loginReq) {
$s = new SoapClient( NULL, array(
"location" => $this->location,
"uri" => "http://schemas.novell.com/2005/01/GroupWise/methods",
"trace" => true ) );
$pt = array(
"username" => $loginReq->auth->username,
"password" => $loginReq->auth->password );
$login = new SoapVar( $pt, SOAP_ENC_OBJECT, "PlainText",
"http://schemas.novell.com/2005/01/GroupWise/types", "auth" );
$lang = new Soapvar( $loginReq->language, XSD_LANGUAGE, NULL, NULL, "language" );
$ver = new Soapvar( $loginReq->version, XSD_DECIMAL, NULL, NULL, "version" );
$app = new Soapvar( $loginReq->application, XSD_STRING, NULL, NULL, "application" );

return $s->__soapCall( 'loginRequest', array( $login, $lang, $ver, $app));
}

Hackjob version:
public function loginRequest(loginRequest $loginReq) {
$s = new SoapClient( NULL, array(
"location" => $this->location,
"uri" => "http://schemas.novell.com/2005/01/GroupWise/methods",
"trace" => true ) );
$pt = array(
"username" => $loginReq->auth->username,
"name" => "<T-APP NAME>",
"key" => "<KEY>");

$login = new SoapVar( $pt, SOAP_ENC_OBJECT, "TrustedApplication",

"http://schemas.novell.com/2005/01/GroupWise/types", "auth" );
$lang = new Soapvar( $loginReq->language, XSD_LANGUAGE, NULL, NULL, "language" );
$ver = new Soapvar( $loginReq->version, XSD_DECIMAL, NULL, NULL, "version" );
$app = new Soapvar( $loginReq->application, XSD_STRING, NULL, NULL, "application" );

return $s->__soapCall( 'loginRequest', array( $login, $lang, $ver, $app));
}


If anyone has any ideas with what I might be doing wrong here that would be greatly appreciated.



Preston Stephenson;2442966 wrote:
It is quite cumbersome to use PHP to make SOAP requests.
There is a developer that got it working.
(You can search previous postings to find his library.)
Normally giving proxy rights of a user to every account is not a recommended
approach.
Normally you would use a trusted application.

That is about as much as I can offer.
Preston
0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

You would need to do a SOAP trace to see what was actually sent.
The error is indicating that it doesn't accept the trusted name and key that
you sent.
Preston


>>>


> Is there something that can do this already out there ?
> I found a php client in the SDK and I've been tinkering with it, but I
> have a feeling I'm sending the wrong login request. If I can
> successfully log in it should be easy to send further SOAP requests.
>
> When I send the login request I get the following: code: 53509 ‑
> Directory Services Data missing
> I botched together the login request by just hardcoding the trusted name
> and Key and I am supplying my own login name as the 'username'
> (supposedly it doesn't need a user password like this ?)
>
> Original:
>>
>> public function loginRequest(loginRequest $loginReq) {
>> $s = new SoapClient( NULL, array(
>> "location" => $this‑>location,
>> "uri" => "http://schemas.novell.com/2005/01/GroupWise/methods",
>> "trace" => true ) );
>> $pt = array(
>> "username" => $loginReq‑>auth‑>username,
>> "password" => $loginReq‑>auth‑>password );
>> $login = new SoapVar( $pt, SOAP_ENC_OBJECT, "PlainText",
>> "http://schemas.novell.com/2005/01/GroupWise/types", "auth" );
>> $lang = new Soapvar( $loginReq‑>language, XSD_LANGUAGE, NULL, NULL,
>> "language" );
>> $ver = new Soapvar( $loginReq‑>version, XSD_DECIMAL, NULL, NULL,
>> "version" );
>> $app = new Soapvar( $loginReq‑>application, XSD_STRING, NULL, NULL,
>> "application" );
>>
>> return $s‑>__soapCall( 'loginRequest', array( $login, $lang, $ver,
>> $app));
>> }
>>

> Hackjob version:
>> public function loginRequest(loginRequest $loginReq) {
>> $s = new SoapClient( NULL, array(
>> "location" => $this‑>location,
>> "uri" => "http://schemas.novell.com/2005/01/GroupWise/methods",
>> "trace" => true ) );
>> $pt = array(
>> "username" => $loginReq‑>auth‑>username,
>> "name" => "<T‑APP NAME>",
>> "key" => "<KEY>");
>>
>> $login = new SoapVar( $pt, SOAP_ENC_OBJECT, "TrustedApplication",
>> "http://schemas.novell.com/2005/01/GroupWise/types", "auth" );
>> $lang = new Soapvar( $loginReq‑>language, XSD_LANGUAGE, NULL, NULL,
>> "language" );
>> $ver = new Soapvar( $loginReq‑>version, XSD_DECIMAL, NULL, NULL,
>> "version" );
>> $app = new Soapvar( $loginReq‑>application, XSD_STRING, NULL, NULL,
>> "application" );
>>
>> return $s‑>__soapCall( 'loginRequest', array( $login, $lang, $ver,
>> $app));
>> }
>>

>
> If anyone has any ideas with what I might be doing wrong here that would
> be greatly appreciated.
>
>
>
> Preston Stephenson;2442966 Wrote:
>> It is quite cumbersome to use PHP to make SOAP requests.
>> There is a developer that got it working.
>> (You can search previous postings to find his library.)
>> Normally giving proxy rights of a user to every account is not a
>> recommended
>> approach.
>> Normally you would use a trusted application.
>>
>> That is about as much as I can offer.
>> Preston
>>


0 Likes
Conz Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

I tried the SOAP trace but it's logging everything but the request being made (or I just can't find it).
I'll try again with all the other SOAP using services turned off but for now I only have the HTTP request made from a packet capture.
This is looking different than the one in the SDK docs with the added 'ns1' tags but *supposedly* SOAP should understand this too. The values I removed should be correct.


POST /soap HTTP/1.1
Host: groupwise:7191
Connection: Keep-Alive
User-Agent: PHP-SOAP/5.3.3
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://schemas.novell.com/2005/01/GroupWise/methods#loginRequest"
Content-Length: 946

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://schemas.novell.com/2005/01/GroupWise/methods" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns2="http://schemas.novell.com/2005/01/GroupWise/types" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:loginRequest>
<auth xsi:type="ns2:TrustedApplication">
<username xsi:type="xsd:string">MYUSERNAME</username>
<name xsi:type="xsd:string">REDACTED</name>
<key xsi:type="xsd:string">REDACTED</key>
</auth>
<language xsi:type="xsd:language">en</language>
<version xsi:type="xsd:decimal">1.2</version>
<application xsi:type="xsd:string">phpClient</application>
</ns1:loginRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Preston Stephenson;2442991 wrote:
You would need to do a SOAP trace to see what was actually sent.
The error is indicating that it doesn't accept the trusted name and key that
you sent.
Preston
0 Likes
Conz Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

Little update, turns out the POA needs a restart to get the new Trusted key active.
Restarted the POA and it gives me a successful login.
0 Likes
Conz Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

Going step by step here, I've managed to log in and request a list of all system users quite easily once I figured out the restart thing.
Now from reading the SDK docs I *think* I need to send a 'createProxyAccessRequest'
But I can't make out how I can send this as a different user while being a trusted app.
The example shows:
createProxyAccessRequest> 
<entry>
<displayName>u4</displayName>
<email>u4@phantom.com</email>
<uuid>66301550-175B-0000-890F-6E00D5004E00</uuid>


But I believe that is all the info for the person you are granting access to (which I can get from the list)
Is there a command I haven't found yet that allows me to switch to another 'active user' for the trusted session ?
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

The trusted application just allows you to login as a certain person without
knowing that person's password.

You would log into the person you want others to be able to access.
You would then create a record for each of the users that you want to access
that user's account.

Preston



>>>


> Going step by step here, I've managed to log in and request a list of
> all system users quite easily once I figured out the restart thing.
> Now from reading 'the SDK docs'
> (https://www.novell.com/documentation/groupwise_sdk/gwsdk_gwwebservices/
> data/b7m3i4v.html)
> I *think* I need to send a 'createProxyAccessRequest'
> But I can't make out how I can send this as a different user while being
> a trusted app.
> The example shows:
>
> Code:
> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
> createProxyAccessRequest>
> <entry>
> <displayName>u4</displayName>
> <email>u4@phantom.com</email>
> <uuid>66301550‑175B‑0000‑890F‑6E00D5004E00</uuid>
> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
>
>
> But I believe that is all the info for the person you are granting
> access to (which I can get from the list)
> Is there a command I haven't found yet that allows me to switch to
> another 'active user' for the trusted session ?


0 Likes
Conz Absent Member.
Absent Member.

Re: Push proxy rights through SOAP (PHP?)

I had that suspicion on my way home from work, time to go for broke.
Thanks a lot for your help, I really appreciate it 🙂

Preston Stephenson;2443124 wrote:
The trusted application just allows you to login as a certain person without
knowing that person's password.

You would log into the person you want others to be able to access.
You would then create a record for each of the users that you want to access
that user's account.

Preston


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.