Lelio, I guess it depends on your approach and your security perspective like another poster here mentioned.
In UCM 11.5 there is supposed to be an AXL Read Only role, so while you could potentially leak data with this role, you would not have too much trouble damage. I use a specific application user credential with AXL access for some of my UCM scripts. I wrote one that lets us prowl through devices, combined with network and phone statistics from another server, which was written in Perl - using this credential. Others are more "interactive" - I have a series of scripts that I use for other purposes and I intake credentials at the shell for those: - Bulk setting user profiles, setting self-service IDs to match Primary Extension if not set, bulk enabling for IM and Presence - Trolling through user and device objects and looking for settings that are deviant or updating them - Searching for speed dial, BLF, or lines by "label" (still can't do this from the Admin application for whatever reason) I use the AXL API for this and have tried my best to stay away from the SQL functions, using the documented functions though they don't always work as expected. Unity Connection's API is significantly worse for a lot of operations, so you do end up having to come through the CLI to run queries (as far as I know) which means I'm not putting the administrator credentials into a file somewhere. I use that one primary to grab user IDs that have voicemail for other operations, or to reset the LDAP integration bubble as Connection will drop users out who disappeared out of sync, and does not pick back up on them when they re-appear. In that case I pull a list of users via the CLI since you can't really "search" all of them, check their group membership in LDAP, report, and, if they've dropped out, use JSON to set ldap_type to 3. Plenty of things out there that can save you a bit of time for bulk operations or even nuance changes. BTW would you mind if you have a bit of time shooting me a mail on the outcome of running your users through Expressway exclusively for Jabber (I think this was you?) I may have to do that myself. Best, Adam Pawlowski SUNYAB NCS >Message: 11 >Date: Fri, 1 Sep 2017 02:40:27 +0000 >From: Lelio Fulgenzi <le...@uoguelph.ca> >To: Brian Meade <bmead...@vt.edu> >Cc: Stephen Welsh <stephen.we...@unifiedfx.com>, cisco-voip > <cisco-voip@puck.nether.net> >Subject: Re: [cisco-voip] Automatically exporting just the DN and > Description fields >Message-ID: <dd831c09-8829-4198-b02a-ed0e0d0e3...@uoguelph.ca> >Content-Type: text/plain; charset="utf-8" > >Agreed. Amazing. This might actually give me what I need to start thinking >about programming some scripts. > >Silly question though. > >Passwords. Do you store these in your scripts? Do you pass them via an >argument read from a file? How do you ensure this password is not "revealed" >to those who shouldn't see it? _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
