Osirium PAM Osirium PAM: Users

Summary

This module contains actions for reading user information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.

Actions

pam.users.

get_all

Get all users from the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of Users.

Example
1
2
3
- pam.users.get_all:
    pam_address: pam.internal.net
  save: all_users

pam.users.

get_all_profiles

Get all profiles the supplied user is assigned to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Profiles.

Example
1
2
3
4
- pam.users.get_all_profiles:
    pam_address: pam.internal.net
    user_id: 2
  save: profiles

pam.users.

get_by_id

Get a user using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A single User.

Example
1
2
3
4
- pam.users.get_by_id:
    pam_address: pam.internal.net
    user_id: 2
  save: user

pam.users.

get_by_username

Get a user using its username.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

username: the user's username

Output

A single User.

Example
1
2
3
4
- pam.users.get_by_username:
    pam_address: pam.internal.net
    username: example.user
  save: user

pam.users.

get_devices

Get all devices the supplied user has access to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Devices.

Example
1
2
3
4
- pam.users.get_devices:
    pam_address: pam.internal.net
    user_id: 2
  save: devices

pam.users.

get_direct_profiles

Get all profiles the supplied user is directly assigned to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Profiles.

Example
1
2
3
4
- pam.users.get_direct_profiles:
    pam_address: pam.internal.net
    user_id: 2
  save: direct_profiles

pam.users.

get_user_group_profiles

Get all profiles the supplied user is assigned to via a user group.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Profiles.

Example
1
2
3
4
- pam.users.get_user_group_profiles:
    pam_address: pam.internal.net
    user_id: 2
  save: user_group_profiles

pam.users.

get_user_groups

Get all user groups the supplied user is assigned to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of UserGroups.

Example
1
2
3
4
- pam.users.get_user_groups:
    pam_address: pam.internal.net
    user_id: 2
  save: user_groups

pam.users.

in_profile

Determine if the supplied user is in a particular profile.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user group

profile_id: the ID of the profile to check

Output

A boolean is outputted by this action:

  • true if the supplied user group is in the profile

  • false if the supplied user group is not in the group

Example
1
2
3
4
5
- pam.users.in_profile:
    pam_address: pam.internal.net
    user_id: 2
    profile_id: 10
  save: in_profile

pam.users.

input_table

Display users in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • Username
  • Email Address
  • Authentication Type
  • Enabled
  • Expires At

Minimum Plugin Version: 1.0.0

Input
  • text: The title of the table

  • users: a single or list of Users to display in the table

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A list of Users.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
- pam.users.get_all:
    pam_address: pam.internal.net
  save: all_users

- pam.users.input_table:
    text: Select a User
    minimum: 1
    maximum: 1
  load:
    users: all_users
  save: selected_users

pam.users.

output_table

Display users in a table.

The table will have the following columns:

  • Name
  • Username
  • Email Address
  • Authentication Type
  • Enabled
  • Expires At

Minimum Plugin Version: 1.0.0

Input
  • text: the title of the table

  • users: a single or list of Users to display in the table

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
- pam.users.get_all:
    pam_address: pam.internal.net
  save: all_users

- pam.user_groups.output_table:
    text: All Users
  load:
    groups: all_users

pam.users.

Search for users in the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Queries to use in the search

Output

A list of Users.

Example

Find all disabled users:

1
2
3
4
5
6
7
- pam.users.search:
    pam_address: pam.internal.net
    queries:
      - attribute: enabled
        query: is
        value: false
  save: disabled_users

Wildcard Queries

You can use the % character as a wildcard in the value of each query.