Getting a list of Active Directory or LDAP servers

Ops Center Common Services REST API Reference Guide

Version
10.9.x
File Size
533 KB
Audience
anonymous
Part Number
MK-99OPS003-06
The following request gets a list of Active Directory or LDAP servers registered in Common Services.

Execution permission

You must be a system administrator or a security administrator.

Request line

GET base-URL/security/v1/external-user-storage

Request message

Object ID
None.
Query parameters
None.
Body
None.

Response message

Body
For Active Directory servers
[
    {
        "id": "1022c8b2-934e-4097-8112-64b0274a3653",
        "name": "ldap-srv2",
        "priority": 1,
        "userAuthenticationProtocol": "LDAP",
        "vendor": "ACTIVE_DIRECTORY",
        "connectionUrl": "ldaps://vm.ldap-srv2.soft.example.co.jp",
        "baseDn": "CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp",
        "bindDn": "admin@ldap-srv2.soft.example.co.jp",
        "bindPassword": null,
        "groupEntryDnList": [
            "CN=admins,CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp",
            "CN=users,CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp"
        ],
        "kerberosRealm": null,
        "enabled": true,
        "defaultGroupMappingEnabled": false,
        "config": null
    }
]
For LDAP servers
[
    {
        "id": "1022c8b2-934e-4097-8112-64b0274a3653",
        "name": "ldap-srv2",
        "priority": 1,
        "userAuthenticationProtocol": "LDAP",
        "vendor": "GENERAL",
        "connectionUrl": "ldaps://vm.ldap-srv2.soft.example.co.jp",
        "baseDn": "CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp",
        "bindDn": "admin@ldap-srv2.soft.example.co.jp",
        "bindPassword": null,
        "groupEntryDnList": null,
        "kerberosRealm": null,
        "enabled": true,
        "defaultGroupMappingEnabled": true,
        "config": {
            "usernameLDAPAttribute": "userPrincipalName",
            "rdnLDAPAttribute": "cn",
            "customUserSearchFilter": "(ou=Ops Center*)",
            "lastNameLDAPAttribute": "sn",
            "emailLDAPAttribute": "mail",
            "fullNameLDAPAttribute": "cn",
            "searchScope": "2",
            "uuidLDAPAttribute": "objectGUID",
            "userObjectClasses": "person, organizationalPerson"
        }
    }
]

Attribute

Type

Description

id

string

Object ID

name

string

Server name

priority

int

Priority

userAuthenticationProtocol

string

Authentication method

  • LDAP
  • Kerberos

vendor

string

Type of directory service

  • ACTIVE_DIRECTORY: Active Directory
  • GENERAL: Not Active Directory

connectionUrl

string

URL of the connection-destination Active Directory or LDAP server

baseDn

string

BaseDN

bindDn

string

Bind DN

bindPassword

string

Password for the bind DN

groupEntryDnList

string[]

List of DNs of the groups to be synchronized

If the value of the vendor attribute is GENERAL, the value null is always returned.

kerberosRealm

string

Realm name for Kerberos authentication

If the value of the userAuthenticationProtocol attribute is LDAP, the value null is always returned.

enabled

boolean

Whether the server setting is enabled

  • true: Enabled
  • false: Disabled

defaultGroupMappingEnabled

boolean

Whether the users imported from the Active Directory or LDAP server are allocated to the opscenter-users group

  • true: The users are allocated to the group.
  • false: The users are not allocated to the group.

config

object

Configuration information of the LDAP server

When the vendor attribute is ACTIVE_DIRECTORY, the value null is always returned.

When the vendor attribute is GENERAL, the following attributes are displayed:

  • usernameLDAPAttribute (string)

    The LDAP attribute allocated to the user ID

  • emailLDAPAttribute (string)

    The LDAP attribute allocated to the email address of the user account

  • lastNameLDAPAttribute (string)

    The LDAP attribute allocated to the last name of the user account

  • fullNameLDAPAttribute (string)

    The LDAP attribute allocated to the full name of the user account

    When information is set for the firstNameLDAPAttribute attribute, this attribute is not displayed.

  • firstNameLDAPAttribute (string)

    The LDAP attribute allocated to the first name of the user account

    When information is set for the fullNameLDAPAttribute attribute, this attribute is not displayed.

  • rdnLDAPAttribute (string)

    The LDAP attribute used as the RDN

  • uuidLDAPAttribute (string)

    The LDAP attribute used as the UUID

  • userObjectClasses (string)

    The object class of the users to be imported

  • searchScope (string)

    The range of hierarchy levels in which to search for the users to be imported

    • 1: One level

    • 2: Subtree

  • customUserSearchFilter (string)

    The search filter for narrowing down the users to be imported

Coding example

curl -v -X GET -s "https://example.com:443/portal/security/v1/external-user-storage" -H "Authorization:Bearer eyJhbxxx"
Tip: Because this request uses SSL communication, you must either run the curl command with the root certificate of the Common Services server certificate specified for the --cacert option, or run the command with the -k option specified. (The -k option runs the command by ignoring SSL errors.)