Execution permission
You must be a system administrator or a security administrator.
Request line
GET base-URL/security/v1/external-user-storage/object-ID-of-the-server
Request message
Response message
- Body
-
- For an Active Directory server
-
{ "id": "1022c8b2-934e-4097-8112-64b0274a3653", "name": "ldap-srv2", "priority": 1, "userAuthenticationProtocol": "LDAP", "vendor": "ACTIVE_DIRECTORY", "connectionUrl": "ldaps://vm.ldap-srv2.soft.example.co.jp", "baseDn": "CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp", "bindDn": "admin@ldap-srv2.soft.example.co.jp", "bindPassword": null, "groupEntryDnList": [ "CN=admins,CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp", "CN=users,CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp" ], "kerberosRealm": null, "enabled": true, "defaultGroupMappingEnabled": false, "config": null }
- For an LDAP server
{ "id": "1022c8b2-934e-4097-8112-64b0274a3653", "name": "ldap-srv2", "priority": 1, "userAuthenticationProtocol": "LDAP", "vendor": "GENERAL", "connectionUrl": "ldaps://vm.ldap-srv2.soft.example.co.jp", "baseDn": "CN=Users,DC=ldap-srv2,DC=soft,DC=example,DC=co,DC=jp", "bindDn": "admin@ldap-srv2.soft.example.co.jp", "bindPassword": null, "groupEntryDnList": null, "kerberosRealm": null, "enabled": true, "defaultGroupMappingEnabled": true, "config": { "usernameLDAPAttribute": "userPrincipalName", "rdnLDAPAttribute": "cn", "customUserSearchFilter": "(ou=Ops Center*)", "lastNameLDAPAttribute": "sn", "emailLDAPAttribute": "mail", "fullNameLDAPAttribute": "cn", "searchScope": "2", "uuidLDAPAttribute": "objectGUID", "userObjectClasses": "person, organizationalPerson" } }
Attribute
Type
Description
id
string
Object ID of the Active Directory or LDAP server
name
string
Server name
priority
int
Priority
userAuthenticationProtocol
string
Authentication method
- LDAP
- Kerberos
vendor
string
Type of directory service
- ACTIVE_DIRECTORY: Active Directory
- GENERAL: Not Active Directory
connectionUrl
string
URL of the connection-destination Active Directory or LDAP server
baseDn
string
BaseDN
bindDn
string
Bind DN
bindPassword
string
Password for the bind DN
groupEntryDnList
string[]
List of DNs of the groups to be synchronized
If the value of the vendor attribute is GENERAL, the value null is always returned.
kerberosRealm
string
Realm name for Kerberos authentication
If the value of the userAuthenticationProtocol attribute is LDAP, the value null is always returned.
enabled
boolean
Whether the server setting is enabled
- true: Enabled
- false: Disabled
defaultGroupMappingEnabled
boolean
Whether the users imported from the Active Directory or LDAP server are allocated to the opscenter-users group
- true: The users are allocated to the group.
- false: The users are not allocated to the group.
config
object
Configuration information of the LDAP server
When the vendor attribute is ACTIVE_DIRECTORY, the value null is always returned.
When the vendor attribute is GENERAL, the following attributes are displayed:
- usernameLDAPAttribute (string)
The LDAP attribute allocated to the user ID
- emailLDAPAttribute (string)
The LDAP attribute allocated to the email address of the user account
- lastNameLDAPAttribute (string)
The LDAP attribute allocated to the last name of the user account
- fullNameLDAPAttribute (string)
The LDAP attribute allocated to the full name of the user account
When information is set for the firstNameLDAPAttribute attribute, this attribute is not displayed.
- firstNameLDAPAttribute (string)
The LDAP attribute allocated to allocated to the first name of the user account
When information is set for the fullNameLDAPAttribute attribute, this attribute is not displayed.
- rdnLDAPAttribute (string)
The LDAP attribute used as the RDN
- uuidLDAPAttribute (string)
The LDAP attribute used as the UUID
- userObjectClasses (string)
The object class of the users to be imported
- searchScope (string)
The range of hierarchy levels in which to search for users to be imported
-
1: One level
-
2: Subtree
-
- customUserSearchFilter (string)
The search filter for narrowing down the users to be imported
Coding example
curl -v -X GET -s "https://example.com:443/portal/security/v1/external-user-storage/1022c8b2-934e-4097-8112-64b0274a3653" -H "Authorization:Bearer eyJhbxxx"