Skip to main content

REST APIs for 24.2.20 and 24.2.10

LDAP Use Cases and Testing

This section provides some LDAP use cases and testing procedures.

Configure LDAP for SSL authentication

Use case 1:

Retrieve all LDAP configurations for the domain.

  1. Request format:GET /api/v2/authentication_settings/ldap_configs

  2. Possible parameters (drawn from REST API conventions):

    • Required: none

  3. Request Body: none

  4. Response format: JSON

  5. Response Code: 200 success

Use case 2:

Create LDAP server configuration.

  1. Request format: POST /api/v2/authentication_settings/ldap_configs

  2. Possible parameters (drawn somewhat from REST API Conventions):

    • Required: none

    • Optional: none

  3. Request Body:

    Single-PCE

    {
        "name": "ldap 1",
        "address": "ldap-1.ilabs.io",
        "port": "10636",
        "authentication_method": "LDAPS",
        "request_timeout_seconds": 4,
        "bind_distinguished_name": 'CN=admin,CN=Users,DC=ilabs,DC=io',
        "bind_password": 'test1234',
        "user_base_distinguished_name": 'DC=ilabs,DC=io',
        "username_attribute": 'sAMAccountName',
        "full_name_attribute": 'cn',
        "user_memberof_attribute": 'memberof',
        "tls_ca_bundle": "
        -----BEGIN CERTIFICATE-----
        MIIDhTCCAm2gAwIBAgIQYx+dZzQPBLdN6e8uqW2ByDANBgkqhkiG9w0BAQ0FADBJ
        .................................................................
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        MIIF7TCCBNWgAwIBAgITEgAAAEg0ToOKIywtOQAAAAAASDANBgkqhkiG9w0BAQ0F
        ....................................................................................
        -----END CERTIFICATE-----"
       }

    Supercluster

    {
        "pce_fqdn": "devmr01",
        "name": "ldap 1",
        "address": "ldap-1.ilabs.io",
        "port": "10636",
        "authentication_method": "LDAPS",
        "request_timeout_seconds": 4,
        "bind_distinguished_name": 'CN=admin,CN=Users,DC=ilabs,DC=io',
        "bind_password": 'test1234',
        "user_base_distinguished_name": 'DC=ilabs,DC=io',
        "username_attribute": 'sAMAccountName',
        "full_name_attribute": 'cn',
        "user_memberof_attribute": 'memberof',
        "tls_ca_bundle": "-----BEGIN CERTIFICATE-----
        MIIDhTCCAm2gAwIBAgIQYx+dZzQPBLdN6e8uqW2ByDANBgkqhkiG9w0BAQ0FADBJ
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        MIIF7TCCBNWgAwIBAgITEgAAAEg0ToOKIywtOQAAAAAASDANBgkqhkiG9w0BAQ0F
        -----END CERTIFICATE-----"	
}

  4. Response format: JSON

  5. Response Code:

  • 204 success

  • 403 not an org owner

  • 406 invalid params

Use case 3:

Update LDAP server configuration:

  1. Request format: PUT /api/v2/authentication_settings/ldap_configs/:uuid

  2. Possible parameters (drawn somewhat from REST API Conventions):

    • Required: uuid - LDAP server configuration UUID

    • Optional: none

  3. Request Body:

    {
"tls_ca_bundle":" 
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE------
----END CERTIFICATE-----"
}

  4. Response format: JSON

  5. Response Codes:

  • 204 success

  • 403 not an org owner

  • 404 LDAP config not found or attempt to update LDAP config in another domain

  • 406 invalid params

Test LDAP Server Connectivity

This section outlines the use of the API to verify the connectivity for a configured LDAP server in the PCE.

POST /api/v2/authentication_settings/ldap_configs/:uuid/verify_connection

where uuid indicates the LDAP server configuration UUID.

Request body: none

Response body:

If a server connection is verified successfully:

{
	"verified" :  true
}

If the server connection verification fails:

{
	"verified" :  false ,
	"errors" : [
	{
	"token" :  "ldap_server_verification_failure" ,
	"message" :  "LDAP server verification failure:  LDAP server error message"
	}
]
See also: