LDAP endpoints
Sections
Use the v2 ds (directory service) endpoint to get information about
the LDAP directory service connection.
Use the v1 LDAP endpoints to test the connection and replace LDAP settings.
GET /ds
Get information about your directory service. Authentication is required.
Request format
When Forming RBAC API requests to this endpoint, the request is a
basic call with authentication, such
as:
curl GET 'https://$(puppet config print server):4433/rbac-api/v2/ds' \
-H "X-Authentication:$(puppet-access show)"Copied!Response format
Returns an array of objects, where each object represenst a currently-configured LDAP
servers. For example, this response contains information for one LDAP
server:
[
{
"id": "6e33eb78-820f-463a-a65c-e1ef291d59a8",
"help_link": "https://help.example.com",
"ssl": true,
"group_name_attr": "name",
"group_rdn": null,
"connect_timeout": 15,
"user_display_name_attr": "cn",
"disable_ldap_matching_rule_in_chain": false,
"ssl_hostname_validation": true,
"hostname": "ldap.example.com",
"base_dn": "dc=example,dc=com",
"user_lookup_attr": "uid",
"port": 636,
"login": "cn=ldapuser,ou=service,ou=users,dc=example,dc=com",
"group_lookup_attr": "cn",
"group_member_attr": "uniqueMember",
"ssl_wildcard_validation": false,
"user_email_attr": "mail",
"user_rdn": "ou=users",
"group_object_class": "groupOfUniqueNames",
"display_name": "Acme Corp Ldap server",
"search_nested_groups": true,
"start_tls": false
}
] Copied!Returns an empty array if no LDAP servers are configured.
You must have the directory_service:edit permission
to view all fields; otherwise, only the display name of the directory server is
returned.
For information about each setting, refer to External directory settings.
For errors, refer to RBAC service errors.