Docs Grey arrow pointing right Puppet Enterprise Grey arrow pointing right Managing access Grey arrow pointing right RBAC API Grey arrow pointing right RBAC API v2 Grey arrow pointing right LDAP endpoints Grey arrow pointing right

LDAP endpoints

Sections

Use the v2 ldap endpoints to get information about your LDAP directory service connections.

Use the v1 LDAP endpoints to test and configure LDAP connections.

GET /ldap

Get details of configured LDAP connections. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, the request is a basic call with authentication, for example:
curl "https://$(puppet config print server):4433/rbac-api/v2/ldap" -H "X-Authentication:$(puppet-access show)"Copied!

Response format

A successful request returns an array of objects in which each object represents one LDAP server's External directory settings. For example, this response contains information for one LDAP server:
[
  {
    "help_link": "",
    "ssl": false,
    "group_name_attr": "name",
    "group_rdn": "ou=groups",
    "connect_timeout": 10,
    "user_display_name_attr": "*",
    "disable_ldap_matching_rule_in_chain": false,
    "ssl_hostname_validation": true,
    "hostname": "ldap.internal",
    "base_dn": "dc=glauth,dc=com",
    "user_lookup_attr": "cn",
    "port": 3893,
    "login": "cn=serviceuser,ou=svcaccts,dc=glauth,dc=com",
    "group_lookup_attr": "cn",
    "group_member_attr": "uniqueMember",
    "id": "e97188aa-9573-413b-945e-07f5f261613e",
    "ssl_wildcard_validation": false,
    "user_email_attr": "mail",
    "user_rdn": "ou=users",
    "group_object_class": "groupOfUniqueNames",
    "display_name": "ldap.internal",
    "search_nested_groups": true,
    "start_tls": false
  }
]Copied!
You must have the directory_service:edit:* permission to get complete responses. Otherwise, responses are limited to the id and display_name, for example:
[
  {
    "id": "e97188aa-9573-413b-945e-07f5f261613e",
    "display_name": "ldap.internal"
  }
]Copied!

An empty array means there are no LDAP connections configured.

For error responses, refer to RBAC service errors.

GET /ldap/<id>

Get details for a specific LDAP connection. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, the request is a basic call with authentication and a specific LDAP connection ID, for example:
curl "https://$(puppet config print server):4433/rbac-api/v2/ldap/e97188aa-9573-413b-945e-07f5f261613e" \
-H "X-Authentication:$(puppet-access show)"Copied!

You can use GET /ldap to get the id.

Response format

A successful request returns an object containing the connection's External directory settings. For example:
{
  "help_link": "",
  "ssl": false,
  "group_name_attr": "name",
  "group_rdn": "ou=groups",
  "connect_timeout": 10,
  "user_display_name_attr": "*",
  "disable_ldap_matching_rule_in_chain": false,
  "ssl_hostname_validation": true,
  "hostname": "ldap.internal",
  "base_dn": "dc=glauth,dc=com",
  "user_lookup_attr": "cn",
  "port": 3893,
  "login": "cn=serviceuser,ou=svcaccts,dc=glauth,dc=com",
  "group_lookup_attr": "cn",
  "group_member_attr": "uniqueMember",
  "id": "e97188aa-9573-413b-945e-07f5f261613e",
  "ssl_wildcard_validation": false,
  "user_email_attr": "mail",
  "user_rdn": "ou=users",
  "group_object_class": "groupOfUniqueNames",
  "display_name": "ldap.internal",
  "search_nested_groups": true,
  "start_tls": false
}Copied!
You must have the directory_service:edit:* permission to get all keys. Otherwise, responses are limited to the id and display_name, for example:
{
  "id": "e97188aa-9573-413b-945e-07f5f261613e",
  "display_name": "ldap.internal"
}Copied!

For error responses, refer to RBAC service errors.

GET /ds (deprecated)

Get information about your directory service. Authentication is required.

Important: GET /ds is deprecated. Instead, use GET /ldap.

Request format

When Forming RBAC API requests to this endpoint, the request is a basic call with authentication, such as:
curl "https://$(puppet config print server):4433/rbac-api/v2/ds" -H "X-Authentication:$(puppet-access show)"Copied!

Response format

Returns an array of objects, where each object represents a currently-configured LDAP server. For example, this response contains information for one LDAP server:
[
  {
    "id": "6e33eb78-820f-463a-a65c-e1ef291d59a8",
    "help_link": "https://help.example.com",
    "ssl": true,
    "group_name_attr": "name",
    "group_rdn": null,
    "connect_timeout": 15,
    "user_display_name_attr": "cn",
    "disable_ldap_matching_rule_in_chain": false,
    "ssl_hostname_validation": true,
    "hostname": "ldap.example.com",
    "base_dn": "dc=example,dc=com",
    "user_lookup_attr": "uid",
    "port": 636,
    "login": "cn=ldapuser,ou=service,ou=users,dc=example,dc=com",
    "group_lookup_attr": "cn",
    "group_member_attr": "uniqueMember",
    "ssl_wildcard_validation": false,
    "user_email_attr": "mail",
    "user_rdn": "ou=users",
    "group_object_class": "groupOfUniqueNames",
    "display_name": "Acme Corp Ldap server",
    "search_nested_groups": true,
    "start_tls": false
  }
] Copied!

Returns an empty array if no LDAP servers are configured.

You must have the directory_service:edit permission to view all fields; otherwise, only the display name of the directory server is returned.

For information about each setting, refer to External directory settings.

For errors, refer to RBAC service errors.

Was this page helpful?