Skip to main content

GET /ldapClientSettings

Use this method to return information about the client settings when an external LDAP server is used for authentication.

Authentication

Authentication with username and password is required.

Request URL

GET https://{management_server_IP}/ldapClientSettings

Query parameters

ParametersRequired / OptionalDescription
default={Boolean}OptionalIndicates whether default LDAP client settings are returned. This can be one of the following values.
  • true. Default settings are returned.

  • false. (default) Current values are returned.

The following example returns the default LDAP client settings.
GET https://192.0.2.0/ldapClientSettings?default=true

Response codes

CodeDescriptionComments
200OKThe request completed successfully.
400Bad RequestA query parameter or request attribute is missing or not valid, or the operation is not supported. A descriptive error message is returned in the response body.
500Internal Server ErrorAn internal error occurred. A descriptive error message is returned in the response body.

Response body

AttributesTypeDescription
responseArray of objectsInformation about each user account
 bindingMethodStringMethod that is used to bind XClarity Administrator to the external authentication server. This can be one of the following values.
  • configured_credentials: Uses the credentials specified in the clientDn and clientPw attributes to bind to the specified LDAP authentication server.
  • login_credentials: Uses the login credentials of the authenticating user to bind to the specified LDAP authentication server. The credentials specified in the existing clientDn and clientPw attributes are used to perform an initial test connection to the authentication server, but these values are not saved.
 clientDnStringDistinguished name of the client
 clientPwBooleanIndicates if a client password is stored currently. This can be one of the following values.
  • true. There is currently a stored client password.
  • false. There is not currently a stored client password.
 domainNameStringDomain name used by DNS to locate LDAP servers
 forestNameStringForest name used by DNS to locate LDAP servers
 groupFiltersStringGroups search filters to customize the authentication process when configuring XClarity Administrator with an external LDAP server

For information about search filter syntax, see How to write LDAP search filters. For search filter examples, see Examples of Common ldapsearches

 groupNameAttributeStringAttribute name that is used to identify the group name that is configured by the LDAP server

The default is uid.

 groupSearchAttribNameStringAttribute name that is used to identify the groups to which a user belongs

The default is memberOf.

 rootDnStringRoot distinguished name with the topmost entry in your LDAP directory tree
 searchLimitIntegerMaximum number of in-search results that can be retrieved in an LDAP search operation using user and group filters

This can be a value from 05000. The default value is 0, which means that the operation does not time out.

 serverAddressArray of objectsInformation about the server address
  addressStringIP address for the server
  portIntegerPort number of the server connection
 serverSelectionMethodStringSpecifies how LDAP servers are to be selected. This can be one of the following values.
  • preconfigured. The IP addresses or hostnames will be used for external authentication servers.
  • dns. The domain name and optional forest name will be used to locate the domain controller (DC) and global catalog (GC) servers dynamically.
 sslEnabledBooleanIndicates if SSL is enabled. This can be one of the following values.
  • true. SSL is enabled.
  • false. SSL is not enabled.
 timeoutIntegerAmount of time, in seconds, to complete an LDAP search operation before timing out

This can be a value from 0300 (5 minutes). The default value is 0.

 userAuthenticationMethodStringType of user authentication. This can be one of the following values.
  • local. Authentication is performed locally.
  • ldap. Authentication is performed by an external LDAP server.
  • ldap_local. Authentication is performed by an external LDAP server first. If that fails, authentication is performed locally.
  • local_ldap. Authentication is performed locally first. If that fails, authentication is performed by an external LDAP server.
 userFiltersStringUsers search filters to customize the authentication process when configuring XClarity Administrator with an external LDAP server

For information about search filter syntax, see How to write LDAP search filters. For search filter examples, see Examples of Common ldapsearches

 userSearchAttribNameStringAttribute name that is used to identify the user IDs on the LDAP server

When the binding method is set to Configured Credentials, the initial bind to the LDAP server is followed by a search request that retrieves specific information about the user, including the user's DN, login permissions, and group membership. This search request must specify the attribute name that represents the user IDs on that server.

The default is cn.

 useServersAsGlobalCatalogsBooleanIndicates whether to treat domain controllers as global catalogs. This can be one of the following values.
  • true. (default) XClarity Administrator attempts to connect to the standard global-catalog port (3268 or 3269) on each known domain-controller address. If XClarity Administrator can bind to the port, the domain-controller server is treated as a global catalog, and XClarity Administrator uses the global catalog to locate additional user accounts during the authentication process. When a user account is located in the global catalog, XClarity Administrator connects to the domain-controller server that controls the domain in which the user exists to authenticate the user and obtain any domain local groups. XClarity Administrator can locate domain controllers that are not listed in the DNS as long as they are listed in the global catalog.
  • false. XClarity Administrator does not attempt to connect to the global catalog port on each domain-controller address unless the user explicitly specified the server’s global-catalog port as one of the preconfigured servers in the serverAddress attribute.

    For example, if you set serverSelectMethod to preconfigured, serverAddress to 192.0.2.0 on port 389, and useServersAsGlobalCatalogs to false, XClarity Administrator does not automatically attempt to connect to port 3268 on that server to determine whether it can function as a global catalog. However, if you specify two pre-configured servers in serverAddress, both with the same IP address 192.0.2.0 but different ports 389 and 3268, XClarity Administrator connects to the second server as a global-catalog server because you explicitly requested XClarity Administrator to attempt to connect to that port. Setting useServersAsGlobalCatalogs to true allows you to specify the server only once.

resultStringRequest results. This can be one of the following values.
  • success. The request completed successfully.
  • failure. The request failed. A descriptive error message was returned.
messagesArray of objectsInformation about one or more messages
 explanationStringAdditional information to clarify the reason for the message
 idStringMessage identifier of a returned message
 recoveryArray of objectsRecovery information
  textStringUser actions that can be taken to recover from the event
  URLStringLink to the help system for more information, if available
 textStringMessage text associated with the message identifier
The following example is returned if the request is successful.
{
"response": {
"bindingMethod": "configured_credentials",
"clientDn": "",
"clientPw": false,
"domainName": "",
"forestName": "",
"groupFilter": "",
"groupNameAttribute": "cn",
"groupSearchAttribName": "memberOf",
"rootDn": "",
"serverAddress": [{
"address": "1.1.1.1",
"port": 1
},
{
"address": "2.2.2.2",
"port": 2
},
{
"address": "3.3.3.3",
"port": 3
},
{
"address": "4.4.4.4",
"port": 4
}],
"searchFilter": "",
"searchSizeLimit": 0,
"serverSelectionMethod": "preconfigured",
"sslEnabled": true,
"timeoutLimit": 0,
"userAuthenticationMethod": "local",
"userSearchAttribName": "cn"
"useServersAsGlobalCatalogs" : true
},
"result": "success",
"messages": [{
"explanation": "",
"id": "FQXHMSE0001I",
"recovery": {
"text": "Information only; no action is required.",
"URL": ""
},
"text": "The request completed successfully."
}]
}