Skip to main content

PATCH – Active Directory Remote Role Mapping

Behavior

  1. This operation is used to configure Active Directory RemoteRoleMapping.

  2. The user can create / modify / delete the RemoteRoleMapping of Active Directory using this Patch operation.

  3. For deleting a RemoteRoleMapping property, the user should give the remaining RemoteRoleMapping property in the request body of the PATCH operation.

  4. The maximum allowed Active Directory Role is 16 (for LXCA Requirement).

  5. An appropriate error will be thrown when user tries to patch more than maximum RemoteRoleMapping properties.

  6. Duplicating "RemoteGroup" name is not allowed while patching.

Request

PATCH https://{{ip}}/redfish/v1/AccountService
Content-Type: application/json

Request example

Create RemoteRoleMapping:

{
"ActiveDirectory":{
"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup":"redfish4",
"RemoteUser":"Active2",
"Oem":{
"Ami":{
"GroupID":2,
"KVMAccess":"Enable",
"VMediaAccess":"Enable"
}
}
]
}
}

Modify RemoteRoleMapping:

The below example is to modify the KVMAccess of groupid 2 as "Disable".

{
"ActiveDirectory":{
"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup":"redfish4",
"RemoteUser":"Active2",
"Oem":{
"Ami":{
"GroupID":2,
"KVMAccess":"Disable",
"VMediaAccess":"Enable"
}
}
}
]
}
}

Add RemoteRoleMappings:

  1. Consider we need to add RoleMappings with GroupID as 1 and 3.

  2. Hence, we need to issue a PATCH request with the following request body:
    {
    "ActiveDirectory":{
    "RemoteRoleMapping":[
    {
    "LocalRole":"Administrator",
    "RemoteGroup":"redfish1",
    "RemoteUser":"Active1",
    "Oem":{
    "Ami":{
    "GroupID":1,
    "KVMAccess":"Enable",
    "VMediaAccess":"Disable"
    }
    }
    },
    {
    "LocalRole":"Administrator",
    "RemoteGroup":"redfish3",
    "RemoteUser":"Active3",
    "Oem":{
    "Ami":{
    "GroupID":3,
    "KVMAccess":"Enable",
    "VMediaAccess":"Disable"
    }
    }
    }
    ]
    }
    }

Add / Delete RemoteRoleMappings:

  1. Again, consider we need to add RoleMapping with GroupID as 2 and delete RoleMapping with GroupID 3.

  2. For this, we need to exclude RoleMapping with GroupID 3(since we need to delete it) and add existing RoleMapping with GroupID 1, along with the to-be-added RoleMapping with GroupID 2 in the request body.

  3. Hence, we need to issue a PATCH request with the following request body:
    {
    "ActiveDirectory":{
    "RemoteRoleMapping":[
    {
    "LocalRole":"Administrator",
    "RemoteGroup":"redfish1",
    "RemoteUser":"Active1",
    "Oem":{
    "Ami":{
    "GroupID":1,
    "KVMAccess":"Enable",
    "VMediaAccess":"Disable"
    }
    }
    },
    {
    "LocalRole":"Administrator",
    "RemoteGroup":"redfish2",
    "RemoteUser":"Active2",
    "Oem":{
    "Ami":{
    "GroupID":2,
    "KVMAccess":"Enable",
    "VMediaAccess":"Disable"
    }
    }
    }
    ]
    }
    }

Delete all the RemoteRoleMappings:

  1. For this, we need to pass the RemoteRoleMappings attribute under ActiveDirectory as an empty array.

  2. Hence, we need to issue a PATCH request with the following request body:
    {
    "ActiveDirectory":{
    "RemoteRoleMapping":[]
    }

    }

Response

For Error Responses, please refer to Error Response.