PATCH – LDAP and LDAP Service
Request
PATCH https://{{ip}}/redfish/v1/AccountService
Content-Type: application/json
Request body
Please refer to the properties that are patchable in Account Service Property for which Read-Only is False that can be sent as Request body in JSON format.
"RemoteRoleMapping" property can be patched separately and does not require Authentication.
The LDAP properties like "Authentication", "LDAPService", "ServiceAddresses" and "ServiceEnabled" are mandatory while Patching the LDAP configuration for the first time after flash.
The "Password" in LDAP Authentication is mandatory to be passed in the request body for patching the LDAP properties like "Username", "LDAPService", "ServiceAddresses" and "ServiceEnabled"(when the value is true in request body).
For updating "RemoteRoleMapping" and for updating the LDAP "ServiceEnabled" as false, "Password" is not required. LDAP properties can be patched only when LDAP "ServiceEnabled" value is true.
Request example
{
"LDAP": {
"Authentication": {
"Username":"cn=admin,dc=testldap,dc=com",
"Password":"ami"
},
"RemoteRoleMapping":[
{
"LocalRole":"Administrator",
"RemoteGroup":"group1",
"RemoteUser":"dc=coretesting,dc=com"
},
{
"LocalRole":"User",
"RemoteGroup":"group2",
"RemoteUser":"dc=coretesting,dc=com"
},
{
"LocalRole":"operator",
"RemoteGroup":"group3",
"RemoteUser":"dc=coretesting,dc=com"
}
],
"LDAPService":{
"SearchSettings":{
"BaseDistinguishedNames":[
"dc=testldap,dc=com"
],
"GroupsAttribute":"cn"
}
}
"ServiceAddresses":[
"10.0.125.48:389"
],
"ServiceEnabled":true
}
}
Set encryption type for LDAP service. Please refer to the properties defined in Account Service LDAP OEM Properties
Example PATCH Request Body – NoEncryption
{
"LDAP":{
"Authentication":{
"Username":"cn=admin,dc=coretesting,dc=com",
"Password":"ertif",
"Oem":{
"Ami":{
"EncryptionType":"NoEncryption",
"CommonNameType":"IPAddress"
}
}
},
"LDAPService":{
"SearchSettings":{
"BaseDistinguishedNames":[
"dc=coretesting,dc=com"
],
"GroupsAttribute":"cn"
}
},
"ServiceAddresses":[
"10.0.122.61:389"
],
"ServiceEnabled":true
}
}
Example PATCH Request Body – StartTLS
{
"LDAP":{
"Authentication":{
"Username":"cn=USERID,ou=users,dc=ibmbase,dc=com",
"Password":"Passw0rd",
"Oem":{
"Ami":{
"CommonNameType":"IPAddress",
"EncryptionType":"StartTLS"
}
}
},
"LDAPService":{
"SearchSettings":{
"BaseDistinguishedNames":[
"dc=coretesting,dc=com"
],
"GroupsAttribute":"cn"
}
},
"ServiceAddresses":[
"10.240.211.131:50637"
],
"ServiceEnabled":true
}
}
Example PATCH Request Body – SSL and BindingMethod : LoginCredential
{
"LDAP":{
"Authentication":{
"Oem":{
"Ami":{
"CommonNameType":"IPAddress",
"EncryptionType":"SSL",
"BindingMethod":"LoginCredential"
}
}
},
"LDAPService":{
"SearchSettings":{
"BaseDistinguishedNames":[
"ou=users,dc=ibmbase,dc=com"
],
"GroupsAttribute":"cn"
}
},
"ServiceAddresses":[
"10.240.210.197:50637"
],
"ServiceEnabled":true
}
}
Response
For Error Responses, please refer to Error Response.