Skip to main content

PATCH – LDAP Remote Role Mapping

Behavior

  1. This operation is used to configure LDAP RemoteRoleMapping.

  2. Users can create / modify / delete the RemoteRoleMapping of LDAP using this Patch operation.

  3. For deleting a RemoteRoleMapping property, users should give the remaining RemoteRoleMapping property in the request body of PATCH operation.

  4. The maximum allowed LDAP Role is 16 (for LXCA Requirement).

  5. An appropriate error will be thrown when the user tries to patch more than maximum RemoteRoleMapping properties.

  6. Duplicating "RemoteGroup" name is not allowed while patching.

  7. RemoteRoleMapping property can be patched separately and does not require Authentication. It can be patched only when LDAP "ServiceEnabled" value is true.

  8. RemoteRoleMapping property cannot be set if any of the RemoteRoleMapping properties (LocalRole, RemoteGroup, RemoteUser) is patched with an invalid value.

Request

PATCH https://{{ip}}/redfish/v1/AccountService
Content-Type: application/json

Request example

For Creating RemoteRoleMapping:

The below example is to create three RemoteGroups "group1", "group2", and "group3"".

{
    "LDAP": {
        "RemoteRoleMapping": [
            {
                "LocalRole": "Administrator",
                "RemoteGroup": "group1",
                "RemoteUser": "dc=coretesting,dc=com"
            },
            {
                "LocalRole": "User",
                "RemoteGroup": "group2",
                "RemoteUser": "dc=coretesting,dc=com"
            },
            {
                "LocalRole": "Administrator",
                "RemoteGroup": "group3",
                "RemoteUser": "dc=coretesting,dc=com"
            },
            {
                "LocalRole": "Operator",
                "RemoteGroup": "group4",
                "RemoteUser": "dc=coretesting,dc=com"
            }
        ]
    }
}

For Modifying/Deleting RemoteRoleMapping:

The below example is to modify the LocalRole of group2 as "Administrator" and to Delete the group3 Role of LDAP.

{
    "LDAP": {
        "RemoteRoleMapping": [
            {
                "LocalRole": "Administrator",
                "RemoteGroup": "group1",
                "RemoteUser": "dc=coretesting,dc=com"
            },
            {
                "LocalRole": "Administrator",
                "RemoteGroup": "group2",
                "RemoteUser": "dc=coretesting,dc=com"
            },
            {
                "LocalRole": "Operator",
                "RemoteGroup": "group4",
                "RemoteUser": "dc=coretesting,dc=com"
            }
        ]
    }
}

Response

For Error Responses, please refer to Error Response.