Skip to main content

Security for AD Configuration

AD General Setting

Table 1. AD general setting properties
FieldTypeRead onlyDescription

Status

String

False

Indicator of whether the AD service is enabled

RacUserName

String

False

User name of an administrator of the AD server

RacUserPassword

String

False

Password of the administrator

RacDomain

String

False

Domain for the user

DCserver1

String

False

IP address of the AD server 1

DCserver2

String

False

IP address of the AD server 2

DCserver3

String

False

IP address of the AD server 3

Request

Get AD General Setting

GET https://{{ip}}/redfish/v1/AccountService/Oem/Lenovo/AD/GeneralSetting
Content-Type: application/json

Response

{
"@odata.context": 
"/redfish/v1/$metadata#AccountService.AccountService
(DCServer3,@odata.id,Status,DCServer1,Name,RacUserName,DCServer2,Id,RacDomain)",
    "@odata.etag": "\"1583375634\"",
    "@odata.id": "/redfish/v1/AccountService/Oem/Lenovo/AD/GeneralSetting",
    "@odata.type": "#AccountService.v1_5_0.AccountService",
    "DCServer1": "192.168.101.253",
    "DCServer2": "192.168.101.254",
    "DCServer3": "192.168.101.255",
    "Id": "AD Config",
    "Name": "AccountService AD Config",
    "RacDomain": "lenovo.com",
    "RacUserName": "LNV023",
    "Status": "enable"
}

Request

PATCH AD General Setting

PATCH https://{{ip}}/redfish/v1/AccountService/Oem/Lenovo/AD/GeneralSetting
Content-Type: application/json

Request body

The properties of this URL should be patched in a group. See the following example patch body:

{
   "Status" : "enable",
   "RacUserName" : "LNV024",
   "RacUserPassword" : "pw2324",
   "RacDomain" : "lenovo.com",
   "DCServer1" : "192.168.101.253",
   "DCServer2" : "192.168.101.254",
   "DCServer3" : "192.168.101.255"
}

Response

The response content is 204 with no body.

AD Role Group Setting

Note
id of the AD role group could be 1 to 16
Table 2. AD role group setting properties
FieldTypeRead onlyDescription

RoleGroupName

String

False

Role group name.

RoleGroupDomain

String

False

Role group domain.

RoleGroupPrivilege

Number

False

Privilege can be none, User, Operator, Administrator, or Oem.

RoleGroupExtendPrivilege

String

False

Extended privilege, which can be configured as none, KVM enable, Vmedia enable, or both KVM and Vmedia enable.

Request

Get AD Role Group Setting

GET https://{{ip}}/redfish/v1/AccountService/Oem/Lenovo/AD/RoleGroup/{id}
Content-Type: application/json

Response example

{
    "@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
    "@odata.etag": "\"1583378837\"",
    "@odata.id": "/redfish/v1/AccountService/Oem/Lenovo/AD/RoleGroup/5",
    "@odata.type": "#AccountService.v1_5_0.AccountService",
    "Id": "AD USER",
    "Name": "AccountService AD User",
    "RoleGroupDomain": "lenovo.com",
    "RoleGroupExtendPrivilege": "Vmedia enable",
    "RoleGroupName": "LNV023",
    "RoleGroupPrivilege": "Operator"
}

Request

PATCH AD Role Group Setting

PATCH https://{{ip}}/redfish/v1/AccountService/Oem/Lenovo/AD/RoleGroup/{id}
Content-Type: application/json

Request body

The properties of this URL should be patched in a group. See the following example patch body:

{
   "RoleGroupName": "LNVGP1",
   "RoleGroupDomain": "lenovo.com",
   "RoleGroupPrivilege": "Administrator",
   "RoleGroupExtendPrivilege": "KVM enable"
}

Response

The response content is 204 with no body.