Skip to main content

GET – Account management properties

Use the GET method to retrieve properties in AccountService resource for Redfish service.

Request URL

GET https://<BMC_IPADDR>/redfish/v1/AccountService

Request body

None

Response body

FieldTypeDescription

AccountLockoutThreshold

NumberThe number of failed login attempts before a user account is locked for a specified duration. The value should be between 0 and 10.

AccountLockoutDuration

NumberThe time in seconds an account is locked after the account lockout threshold is met. If the value is 0, the property will show null, otherwise it is 60~172800

AccountLockoutCounterResetEnabled

BooleanThe value indicates whether the threshold counter will be reset before account is locked for a specified duration. This property is hidden if AccountLockoutDuration is null, otherwise it shows identically to AccountLockoutDuration does.

AccountLockoutCounterResetAfter

NumberThis property is hidden if AccountLockoutDuration is null, otherwise it shows identically to AccountLockoutDuration does.

Id

String“AccountService”.

Name

String“AccountService”.

MaxPasswordLength

NumberThe maximum password length that the implementation will allow a password to be set to. The value is 20 and cannot be modified.

MinPasswordLength

NumberThe minimum password length that the implementation will allow a password to be set to. The value is 8 and cannot be modified.

Accounts

ObjectThis property shall contain the link to a collection of type ManagerAccount

Roles

ObjectThis property shall contain the link to a collection of type Role.

ServiceEnabled

BooleanThe value of this property shall be a boolean indicating whether this service is enabled. The value is “True” and cannot modified.

Description

StringThis resource is used to represent a management account service for a Redfish implementation.

LocalAccountAuth

StringThis property shall govern how the service uses the Accounts collection within this AccountService as part of authentication. Details about each of the modes are found in the description of the enum values.

LocalAccountAuth@Redfish.AllowableValues

Array

Items: string

Item count: 4

The annotation is hidden on Flex platforms.

LDAP

ObjectThe first LDAP external account provider this AccountService supports.
 

AccountProviderType

StringThis property contains the type of external account provider this resource references.
 

Authentication

ObjectThis property contains the authentication information for the external account provider.
  

AuthenticationType

StringThis property contains the type of authentication used to connect to the external account provider.
  

Username

StringThis property contains the username of authentication used to connect to the external account provider.
  

Password

StringThis property contains the password of authentication used to connect to the external account provider.
 

Certificates

LinkThe value of this property is a URI reference to a collection of certificates.
 

LDAPService

ObjectThis property contains additional mapping information needed to parse a generic LDAP service.
  

SearchSettings

ObjectThis property contains the settings needed to search an external LDAP service.
   

BaseDistinguishedNames

StringThe base distinguished names to use when searching the LDAP service.
   

GroupNameAttribute

StringThe attribute name that contains the name of the Group on the group LDAP entry.
   

GroupsAttribute

StringThe attribute name that contains the Groups for a user on the user LDAP entry.
   

UsernameAttribute

StringThe attribute name that contains the Username on the user LDAP entry.
 

PasswordSet

BooleanThis property shall be true when a non-empty value was provided to the Password property, otherwise it shall be false.
 

ServiceAddresses

StringThis property contains the addresses of the user account providers this resource references. The format of this field depends on the Type.
 

RemoteRoleMapping

ArrayThis property shall contain a collection of the mapping rules to convert the external account providers account information to the local Redfish Role.
  

RemoteRoleMapping[N]

ObjectExpand
   

LocalRole

StringThe value of this property shall contain the value of the RoleId property within a Role resource on this Redfish service in which to map the remote user or group.
   

RemoteGroup

StringThe value of this property shall contain the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity.
 

ServiceAddresses

StringLDAP server address, array type.
 

ServiceEnabled

BooleanLDAP enablement.

Status code

HTTP Status CodeError Message ID
500InternalError

Example

The following example JSON response is returned:

{
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
"AccountLockoutThreshold": 5,
"@odata.id": "/redfish/v1/AccountService",
"AccountLockoutDuration": 3600,
"ServiceEnabled": true,
"MinPasswordLength": 10,
"AccountLockoutCounterResetAfter": 3600,
"Description": "This resource is used to represent a management account service for a Redfish implementation.",
"LocalAccountAuth": "Enabled",
"LDAP": {
"RemoteRoleMapping": [
{
"LocalRole": null,
"RemoteGroup": null
},



{
"LocalRole": null,
"RemoteGroup": null
}
],
"Authentication": {
"Username": "",
"Password": null,
"AuthenticationType": "UsernameAndPassword"
},
"PasswordSet": false,
"Certificates": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
},
"ServiceAddresses": [
"192.168.0.227:50637",
"0.0.0.0:389",
"0.0.0.0:389",
"0.0.0.0:389"
],
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"ou=Users,dc=ibmbase,dc=com"
],
"UsernameAttribute": "cn",
"GroupsAttribute": "",
"GroupNameAttribute": "memberOf"
}
},
"ServiceEnabled": true
},
"Name": "AccountService",
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"Oem": {

},
"@odata.type": "#AccountService.v1_6_0.AccountService",
"LocalAccountAuth@Redfish.AllowableValues": [
"Enabled",
"Disabled",
"LocalFirst",
"Fallback"
],
"MaxPasswordLength": 32,
"@odata.etag": "\"fc78176d1e9673250dac95c513f397b6\"",
"AccountLockoutCounterResetEnabled": true,
"Id": "AccountService"
}