PATCH – Update global account lockout properties and ldap properties
Use the PATCH method to update properties in AccountService resource for Redfish service.
Request URL
PATCH https://<BMC_IPADDR>/redfish/v1/AccountService
Request body
Properties to be updated are shown as bellow.
Field | Type | Description | |||
---|---|---|---|---|---|
AccountLockoutThreshold | Number | The number of failed login attempts before a user account is locked for a specified duration. The value should be between 0 and 10. | |||
AccountLockoutDuration | Number | The time in seconds an account is locked after the account lockout threshold is met. If the value is 0, the property will show null, otherwise it is 60~172800. | |||
AccountLockoutCounterResetEnabled | Boolean | The value indicates whether the threshold counter will be reset before account is locked for a specified duration. This property is hidden if AccountLockoutDuration is null, otherwise it shows identically to AccountLockoutDuration does. | |||
LDAP | Object | The first LDAP external account provider this AccountService supports. | |||
LDAPService | Object | This property contains additional mapping information needed to parse a generic LDAP service. | |||
SearchSettings | Object | This property contains the settings needed to search an external LDAP service. | |||
BaseDistinguishedNames | String | The base distinguished names to use when searching the LDAP service. | |||
GroupNameAttribute | String | The attribute name that contains the name of the Group on the group LDAP entry. | |||
GroupsAttribute | String | The attribute name that contains the Groups for a user on the user LDAP entry. | |||
UsernameAttribute | String | The attribute name that contains the Username on the user LDAP entry. | |||
ServiceAddresses | String | This property contains the addresses of the user account providers this resource references. The format of this field depends on the Type. | |||
RemoteRoleMapping | Array | This property shall contain a collection of the mapping rules to convert the external account providers account information to the local Redfish Role. | |||
Authentication | Object | This property contains authentication information for the external account provider. | |||
Username | String | This property contains the username of authentication used to connect to the external account provider. | |||
Password | String | This property contains the password of authentication used to connect to the external account provider. | |||
RemoteRoleMapping[N] | Object | Expand | |||
LocalRole | String | The value of this property shall contain the value of the RoleId property within a Role resource on this Redfish service in which to map the remote user or group. | |||
RemoteGroup | String | The value of this property shall contain the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity. |
Response body
The response returns the same content as GET operation with updated properties.
Status code
HTTP Status Code | Error Message ID |
---|---|
500 | InternalError |
Example
The following example is PATCH body
{
"AccountLockoutThreshold": 5,
"AccountLockoutDuration": 3600,
"AccountLockoutCounterResetAfter": 3600
}
The following example JSON response is returned:
{
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
"AccountLockoutThreshold": 5,
"@odata.id": "/redfish/v1/AccountService",
"AccountLockoutDuration": 3600,
"ServiceEnabled": true,
"MinPasswordLength": 10,
"AccountLockoutCounterResetAfter": 3600,
"Description": "This resource is used to represent a management account service for a Redfish implementation.",
"LocalAccountAuth": "Enabled",
"LDAP": {
"RemoteRoleMapping": [
{
"LocalRole": null,
"RemoteGroup": null
},
…
{
"LocalRole": null,
"RemoteGroup": null
}
],
"Authentication": {
"Username": "",
"Password": null,
"AuthenticationType": "UsernameAndPassword"
},
"PasswordSet": false,
"Certificates": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
},
"ServiceAddresses": [
"192.168.0.227:50637",
"0.0.0.0:389",
"0.0.0.0:389",
"0.0.0.0:389"
],
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"ou=Users,dc=ibmbase,dc=com"
],
"UsernameAttribute": "cn",
"GroupsAttribute": "",
"GroupNameAttribute": "memberOf"
}
},
"ServiceEnabled": true
},
"Name": "AccountService",
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"Oem": {
…
},
"@odata.type": "#AccountService.v1_6_0.AccountService",
"LocalAccountAuth@Redfish.AllowableValues": [
"Enabled",
"Disabled",
"LocalFirst",
"Fallback"
],
"MaxPasswordLength": 32,
"@odata.etag": "\"fc78176d1e9673250dac95c513f397b6\"",
"AccountLockoutCounterResetEnabled": true,
"Id": "AccountService",
"@Message.ExtendedInfo": [
{
"MessageArgs": [
"AccountLockoutCounterResetAfter"
],
"Resolution": "Remove the property from the request body and resubmit the request if the operation failed.",
"MessageId": "Base.1.6.PropertyNotWritable",
"Severity": "Warning",
"Message": "The property AccountLockoutCounterResetAfter is a read only property and cannot be assigned a value.",
"@odata.type": "#Message.v1_0_8.Message"
}
]
}