Skip to main content

PATCH – Update global account lockout properties and ldap properties

Use the PATCH method to update properties in AccountService resource for Redfish service.

Request URL

PATCH https://<BMC_IPADDR>/redfish/v1/AccountService

Request body

Properties to be updated are shown as bellow.

Field

Type

Description

AccountLockoutThreshold

Number

The number of failed login attempts before a user account is locked for a specified duration. The value should be between 0 and 10.

AccountLockoutDuration

Number

The time in seconds an account is locked after the account lockout threshold is met. If the value is 0, the property will show null, otherwise it is 60~172800.

AccountLockoutCounterResetEnabled

Boolean

The value indicates whether the threshold counter will be reset before account is locked for a specified duration. This property is hidden if AccountLockoutDuration is null, otherwise it shows identically to AccountLockoutDuration does.

LDAP

Object

The first LDAP external account provider this AccountService supports.

 

LDAPService

Object

This property contains additional mapping information needed to parse a generic LDAP service.

  

SearchSettings

Object

This property contains the settings needed to search an external LDAP service.

   

BaseDistinguishedNames

String

The base distinguished names to use when searching the LDAP service.

   

GroupNameAttribute

String

The attribute name that contains the name of the Group on the group LDAP entry.

   

GroupsAttribute

String

The attribute name that contains the Groups for a user on the user LDAP entry.

   

UsernameAttribute

String

The attribute name that contains the Username on the user LDAP entry.

 

ServiceAddresses

String

This property contains the addresses of the user account providers this resource references. The format of this field depends on the Type.

 

RemoteRoleMapping

Array

This property shall contain a collection of the mapping rules to convert the external account providers account information to the local Redfish Role.

 

Authentication

Object

This property contains authentication information for the external account provider.

  

Username

String

This property contains the username of authentication used to connect to the external account provider.

  

Password

String

This property contains the password of authentication used to connect to the external account provider.

  

RemoteRoleMapping[N]

Object

Expand

   

LocalRole

String

The value of this property shall contain the value of the RoleId property within a Role resource on this Redfish service in which to map the remote user or group.

   

RemoteGroup

String

The value of this property shall contain the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity.

Response body

The response returns the same content as GET operation with updated properties.

Status code

HTTP Status CodeError Message ID
500InternalError

Example

The following example is PATCH body

{
"AccountLockoutThreshold": 5,
"AccountLockoutDuration": 3600,
"AccountLockoutCounterResetAfter": 3600
}

The following example JSON response is returned:

{
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
"AccountLockoutThreshold": 5,
"@odata.id": "/redfish/v1/AccountService",
"AccountLockoutDuration": 3600,
"ServiceEnabled": true,
"MinPasswordLength": 10,
"AccountLockoutCounterResetAfter": 3600,
"Description": "This resource is used to represent a management account service for a Redfish implementation.",
"LocalAccountAuth": "Enabled",
"LDAP": {
"RemoteRoleMapping": [
{
"LocalRole": null,
"RemoteGroup": null
},


{
"LocalRole": null,
"RemoteGroup": null
}
],
"Authentication": {
"Username": "",
"Password": null,
"AuthenticationType": "UsernameAndPassword"
},
"PasswordSet": false,
"Certificates": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
},
"ServiceAddresses": [
"192.168.0.227:50637",
"0.0.0.0:389",
"0.0.0.0:389",
"0.0.0.0:389"
],
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"ou=Users,dc=ibmbase,dc=com"
],
"UsernameAttribute": "cn",
"GroupsAttribute": "",
"GroupNameAttribute": "memberOf"
}
},
"ServiceEnabled": true
},
"Name": "AccountService",
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"Oem": {

},
"@odata.type": "#AccountService.v1_6_0.AccountService",
"LocalAccountAuth@Redfish.AllowableValues": [
"Enabled",
"Disabled",
"LocalFirst",
"Fallback"
],
"MaxPasswordLength": 32,
"@odata.etag": "\"fc78176d1e9673250dac95c513f397b6\"",
"AccountLockoutCounterResetEnabled": true,
"Id": "AccountService",
"@Message.ExtendedInfo": [
{
"MessageArgs": [
"AccountLockoutCounterResetAfter"
],
"Resolution": "Remove the property from the request body and resubmit the request if the operation failed.",
"MessageId": "Base.1.6.PropertyNotWritable",
"Severity": "Warning",
"Message": "The property AccountLockoutCounterResetAfter is a read only property and cannot be assigned a value.",
"@odata.type": "#Message.v1_0_8.Message"
}
]
}