PATCH – Update global account lockout properties and LDAP properties
Use the PATCH method to update properties in AccountService resource for Redfish service.
Request URL
PATCH https://<BMC_IPADDR>/redfish/v1/AccountService
Request body
Properties to be updated are shown as bellow.
Field | Type | Description | |||
|---|---|---|---|---|---|
AccountLockoutThreshold | Number | The number of failed login attempts before a user account is locked for a specified duration. The value should be between 0 and 10. | |||
AccountLockoutDuration | Number | The time in seconds an account is locked after the account lockout threshold is met. The range of this value is 60~172800. | |||
AccountLockoutCounterResetEnabled | Boolean | The value indicates whether the threshold counter will be reset before account is locked for a specified duration. This property is hidden if AccountLockoutDuration is null, otherwise it shows identically to AccountLockoutDuration does. | |||
LDAP | Object | The first LDAP external account provider this AccountService supports. | |||
LDAPService | Object | This property contains additional mapping information needed to parse a generic LDAP service. | |||
SearchSettings | Object | This property contains the settings needed to search an external LDAP service. | |||
BaseDistinguishedNames | String | The base distinguished names to use when searching the LDAP service. | |||
GroupNameAttribute | String | The attribute name that contains the name of the Group on the group LDAP entry. | |||
GroupsAttribute | String | The attribute name that contains the Groups for a user on the user LDAP entry. | |||
UsernameAttribute | String | The attribute name that contains the Username on the user LDAP entry. | |||
ServiceAddresses | String | This property contains the addresses of the user account providers this resource references. The format of this field depends on the Type. | |||
Authentication | Object | This property contains authentication information for the external account provider. | |||
Username | String | This property contains the username of authentication used to connect to the external account provider. | |||
Password | String | This property contains the password of authentication used to connect to the external account provider. | |||
RemoteRoleMapping | Array | This property shall contain a collection of the mapping rules to convert the external account providers account information to the local Redfish Role. | |||
RemoteRoleMapping[N] | Object | Expand | |||
LocalRole | String | The value of this property shall contain the value of the RoleId property within a Role resource on this Redfish service in which to map the remote user or group. | |||
RemoteGroup | String | The value of this property shall contain the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity. | |||
Response body
The response returns the same content as GET operation with updated properties.
Status code
| HTTP Status Code | Error Message ID |
|---|---|
| 500 | InternalError |
Example
The following example is PATCH body
{
"AccountLockoutThreshold": 5,
"AccountLockoutDuration": 3600,
"AccountLockoutCounterResetAfter": 3600,
"LDAP": {
"ServiceAddresses": [
"10.240.198.163:50637",
"0.0.0.0:389",
"0.0.0.0:389",
"0.0.0.0:389"
],
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"ou=Users,dc=ibmbase,dc=com"
],
"GroupNameAttribute": "memberOf",
"UsernameAttribute": "cn"
}
},
"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "admin"
},
{
"LocalRole": "ReadOnly",
"RemoteGroup": "readonly"
}
]
}
}
The following example JSON response is returned:
{
"LDAP": {
"ServiceEnabled": true,
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"ou=Users,dc=ibmbase,dc=com"
],
"GroupNameAttribute": "memberOf",
"UsernameAttribute": "cn",
"GroupsAttribute": ""
}
},
"PasswordSet": false,
"Certificates": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
},
"Authentication": {
"Password": null,
"AuthenticationType": "UsernameAndPassword",
"Username": ""
},
"ServiceAddresses": [
"10.240.198.163:50637",
"0.0.0.0:389",
"0.0.0.0:389",
"0.0.0.0:389"
],
"RemoteRoleMapping": [
{
"RemoteGroup": "admin",
"LocalRole": "Administrator"
},
{
"RemoteGroup": "readonly",
"LocalRole": "ReadOnly"
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
},
{
"RemoteGroup": null,
"LocalRole": null
}
]
},
"Oem": {
"Lenovo": {
"PasswordExpirationWarningPeriod": 0,
"ComplexPassword": false,
"MinimumPasswordReuseCycle": 5,
"WebInactivitySessionTimeout": 20,
"MinimumPasswordChangeIntervalHours": 0,
"PasswordLength": 8,
"PasswordExpirationPeriodDays": 0,
"CurrentLoggedUsers": [
{
"LoginID": "SYSMGR_QEMUWE71",
"SessionType": "Redfish",
"IP_Hostname": "10.240.198.163"
}
],
"PasswordChangeOnFirstAccess": false,
"@odata.type": "#LenovoAccountService.v1_0_0.LenovoAccountServiceProperties"
}
},
"MinPasswordLength": 8,
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
"LocalAccountAuth@Redfish.AllowableValues": [
"Enabled",
"Disabled",
"LocalFirst",
"Fallback"
],
"@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
"MaxPasswordLength": 255,
"AccountLockoutCounterResetEnabled": true,
"ServiceEnabled": true,
"@odata.type": "#AccountService.v1_10_0.AccountService",
"@odata.id": "/redfish/v1/AccountService",
"AccountLockoutThreshold": 5,
"Id": "AccountService",
"AccountLockoutDuration": 3600,
"AccountLockoutCounterResetAfter": 3600,
"Description": "This resource is used to represent a management account service for a Redfish implementation.",
"Name": "AccountService",
"@odata.etag": "\"12ea0e270da0d30e5d0353\"",
"LocalAccountAuth": "LocalFirst",
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_2.Message",
"MessageSeverity": "Warning",
"MessageArgs": [
"AccountLockoutCounterResetAfter"
],
"Resolution": "Remove the property from the request body and resubmit the request if the operation failed.",
"MessageId": "Base.1.12.PropertyNotWritable",
"Message": "The property AccountLockoutCounterResetAfter is a read only property and cannot be assigned a value."
}
]
}