Creates an authentication provider using the specified attributes. The submitted provider element values will be validated. The minimal set of parameters are:
SECURITY_ADMIN
All parameters are required unless otherwise stated.
Field | Description | Type | Notes |
authnprovider_create | |||
server_urls | Valid LDAP or LDAPS URL strings. | ||
server_url | String |
0-* Elements Valid Values:
|
|
domains | Active Directory domain names associated with this provider. If the server_url points to a Active Directory forest global catalog server, you may specify all or a subset of the forest's domains which this provider needs to interact with. For non Active Directory servers, domain represents a logical abstraction for this server which may not correspond to a network name. | ||
domain | String |
0-* Elements Valid Values:
|
|
group_whitelist_values | Names of the groups to be included when querying Active Directory for group membership information about a user or group. If the White List is set to a value, the provider will only receive group membership information about the groups matched by the value. If the White List is empty, all group membership information will be retrieved. (blank == "*"). | ||
group_whitelist_value | String |
0-* Elements Valid Values:
|
|
group_object_classes | Names of LDAP Group Object Classes. | ||
group_object_class | String |
0-* Elements Valid Values:
|
|
group_member_attributes | Names of LDAP Group Member Attributes. | ||
group_member_attribute | String |
0-* Elements Valid Values:
|
|
mode | Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP) | String |
Valid Values:
|
name | Name of the provider | String |
Valid Values:
|
description | Description of the provider | String |
Valid Values:
|
disable | Specifies if a provider is disabled or enabled. During provider creation or update, if disable is set to false, a basic connectivity test will be performed against the LDAP/AD server. If the disable parameter is set to true, no validation will be done and the provider will be added/updated as long as the parameters are syntactically correct. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. | Boolean |
Valid Values:
|
manager_dn | Distinguished Name for the bind user. | String |
Valid Values:
|
manager_password | Password for the manager DN "bind" user. | String | |
search_base | Search base from which the LDAP search will start when authenticating users. See also: search_scope | String |
Valid Values:
|
search_filter | Key value pair representing the search filter criteria. | String |
Valid Values:
|
search_scope | In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. | String |
Valid Values:
|
group_attribute | Attribute for group search. This is the attribute name that will be used to represent group membership. Once set during creation of the provider, the value for this parameter cannot be changed. | String |
Valid Values:
|
max_page_size | Maximum number of results that the LDAP server will return on a single page. | Integer |
Valid Values:
|
validate_certificates | Whether or not to validate certificates when LDAPS is used. | Boolean |
Valid Values:
|
Newly created provider details
Field | Description | Type | Notes |
authnprovider | |||
description | Description of the provider | String | |
disable | Specifies if a provider is disabled or enabled. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. | Boolean |
Valid Values:
|
domains | Active Directory domain names associated with this provider. If the server_url points to an Active Directory forest global catalog server, each such element may be one of the many domains from the forest. For non Active Directory servers, domain represents a logical abstraction for this server which may not correspond to a network name. | ||
domain | String |
0-* Elements Valid Values:
|
|
group_attribute | Attribute for group search. This is the attribute name that will be used to represent group membership. | String |
Valid Values:
|
group_whitelist_values | |||
group_whitelist_value | String |
0-* Elements |
|
group_object_classes | Names of LDAP Group Object Classes. | ||
group_object_class | String |
0-* Elements Valid Values:
|
|
group_member_attributes | Names of LDAP Group Member Attributes. | ||
group_member_attribute | String |
0-* Elements Valid Values:
|
|
manager_dn | Distinguished Name for the bind user. | String |
Valid Values:
|
max_page_size | Maximum number of results that the LDAP server will return on a single page. | Integer |
Valid Values:
|
mode | Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP) | String |
Valid Values:
|
search_base | Search base from which the LDAP search will start when authenticating users. See also: search_scope | String |
Valid Values:
|
search_filter | Key value pair representing the search filter criteria. | String |
Valid Values:
|
search_scope | In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. | String |
Valid Values:
|
server_urls | Valid LDAP or LDAPS URL strings. | ||
server_url | String |
0-* Elements Valid Values:
|
|
name | Name assigned to this resource in ECS. The resource name is set by a user and can be changed at any time. It is not a unique identifier. | String | |
id | Identifier that is generated by ECS when the resource is created. The resource Id is guaranteed to be unique and immutable across all virtual data centers for all time. | URI |
Valid Values:
|
link | Hyperlink to the details for this resource | ||
creation_time | Timestamp that shows when this resource was created in ECS | DateTime |
Valid Values:
|
tags | Keywords and labels that can be added by a user to a resource to make it easy to find when doing a search. | ||
tag | String |
0-* Elements |
|
inactive | Indicates whether the resource is inactive. When a user removes a resource, the resource is put in this state before it is removed from the ECS database. | Boolean |
Valid Values:
|
global | Indicates whether the resource is global. | Boolean |
Valid Values:
|
remote | Indicates whether the resource is remote. | Boolean |
Valid Values:
|
vdc | |||
id | Id of the related object | URI | |
link | Hyperlink to the related object | ||
internal | Indicates whether the resource is an internal resource. | Boolean |
Valid Values:
|
POST https://192.168.0.0:4443/vdc/admin/authnproviders HTTP/1.1 Content-Type: application/xml X-SDS-AUTH-TOKEN: <AUTH_TOKEN> <authnprovider_create> <name>ECS LDAP</name> <mode>ldap</mode> <description>ldap details</description> <server_urls> <server_url>ldap://192.168.0.10:1389</server_url> </server_urls> <domains> <domain>domain.com</domain> </domains> <group_whitelist_values> <group_whitelist_value>*Admin*</group_whitelist_value> <group_whitelist_value>*Test*</group_whitelist_value> </group_whitelist_values> <group_object_classes> <group_object_class>groupOfNames</group_object_class> </group_object_classes> <group_member_attributes> <group_member_attribute>member</group_member_attribute> </group_member_attributes> <disable>false</disable> <search_filter>uid=%U</search_filter> <search_base>DC=domain,DC=com</search_base> <manager_dn>CN=Manager,DC=domain,DC=com</manager_dn> <manager_password>secret</manager_password> <search_scope>ONELEVEL</search_scope> <group_attribute>CN</group_attribute> </authnprovider_create>
HTTP/1.1 200 OK Content-Type: application/xml <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <authnprovider> <id>urn:AuthProvider:be2a19e5-ab62-46b4-9beb-751be8fb973a</id> <name>ECS LDAP</name> <tags/> <description>ldap details</description> <disable>false</disable> <domains> <domain>domain.com</domain> </domains> <group_attribute>CN</group_attribute> <group_whitelist_values> <group_whitelist_value>*Admin*</group_whitelist_value> <group_whitelist_value>*Test*</group_whitelist_value> </group_whitelist_values> <group_member_attributes> <group_member_attribute>member</group_member_attribute> </group_member_attributes> <group_object_classes> <group_object_class>groupOfNames</group_object_class> </group_object_classes> <manager_dn>CN=Manager,DC=domain,DC=com</manager_dn> <max_page_size>0</max_page_size> <mode>ldap</mode> <search_base>DC=domain,DC=com</search_base> <search_filter>uid=%U</search_filter> <search_scope>ONELEVEL</search_scope> <server_urls> <server_url>ldap://192.168.0.10:1389</server_url> </server_urls> </authnprovider>