Authentication Provider:Update Provider

Search (SHIFT+S)

Update Provider

PUT /vdc/admin/authnproviders/{id}

Updates an authentication provider with the specified attribute values.

id	URN of the authentication provider to be updated

Query Parameters

allow_group_attr_change	Set this field to true to allow modification of the group-attribute field

Required Roles

SECURITY_ADMIN

Request Payload

<authnprovider_update>
   <server_url_changes>
      <add>
         <server_url></server_url>
      </add>
      <remove>
         <server_url></server_url>
      </remove>
   </server_url_changes>
   <domain_changes>
      <add>
         <domain></domain>
      </add>
      <remove>
         <domain></domain>
      </remove>
   </domain_changes>
   <group_whitelist_value_changes>
      <add>
         <group_whitelist_value></group_whitelist_value>
      </add>
      <remove>
         <group_whitelist_value></group_whitelist_value>
      </remove>
   </group_whitelist_value_changes>
   <group_object_class_changes>
      <add>
         <group_object_class></group_object_class>
      </add>
      <remove>
         <group_object_class></group_object_class>
      </remove>
   </group_object_class_changes>
   <group_member_attribute_changes>
      <add>
         <group_member_attribute></group_member_attribute>
      </add>
      <remove>
         <group_member_attribute></group_member_attribute>
      </remove>
   </group_member_attribute_changes>
   <mode></mode>
   <name></name>
   <description></description>
   <disable></disable>
   <manager_dn></manager_dn>
   <manager_password></manager_password>
   <search_base></search_base>
   <search_filter></search_filter>
   <search_scope></search_scope>
   <group_attribute></group_attribute>
   <max_page_size></max_page_size>
   <validate_certificates></validate_certificates>
</authnprovider_update>

{
  "server_url_changes": {
    "add": [
      ""
    ],
    "remove": [
      ""
    ]
  },
  "domain_changes": {
    "add": [
      ""
    ],
    "remove": [
      ""
    ]
  },
  "group_whitelist_value_changes": {
    "add": [
      ""
    ],
    "remove": [
      ""
    ]
  },
  "group_object_class_changes": {
    "add": [
      ""
    ],
    "remove": [
      ""
    ]
  },
  "group_member_attribute_changes": {
    "add": [
      ""
    ],
    "remove": [
      ""
    ]
  },
  "mode": "",
  "name": "",
  "description": "",
  "disable": "",
  "manager_dn": "",
  "manager_password": "",
  "search_base": "",
  "search_filter": "",
  "search_scope": "",
  "group_attribute": "",
  "max_page_size": "",
  "validate_certificates": ""
}

All parameters are required unless otherwise stated.

Field	Description	Type	Notes
authnprovider_update
server_url_changes
add	List of Server URLs to add. You cannot mix ldap and ldaps URLs
server_url		String	0-* Elements
remove	List of Server URLs to remove.
server_url		String	0-* Elements
domain_changes
add	List of domains to add.
domain		String	0-* Elements
remove	List of domains to remove.
domain		String	0-* Elements
group_whitelist_value_changes
add	List of white list values to add.
group_whitelist_value		String	0-* Elements
remove	List of white list values to remove.
group_whitelist_value		String	0-* Elements
group_object_class_changes
add	List of LDAP Object Class values to add.
group_object_class		String	0-* Elements
remove	List of LDAP Object Class values to remove.
group_object_class		String	0-* Elements
group_member_attribute_changes
add	List of LDAP Group Member Attributes values to add.
group_member_attribute		String	0-* Elements
remove	List of LDAP Group Member Attributes values to remove.
group_member_attribute		String	0-* Elements
mode	Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP)	String	Valid Values: ad ldap
name	Name of the provider	String	Valid Values: any string. provider names must be unique within a virtual data center Length: 2..128
description	Description of the provider	String	Valid Values: any string
disable	Specifies if a provider is disabled or enabled. During provider creation or update, if disable is set to false, a basic connectivity test will be performed against the LDAP/AD server. If the disable parameter is set to true, no validation will be done and the provider will be added/updated as long as the parameters are syntactically correct. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals.	Boolean	Valid Values: true to disable false to enable
manager_dn	Distinguished Name for the bind user.	String	Valid Values: Example: CN=Administrator,CN=Users,DC=domain,DC=com Example: domain\Administrator
manager_password	Password for the manager DN "bind" user.	String
search_base	Search base from which the LDAP search will start when authenticating users. See also: search_scope	String	Valid Values: Example: CN=Users,DC=domain,DC=com
search_filter	Key value pair representing the search filter criteria.	String	Valid Values: %u or %U needs to be present on the right side of the equal sign (Example: filterKey=%u). %u stands for the whole username string as typed in by the user. %U stands for the username portion only of the string containing the domain Example: in user@company.com, %U is user. %u is user@company.com
search_scope	In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue.	String	Valid Values: ONELEVEL = The search will start at the search_base location and continue up to one level deep SUBTREE = The search will start at the search_base location and continue through the entire tree
group_attribute	Attribute for group search. This is the attribute name that will be used to represent group membership. Once set during creation of the provider, the value for this parameter cannot be changed.	String	Valid Values: Example: "CN"
max_page_size	Maximum number of results that the LDAP server will return on a single page.	Integer	Valid Values: If provided, the value must be greater than 0 The value cannot be higher than the max page size configured on the LDAP server.
validate_certificates	Whether or not to validate certificates when LDAPS is used.	Boolean	Valid Values: true false

Response Body

Provider details with updated values

Field	Description	Type	Notes
authnprovider
description	Description of the provider	String
disable	Specifies if a provider is disabled or enabled. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals.	Boolean	Valid Values: true = disabled false = enabled
domains	Active Directory domain names associated with this provider. If the server_url points to an Active Directory forest global catalog server, each such element may be one of the many domains from the forest. For non Active Directory servers, domain represents a logical abstraction for this server which may not correspond to a network name.
domain		String	0-* Elements Valid Values: Example: domain.com
group_attribute	Attribute for group search. This is the attribute name that will be used to represent group membership.	String	Valid Values: Example: "CN"
group_whitelist_values
group_whitelist_value		String	0-* Elements
group_object_classes	Names of LDAP Group Object Classes.
group_object_class		String	0-* Elements Valid Values: Example: groupOfNames Example: groupOfUniqueNames
group_member_attributes	Names of LDAP Group Member Attributes.
group_member_attribute		String	0-* Elements Valid Values: Example: member Example: uniqueMember
manager_dn	Distinguished Name for the bind user.	String	Valid Values: Example: CN=Administrator,CN=Users,DC=domain,DC=com Example: domain\Administrator
max_page_size	Maximum number of results that the LDAP server will return on a single page.	Integer	Valid Values: Valid values must be greater than 0. The value cannot be higher than the max page size configured on the LDAP server.
mode	Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP)	String	Valid Values: AD LDAP
search_base	Search base from which the LDAP search will start when authenticating users. See also: search_scope	String	Valid Values: Example: CN=Users,DC=domain,DC=com
search_filter	Key value pair representing the search filter criteria.	String	Valid Values: %u or %U must be present on the right side of the equal sign. %u stands for the whole username string as typed in by the user. %U stands for the username portion only of the string containing the domain name. (for example: in user@company.com, %U is user. %u is user@company.com)
search_scope	In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue.	String	Valid Values: ONELEVEL = The search will start at the search_base location and continue up to one level deep SUBTREE = The search will start at the search_base location and continue through the entire tree
server_urls	Valid LDAP or LDAPS URL strings.
server_url		String	0-* Elements Valid Values: Example: ldap://10.10.10.145 Example: ldaps://10.10.10.145
name	Name assigned to this resource in ECS. The resource name is set by a user and can be changed at any time. It is not a unique identifier.	String
id	Identifier that is generated by ECS when the resource is created. The resource Id is guaranteed to be unique and immutable across all virtual data centers for all time.	URI	Valid Values: urn:storageos:resource-type:UUID:
link	Hyperlink to the details for this resource
creation_time	Timestamp that shows when this resource was created in ECS	DateTime	Valid Values: YYYY-MM-DDTHH:mm:ssZ
tags	Keywords and labels that can be added by a user to a resource to make it easy to find when doing a search.
tag		String	0-* Elements
inactive	Indicates whether the resource is inactive. When a user removes a resource, the resource is put in this state before it is removed from the ECS database.	Boolean	Valid Values: true false
global	Indicates whether the resource is global.	Boolean	Valid Values: true false
remote	Indicates whether the resource is remote.	Boolean	Valid Values: true false
vdc
id	Id of the related object	URI
link	Hyperlink to the related object
internal	Indicates whether the resource is an internal resource.	Boolean	Valid Values: true false

Examples

Request

PUT https://192.168.0.0:4443/vdc/admin/authnproviders/urn:AuthProvider:80ae338d-16f5-4c5b-bf7c-ce429ef455ce: HTTP/1.1

Content-Type: application/xml
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>

<?xml version="1.0" encoding="UTF-8" ?>
<authnprovider_update>
	<group_whitelist_value_changes>
	  <remove>
		 <group_whitelist_value>*Review</group_whitelist_value>
	  </remove>
	</group_whitelist_value_changes>
	<group_object_class_changes>
		<add>
			<group_object_class>groupOfNames</group_object_class>
		</add>
	</group_object_class_changes>
	<group_member_attribute_changes>
		<add>
			<group_member_attribute>member</group_member_attribute>
		</add>
	</group_member_attribute_changes>
	<mode>ldap</mode>
	<manager_dn>CN=Manager,DC=domain,DC=com</manager_dn>
	<manager_password>secret</manager_password>
	<search_base>DC=domain,DC=com</search_base>
	<group_attribute>CN</group_attribute>
</authnprovider_update>

Response

HTTP/1.1 200 OK
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authnprovider>
    <id>urn:AuthProvider:80ae338d-16f5-4c5b-bf7c-ce429ef455ce</id>
    <name>ECS LDAP</name>
    <tags/>
    <description>ldap details</description>
    <disable>false</disable>
    <domains>
        <domain>domain.com</domain>
    </domains>
    <group_attribute>CN</group_attribute>
    <group_whitelist_values>
        <group_whitelist_value>*</group_whitelist_value>
    </group_whitelist_values>
    <group_member_attributes>
        <group_member_attribute>member</group_member_attribute>
    </group_member_attributes>
    <group_object_classes>
        <group_object_class>groupOfNames</group_object_class>
    </group_object_classes>
    <manager_dn>CN=Manager,DC=domain,DC=com</manager_dn>
    <max_page_size>0</max_page_size>
    <mode>ldap</mode>
    <search_base>DC=domain,DC=com</search_base>
    <search_filter>uid=%U</search_filter>
    <search_scope>SUBTREE</search_scope>
    <server_urls>
        <server_url>ldap://192.168.0.10:1389</server_url>
    </server_urls>
</authnprovider>

Request

PUT https://192.168.0.0:4443/vdc/admin/authnproviders/urn:AuthProvider:80ae338d-16f5-4c5b-bf7c-ce429ef455ce:.json HTTP/1.1

Content-Type: application/json
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>

{
  "group_whitelist_value_changes":
    { "remove": [ "*Review" ]
    },
  "group_object_class_changes":
    { "add": [ "groupOfNames" ]
    },
    "group_member_attribute_changes":
    { "add": [ "member" ]
    },
  "mode": "ldap",
  "manager_dn": "CN=Manager,DC=domain,DC=com",
  "manager_password": "secret",
  "search_base": "DC=domain,DC=com",
  "group_attribute": "CN"
}

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    "global": null,
    "remote": null,
    "vdc": null,
    "name": "ECS LDAP",
    "id": "urn:AuthProvider:80ae338d-16f5-4c5b-bf7c-ce429ef455ce",
    "link": null,
    "creation_time": null,
    "inactive": null,
    "tag": [],
    "internal": null,
    "mode": "ldap",
    "domains": [
        "domain.com"
    ],
    "search_filter": "uid=%U",
    "search_scope": "SUBTREE",
    "search_base": "DC=domain,DC=com",
    "manager_dn": "CN=Manager,DC=domain,DC=com",
    "group_attribute": "CN",
    "server_urls": [
        "ldap://192.168.0.10:1389"
    ],
    "group_whitelist_values": [
        "*"
    ],
    "group_object_classes": [
        "groupOfNames"
    ],
    "group_member_attributes": [
        "member"
    ],
    "disable": false,
    "description": "ldap details",
    "max_page_size": 0
}

Request

cat body.txt

<?xml version="1.0" encoding="UTF-8" ?>
<authnprovider_update>
	<group_whitelist_value_changes>
	  <remove>
		 <group_whitelist_value>*Review</group_whitelist_value>
	  </remove>
	</group_whitelist_value_changes>
	<group_object_class_changes>
		<add>
			<group_object_class>groupOfNames</group_object_class>
		</add>
	</group_object_class_changes>
	<group_member_attribute_changes>
		<add>
			<group_member_attribute>member</group_member_attribute>
		</add>
	</group_member_attribute_changes>
	<mode>ldap</mode>
	<manager_dn>CN=Manager,DC=domain,DC=com</manager_dn>
	<manager_password>secret</manager_password>
	<search_base>DC=domain,DC=com</search_base>
	<group_attribute>CN</group_attribute>
</authnprovider_update>

curl -H $token -H "Content-Type: application/xml" -X PUT --data @body.txt https://$nodeIp:4443/vdc/admin/authnproviders/urn

Response

HTTP/1.1 200 OK
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authnprovider>
    <id>urn:AuthProvider:80ae338d-16f5-4c5b-bf7c-ce429ef455ce</id>
    <name>ECS LDAP</name>
    <tags/>
    <description>ldap details</description>
    <disable>false</disable>
    <domains>
        <domain>domain.com</domain>
    </domains>
    <group_attribute>CN</group_attribute>
    <group_whitelist_values>
        <group_whitelist_value>*</group_whitelist_value>
    </group_whitelist_values>
    <group_member_attributes>
        <group_member_attribute>member</group_member_attribute>
    </group_member_attributes>
    <group_object_classes>
        <group_object_class>groupOfNames</group_object_class>
    </group_object_classes>
    <manager_dn>CN=Manager,DC=domain,DC=com</manager_dn>
    <max_page_size>0</max_page_size>
    <mode>ldap</mode>
    <search_base>DC=domain,DC=com</search_base>
    <search_filter>uid=%U</search_filter>
    <search_scope>SUBTREE</search_scope>
    <server_urls>
        <server_url>ldap://192.168.0.10:1389</server_url>
    </server_urls>
</authnprovider>