To work with LDAP settings, execute requests using the "ldap" API method (determine administrator token before executing the request):
Get LDAP connection settings:
curl -v '<IP address or DNS server name>/api/v2/ldap/settings/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'
The example of response:
{
"is_enabled": true,
"host": "127.0.0.1",
"port": 389,
"is_ssl": false,
"is_global_catalog": true,
"base_dn": "dc=local",
"tech_user_login": "login",
"kerberos_enabled": false,
"kerberos_host": null,
"kerberos_port": 88
}
Change LDAP connection settings:
curl -X PUT -v '<IP address or DNS server name>/api/v2/ldap/settings/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>' -d '{
"is_enabled": <LDAP directory connection indicator (true/false)>,
"delete_users_and_groups": <indicates whether users and groups are deleted on disconnecting LDAP (true/false)>,
"host": "<host>",
"port": <port>,
"is_ssl": <LDAP SSL connection indicator (true/false)>,
"is_global_catalog": <global directory connection indicator (true/false)>,
"base_dn": "<LDAP directory branch>",
"tech_user_login": "<technical user login>",
"tech_user_password": "<technical user password>",
"kerberos_enabled": <Kerberos connection indicator (true/false)>,
"kerberos_host": "<Kerberos host>",
"kerberos_port": <Kerberos port>
}’
The example of response:
{
"is_enabled": true,
"host": "127.0.0.1",
"port": 389,
"is_ssl": false,
"is_global_catalog": true,
"base_dn": "dc=new_local,dc=local",
"tech_user_login": "new_login",
"kerberos_enabled": false,
"kerberos_host": null,
"kerberos_port": 88
}
Get LDAP attributes:
curl -v '<IP address or DNS server name>/api/v2/ldap/settings/attrs/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'
The example of response:
{
"ldap_attribute_login": "sAMAccountName",
"ldap_attribute_full_name": "CN",
"ldap_attribute_email": "mail",
"ldap_attribute_is_active": "userAccountControl",
"ldap_attribute_sid": "objectSID",
"ldap_attribute_group_name": "CN",
"ldap_attribute_member": "memberOf",
"ldap_attribute_upn": "userPrincipalName"
}
Change LDAP attributes:
curl -X PUT -v '<IP address or DNS server name>/api/v2/ldap/settings/attrs/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>' -d '{
"ldap_attribute_login": "<user name search attribute>",
"ldap_attribute_full_name": "<full name search attribute>",
"ldap_attribute_email": "<e-mail attribute>",
"ldap_attribute_is_active": "<account activity attribute>",
"ldap_attribute_sid": "<SID attribute>",
"ldap_attribute_group_name": "<group name search attribute>",
"ldap_attribute_member": "<list of users in group attribute>",
"ldap_attribute_upn": "<user address with domain search attribute>"
}'
The example of response:
{
"ldap_attribute_login": "AccountName",
"ldap_attribute_full_name": "CN",
"ldap_attribute_email": "yandex",
"ldap_attribute_is_active": "userAccountControl",
"ldap_attribute_sid": "SID",
"ldap_attribute_group_name": "CN",
"ldap_attribute_member": "memberOf",
"ldap_attribute_upn": "userPrincipalName"
}
Get LDAP synchronization schedule:
curl -v '<IP address or DNS server name>/api/v2/ldap/schedule/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'
The example of response:
{
"crontab": "0 12 * * *"
}
Change LDAP synchronization schedule:
curl -X POST -v '<IP address or DNS server name>/api/v2/ldap/schedule/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>' -d '{"crontab": "<synchronization schedule in the cron format>"}'
The example of response:
{
"crontab": "0 */4 * * *"
}
Disable scheduled synchronization:
curl -X DELETE -v '<IP address or DNS server name>/api/v2/ldap/schedule/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'
The example of response:
204
See also: