Method for Working with LDAP Settings

To work with LDAP settings, execute requests using the "ldap" API method (determine administrator token before executing the request):

curl -v '<IP address or DNS server name>/api/v2/ldap/settings/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'

The example of response:

{
    "is_enabled": true,
    "host": "127.0.0.1",
    "port": 389,
    "is_ssl": false,
    "is_global_catalog": true,
    "base_dn": "dc=local",
    "tech_user_login": "login",
    "kerberos_enabled": false,
    "kerberos_host": null,
    "kerberos_port": 88
}

curl -X PUT -v '<IP address or DNS server name>/api/v2/ldap/settings/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>' -d '{
    "is_enabled": <LDAP directory connection indicator (true/false)>,
    "delete_users_and_groups": <indicates whether users and groups are deleted on disconnecting LDAP (true/false)>,
    "host": "<host>",
    "port": <port>,
    "is_ssl": <LDAP SSL connection indicator (true/false)>,
    "is_global_catalog": <global directory connection indicator (true/false)>,
    "base_dn": "<LDAP directory branch>",
    "tech_user_login": "<technical user login>",
    "tech_user_password": "<technical user password>",
    "kerberos_enabled": <Kerberos connection indicator (true/false)>,
    "kerberos_host": "<Kerberos host>",
    "kerberos_port": <Kerberos port>
}’

The example of response:

{
    "is_enabled": true,
    "host": "127.0.0.1",
    "port": 389,
    "is_ssl": false,
    "is_global_catalog": true,
    "base_dn": "dc=new_local,dc=local",
    "tech_user_login": "new_login",
    "kerberos_enabled": false,
    "kerberos_host": null,
    "kerberos_port": 88
}

curl -v '<IP address or DNS server name>/api/v2/ldap/settings/attrs/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'

The example of response:

{
    "ldap_attribute_login": "sAMAccountName",
    "ldap_attribute_full_name": "CN",
    "ldap_attribute_email": "mail",
    "ldap_attribute_is_active": "userAccountControl",
    "ldap_attribute_sid": "objectSID",
    "ldap_attribute_group_name": "CN",
    "ldap_attribute_member": "memberOf",
    "ldap_attribute_upn": "userPrincipalName"
}

curl -X PUT -v '<IP address or DNS server name>/api/v2/ldap/settings/attrs/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>' -d '{
    "ldap_attribute_login": "<user name search attribute>",
    "ldap_attribute_full_name": "<full name search attribute>",
    "ldap_attribute_email": "<e-mail attribute>",
    "ldap_attribute_is_active": "<account activity attribute>",
    "ldap_attribute_sid": "<SID attribute>",
    "ldap_attribute_group_name": "<group name search attribute>",
    "ldap_attribute_member": "<list of users in group attribute>",
    "ldap_attribute_upn": "<user address with domain search attribute>"
}'

The example of response:

{
    "ldap_attribute_login": "AccountName",
    "ldap_attribute_full_name": "CN",
    "ldap_attribute_email": "yandex",
    "ldap_attribute_is_active": "userAccountControl",
    "ldap_attribute_sid": "SID",
    "ldap_attribute_group_name": "CN",
    "ldap_attribute_member": "memberOf",
    "ldap_attribute_upn": "userPrincipalName"
}

curl -v '<IP address or DNS server name>/api/v2/ldap/schedule/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'

The example of response:

{
    "crontab": "0 12 * * *"
}

curl -X POST -v '<IP address or DNS server name>/api/v2/ldap/schedule/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>' -d '{"crontab": "<synchronization schedule in the cron format>"}'

The example of response:

{
    "crontab": "0 */4 * * *"
}

curl -X DELETE -v '<IP address or DNS server name>/api/v2/ldap/schedule/' --header 'Content-Type: application/json' -H 'Authorization: Bearer <administrator token>'

The example of response:

204

See also:

Server API