Directory management APIs

APIs to manage the LDAP directory.

Base path: https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap

Connect to an LDAP directory

API version
1.0.0
API URI components
Scheme
HTTPS
Host IP
cluster_lb_address
Port number
8443
Path
idmgmt/identity/api/v1/directory/ldap/onboardDirectory
Command
POST
Command output format
application/json

Note: In the curl command, you must use a base64-encoded password in the "LDAP_BINDPASSWORD" parameter. To encode the password, use the following command:

echo -n <password> | base64

Following is an example output:

UGFzc3cwcmQ=

The sample curl command resembles the following code:

curl -k -X POST --header "Authorization: bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' -d '{"LDAP_ID": "Corp", "LDAP_URL": "ldap://corp.abc.com:389", "LDAP_BASEDN": "o=ibm.com", "LDAP_BINDDN": "", "LDAP_BINDPASSWORD": "", "LDAP_TYPE": "IBM Tivoli Directory Server", "LDAP_USERFILTER": "(&(emailAddress=%v)(objectclass=ePerson))", "LDAP_GROUPFILTER": "(&(cn=%v)(objectclass=groupOfUniqueNames))", "LDAP_USERIDMAP": "*:emailAddress","LDAP_GROUPIDMAP":"*:cn", "LDAP_GROUPMEMBERIDMAP": "groupOfUniqueNames:uniqueMember"}' 'https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/onboardDirectory'

For more information about the LDAP parameters, see Configuring LDAP authentication.

The response resembles the following code:

"8b019a10-daa0-11e7-8dba-bf3c83e12db5"

List LDAP connections

API version
1.0.0
API URI components
Scheme
HTTPS
Host IP
cluster_lb_address
Port number
8443
Path
idmgmt/identity/api/v1/directory/ldap/list
Command
GET
Command output format
application/json

The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/list'

The response resembles the following code:

[{"id":"8b019a10-daa0-11e7-8dba-bf3c83e12db5","LDAP_ID":"Corp","LDAP_REALM":"REALM","LDAP_HOST":"corp.abc.com","LDAP_PORT":"389","LDAP_BASEDN":"o=ibm.com","LDAP_BINDDN":"","LDAP_BINDPASSWORD":"","LDAP_TYPE":"IBM Tivoli Directory Server","LDAP_USERFILTER":"(&(emailAddress=%v)(objectclass=ePerson))","LDAP_GROUPFILTER":"(&(cn=%v)(objectclass=groupOfUniqueNames))","LDAP_USERIDMAP":"*:emailAddress","LDAP_GROUPIDMAP":"*:cn","LDAP_GROUPMEMBERIDMAP":"groupOfUniqueNames:uniqueMember","LDAP_URL":"ldap://corp.abc.com:389","LDAP_PROTOCOL":"ldap"}]

Delete LDAP directory

API version
1.0.0
API URI components
Scheme
HTTPS
Host IP
cluster_lb_address
Port number
8443
Path
idmgmt/identity/api/v1/directory/ldap/offboardDirectory
Command
POST
Command output format
application/json

The sample curl command resembles the following code:

curl -k -X POST --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/offboardDirectory'

The response resembles the following code:

"Count: 1"
API version
1.0.0
API URI components
Scheme
HTTPS
Host IP
cluster_lb_address
Port number
8443
Path
idmgmt/identity/api/v1/directory/ldap/{id}/fetchUserGroups
Command
GET
Command output format
application/json

The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" "https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/{LDAP ID}/fetchUserGroups?searchString=*sec*"

The response resembles the following code:

[{"cn":"security","dn":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com"},{"cn":"cloudSecurity","dn":"cn=cloudSecurity,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com"}]

Search for users in your LDAP directory

API version
1.0.0
API URI components
Scheme
HTTPS
Host IP
cluster_lb_address
Port number
8443
Path
idmgmt/identity/api/v1/directory/ldap/{id}/fetchUsers
Command
GET
Command output format
application/json

The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" "https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/{LDAP ID}/fetchUsers?searchString=*test*"

The response resembles the following code:

[{"cn":"TestUser","dn":"uid=testuser,ou=people,dc=ibm,dc=com"},{"cn":"test1","dn":"uid=test1,ou=people,dc=ibm,dc=com"}]

Import user groups from your LDAP directory

API version
1.0.0
API URI components
Scheme
HTTPS
Host IP
cluster_lb_address
Port number
8443
Path
idmgmt/identity/api/v1/directory/ldap/{id}/importUserGroups
Command
POST
Command output format
application/json

The sample curl command resembles the following code:

curl -k -X POST --header "Authorization: Bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "baseDN": "cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com" }' "https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/fb01b1d0-1fa4-11e8-80d6-15882dd657a0/importUserGroups"

The response resembles the following code:

{"name":"security","directoryId":"fb01b1d0-1fa4-11e8-80d6-15882dd657a0","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com"}

Import users from your LDAP directory

API version
1.0.0
API URI components
Scheme
HTTPS
Host IP
cluster_lb_address
Port number
8443
Path
idmgmt/identity/api/v1/directory/ldap/{id}/importUser
Command
POST
Command output format
application/json

The sample curl command resembles the following code:

curl -k -X POST --header "Authorization: Bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "baseDN": "uid=testuser,ou=people,dc=ibm,dc=com" }' "https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/fb01b1d0-1fa4-11e8-80d6-15882dd657a0/importUser"'

The response resembles the following code:

{"userId":"testuser","directoryId":"fb01b1d0-1fa4-11e8-80d6-15882dd657a0","firstName":"TestUser","lastName":"","email":"testuser@ibm.com","lastLogin":"","userBaseDN":"uid=testuser,ou=people,dc=ibm,dc=com","type":"LDAP","_id":"testuser","loopback__model__name":"Users"}