Update LDAP-Based Authentication Configuration REST Service
Use the Update LDAP-Based Authentication Configuration REST Service to configure the authentication requirements in containerized IBM® Security Guardium® Key Lifecycle Manager.
- Operation
POST
- URL
- https://host:port/SKLM/rest/v1/authnConfigProperties/ldap
By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.
Request
Request Parameters
Parameter | Description |
---|---|
host | Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server. |
port | Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests. |
Request Headers
Header name | Value |
---|---|
Content-Type | application/json |
Accept | application/json |
Authorization | SKLMAuth userAuthId=<authIdValue> |
Accept-Language | Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, en or de. |
Request body
JSON object with the following specification:
Property name | Description |
---|---|
AUTH_TYPE_LDAP | Specify true if you want to configure a supported LDAP
provider for user authentication. Otherwise, by default, file-based authentication is available.
Other possible value is false. |
LDAP_TYPE | Specify the type of LDAP server to be connected to. Possible values:
Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
LDAP_HOST | Specify the host name or IP address of the LDAP server. Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
LDAP_PORT | Specify the port number of the LDAP server. Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
LDAP_BASE_ENTRY | Specify the base node in the LDAP directory. For
example:
where, DC is Domain Component. Note: This parameter is mandatory if you have specified true
as a value in the AUTH_TYPE_LDAP parameter.
|
LDAP_GR_OBJECT_CLASS | Specify the object class that is defined for the group LDAP entity type in the LDAP server. For example, GroupofUniquenames. |
LDAP_PR_OBJECT_CLASS | Specify the object class that is defined for the person LDAP entity type in the LDAP server. For example, person. |
LDAP_RECURSIVE_SEARCH | Specify true to indicate whether to perform a nested group search.
Other value: false (default) Specify true only if the LDAP server does not support recursive server-side searches. |
LDAP_USER_FILTER | Specify an LDAP filter clause for searching the user registry for users. |
LDAP_GROUP_FILTER | Specify an LDAP filter clause for searching the user registry for groups. |
LDAP_USER_ID_MAP | Specify an LDAP filter that maps the name of a user to an LDAP entry. |
LDAP_GROUP_ID_MAP | Specify an LDAP filter that maps the name of a group to an LDAP entry. |
LDAP_GROUP_MEMBER_ID_MAP | Specify an LDAP filter that identifies user to group memberships. |
LDAP_BIND_DN | Specify the distinguished name (DN) for the application server, which is used to bind to the directory service. |
LDAP_BIND_PASSWD | Specify the password for the DN that is specified in the LDAP_BIND_DN parameter. The value can be stored in clear text. |
LDAP_SSL_ENABLED | Specify true to indicate that a TLS connection must be made to the LDAP server. Otherwise, specify false. |
LDAP_SKLMADMIN_USERNAME | Specify the full distinguished name (DN) of the LDAP administrator. You can specify only
alphanumeric, period (.), and underscore (_) characters. Note: You must provide a value for this
parameter or for the SKLMADMIN_USERNAME parameter if you have specified
true as the value in the AUTH_TYPE_LDAP
parameter.
|
LDAP_DISPLAY_NAME | Specify a name for the LDAP user to be displayed on the graphical user interface. |
Response
Response Headers
Header name | Value and description |
---|---|
Status Code |
|
Content-Type | application/json |
Content-Language | Locale for the response message. |
Success response body
JSON object with the following specification:
JSON property name | Description |
---|---|
code | Returns the code that is specified by the status property. |
status | Returns the request status. |
Error Response Body
JSON object with the following specification.
JSON property name | Description |
---|---|
code | Returns the application error code. |
message | Returns a message that describes the error. |
Example
- Specify LDAP configuration
-
POST https://localhost:port/SKLM/rest/v1/authnConfigProperties/ldap { "AUTH_TYPE_LDAP": "true", "LDAP_TYPE": "IBM Seurity Directory Server", "LDAP_HOST": "klm.abc.com", "LDAP_PORT": "389", "LDAP_BASE_ENTRY": "o=abc.com" }
- Success response
-
{ "code": "CTGKM6204I", "status": "CTGKM6204I LDAP Configuration settings are updated." }
- Error response
-
{"code":"CTGKM6002E", "message":"CTGKM6002E Bad Request: Invalid user authentication ID or invalid request format."}
Date | Change description |
20 Oct 2021 | Corrected the example. |
30 Sept 2021 | Removed ckms from the REST endpoint. |
10 Sept 2021 | Initial version. |