Cloud Enterprise Object Storage REST API

Search (SHIFT+S)




Modified since last release

Update Provider

PUT /vdc/admin/authnproviders/{id}

Updates an authentication provider with the specified attribute values.

idURN of the authentication provider to be updated

Query Parameters

allow_group_attr_changeSet this field to true to allow modification of the group-attribute field

Required Roles

  • SECURITY_ADMIN


Request Payload

All parameters are required unless otherwise stated.

Field Description Type Notes
authnprovider_update
server_url_changes    
add List of Server URLs to add. You cannot mix ldap and ldaps URLs
server_url String 0-* Elements
remove List of Server URLs to remove.
server_url String 0-* Elements
domain_changes    
add List of domains to add.
domain String 0-* Elements
remove List of domains to remove.
domain String 0-* Elements
group_whitelist_value_changes    
add List of white list values to add.
group_whitelist_value String 0-* Elements
remove List of white list values to remove.
group_whitelist_value String 0-* Elements
mode Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP) String Valid Values:
  •  ad
  •  ldap
name Name of the provider String Valid Values:
  •  any string.
  •  provider names must be unique within a virtual data center
  •  Length: 2..128
description Description of the provider String Valid Values:
  •  any string
disable Specifies if a provider is disabled or enabled. During provider creation or update, if disable is set to false, a basic connectivity test will be performed against the LDAP/AD server. If the disable parameter is set to true, no validation will be done and the provider will be added/updated as long as the parameters are syntactically correct. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. Boolean Valid Values:
  •  true to disable
  •  false to enable
manager_dn Distinguished Name for the bind user. String Valid Values:
  •  Example: CN=Administrator,CN=Users,DC=domain,DC=com
  •  Example: domain\Administrator
manager_password Password for the manager DN "bind" user. String
search_base Search base from which the LDAP search will start when authenticating users. See also: search_scope String Valid Values:
  •  Example: CN=Users,DC=domain,DC=com
search_filter Key value pair representing the search filter criteria. String Valid Values:
  •  %u or %U needs to be present on the right side of the equal sign (Example: filterKey=%u).
  •  %u stands for the whole username string as typed in by the user.
  •  %U stands for the username portion only of the string containing the domain
  •  Example: in user@company.com, %U is user. %u is user@company.com
search_scope In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. String Valid Values:
  •  ONELEVEL = The search will start at the search_base location and continue up to one level deep
  •  SUBTREE = The search will start at the search_base location and continue through the entire tree
group_attribute Attribute for group search. This is the attribute name that will be used to represent group membership. Once set during creation of the provider, the value for this parameter cannot be changed. String Valid Values:
  •  Example: "CN"
max_page_size Maximum number of results that the LDAP server will return on a single page. Integer Valid Values:
  •  If provided, the value must be greater than 0
  •  The value cannot be higher than the max page size configured on the LDAP server.
validate_certificates Whether or not to validate certificates when LDAPS is used. Boolean Valid Values:
  •  true
  •  false

Response Body

Provider details with updated values

Field Description Type Notes
authnprovider
description Description of the provider String
disable Specifies if a provider is disabled or enabled. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. Boolean Valid Values:
  •  true = disabled
  •  false = enabled
domains Active Directory domain names associated with this provider. If the server_url points to an Active Directory forest global catalog server, each such element may be one of the many domains from the forest. For non Active Directory servers, domain represents a logical abstraction for this server which may not correspond to a network name.
domain String 0-* Elements
Valid Values:
  •  Example: domain.com
group_attribute Attribute for group search. This is the attribute name that will be used to represent group membership. String Valid Values:
  •  Example: "CN"
group_whitelist_values
group_whitelist_value String 0-* Elements
manager_dn Distinguished Name for the bind user. String Valid Values:
  •  Example: CN=Administrator,CN=Users,DC=domain,DC=com
  •  Example: domain\Administrator
max_page_size Maximum number of results that the LDAP server will return on a single page. Integer Valid Values:
  •  Valid values must be greater than 0.
  •  The value cannot be higher than the max page size configured on the LDAP server.
mode Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP) String Valid Values:
  •  AD
  •  LDAP
search_base Search base from which the LDAP search will start when authenticating users. See also: search_scope String Valid Values:
  •  Example: CN=Users,DC=domain,DC=com
search_filter Key value pair representing the search filter criteria. String Valid Values:
  •  %u or %U must be present on the right side of the equal sign.
  •  %u stands for the whole username string as typed in by the user.
  •  %U stands for the username portion only of the string containing the domain name. (for example: in user@company.com, %U is user. %u is user@company.com)
search_scope In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. String Valid Values:
  •  ONELEVEL = The search will start at the search_base location and continue up to one level deep
  •  SUBTREE = The search will start at the search_base location and continue through the entire tree
server_urls Valid LDAP or LDAPS URL strings.
server_url String 0-* Elements
Valid Values:
  •  Example: ldap://10.10.10.145
  •  Example: ldaps://10.10.10.145
name Name assigned to this resource in ECS. The resource name is set by a user and can be changed at any time. It is not a unique identifier. String
id Identifier that is generated by ECS when the resource is created. The resource Id is guaranteed to be unique and immutable across all virtual data centers for all time. URI Valid Values:
  •  urn:storageos:resource-type:UUID:
link Hyperlink to the details for this resource
creation_time Timestamp that shows when this resource was created in ECS DateTime Valid Values:
  •  YYYY-MM-DDTHH:mm:ssZ
tags Keywords and labels that can be added by a user to a resource to make it easy to find when doing a search.
tag String 0-* Elements
inactive Indicates whether the resource is inactive. When a user removes a resource, the resource is put in this state before it is removed from the ECS database. Boolean Valid Values:
  •  true
  •  false
global Indicates whether the resource is global. Boolean Valid Values:
  •  true
  •  false
remote Indicates whether the resource is remote. Boolean Valid Values:
  •  true
  •  false
vdc    
id Id of the related object URI
link Hyperlink to the related object
internal Indicates whether the resource is an internal resource. Boolean Valid Values:
  •  true
  •  false

Examples

Request
PUT https://192.168.0.0:4443/vdc/admin/authnproviders/urn:storageos:AuthnProvider:72c88db9-2e7b-41f3-a1a4-1e3ff1fc2d6d: HTTP/1.1

Content-Type: application/xml
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>

<?xml version="1.0" encoding="UTF-8" ?>
<group_whitelist_value_changes>
	<remove>
		<group_whitelist_value>*Review</group_whitelist_value>
	</remove>
</group_whitelist_value_changes>
Response
HTTP/1.1 200 OK
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" ?>
<authnprovider_update>
	<id>urn:storageos:AuthnProvider:72c88db9-2e7b-41f3-a1a4-1e3ff1fc2d6d:</id>
	<link>
		<rel>self</rel>
		<href>/vdc/admin/authnproviders/urn:storageos:AuthnProvider:72c88db9-2e7b-41f3-a1a4-1e3ff1fc2d6d:</href>
	</link>
	<inactive>false</inactive>
	<mode>ldap</mode>
	<domains>tenant.domain</domains>
	<disable>false</disable>
	<creation_time>1379170785677</creation_time>
	<server_urls>ldap://192.168.0.10</server_urls>
	<group_whitelist_values>*Admins*</group_whitelist_values>
	<group_whitelist_values>*Test*</group_whitelist_values>
</authnprovider_update>