Search (SHIFT+S)
ECS Management API
ECS Object Service API
-
Amazon S3
- S3 Bucket
- S3 Bucket ACL
- S3 Bucket Cors
- S3 Bucket Is Stale Allowed
- S3 Bucket Lifecycle
- S3 Bucket List Uploads
- S3 Bucket Location
- S3 Bucket Policy
- S3 Bucket Versioning
- S3 Bucket Versions
- S3 Data Node
- S3 Metadata Key List
- S3 Metadata Key System List
- S3 Metadata Search
- S3 Multi Object Delete
- S3 Object
- S3 Object ACL
- S3 Object Init Uploads
- S3 Object Replication Info Operations
- S3 Object Tagging Operations
- S3 Object Uploads
- S3 Options
- S3 Ping
- S3 Retention Update Operation
- EMC Atmos
- OpenStack Swift
ECS API Changes
Modified since last release
Update Provider
PUT /vdc/admin/authnproviders/{id}
Updates an authentication provider with the specified attribute values.
| id | URN of the authentication provider to be updated |
Query Parameters
| allow_group_attr_change | Set this field to true to allow modification of the group-attribute field |
Required Roles
SECURITY_ADMIN
Request Payload
All parameters are required unless otherwise stated.
| Field | Description | Type | Notes |
| authnprovider_update | |||
| server_url_changes | |||
| add | List of Server URLs to add. You cannot mix ldap and ldaps URLs | ||
| server_url | String |
0-* Elements |
|
| remove | List of Server URLs to remove. | ||
| server_url | String |
0-* Elements |
|
| domain_changes | |||
| add | List of domains to add. | ||
| domain | String |
0-* Elements |
|
| remove | List of domains to remove. | ||
| domain | String |
0-* Elements |
|
| group_whitelist_value_changes | |||
| add | List of white list values to add. | ||
| group_whitelist_value | String |
0-* Elements |
|
| remove | List of white list values to remove. | ||
| group_whitelist_value | String |
0-* Elements |
|
| mode | Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP) | String |
Valid Values:
|
| name | Name of the provider | String |
Valid Values:
|
| description | Description of the provider | String |
Valid Values:
|
| disable | Specifies if a provider is disabled or enabled. During provider creation or update, if disable is set to false, a basic connectivity test will be performed against the LDAP/AD server. If the disable parameter is set to true, no validation will be done and the provider will be added/updated as long as the parameters are syntactically correct. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. | Boolean |
Valid Values:
|
| manager_dn | Distinguished Name for the bind user. | String |
Valid Values:
|
| manager_password | Password for the manager DN "bind" user. | String | |
| search_base | Search base from which the LDAP search will start when authenticating users. See also: search_scope | String |
Valid Values:
|
| search_filter | Key value pair representing the search filter criteria. | String |
Valid Values:
|
| search_scope | In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. | String |
Valid Values:
|
| group_attribute | Attribute for group search. This is the attribute name that will be used to represent group membership. Once set during creation of the provider, the value for this parameter cannot be changed. | String |
Valid Values:
|
| max_page_size | Maximum number of results that the LDAP server will return on a single page. | Integer |
Valid Values:
|
| validate_certificates | Whether or not to validate certificates when LDAPS is used. | Boolean |
Valid Values:
|
Response Body
Provider details with updated values
| Field | Description | Type | Notes |
| authnprovider | |||
| description | Description of the provider | String | |
| disable | Specifies if a provider is disabled or enabled. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. | Boolean |
Valid Values:
|
| domains | Active Directory domain names associated with this provider. If the server_url points to an Active Directory forest global catalog server, each such element may be one of the many domains from the forest. For non Active Directory servers, domain represents a logical abstraction for this server which may not correspond to a network name. | ||
| domain | String |
0-* Elements Valid Values:
|
|
| group_attribute | Attribute for group search. This is the attribute name that will be used to represent group membership. | String |
Valid Values:
|
| group_whitelist_values | |||
| group_whitelist_value | String |
0-* Elements |
|
| manager_dn | Distinguished Name for the bind user. | String |
Valid Values:
|
| max_page_size | Maximum number of results that the LDAP server will return on a single page. | Integer |
Valid Values:
|
| mode | Type of provider. Active Directory(AD) or generic LDAPv3 (LDAP) | String |
Valid Values:
|
| search_base | Search base from which the LDAP search will start when authenticating users. See also: search_scope | String |
Valid Values:
|
| search_filter | Key value pair representing the search filter criteria. | String |
Valid Values:
|
| search_scope | In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. | String |
Valid Values:
|
| server_urls | Valid LDAP or LDAPS URL strings. | ||
| server_url | String |
0-* Elements Valid Values:
|
|
| name | Name assigned to this resource in ECS. The resource name is set by a user and can be changed at any time. It is not a unique identifier. | String | |
| id | Identifier that is generated by ECS when the resource is created. The resource Id is guaranteed to be unique and immutable across all virtual data centers for all time. | URI |
Valid Values:
|
| link | Hyperlink to the details for this resource | ||
| creation_time | Timestamp that shows when this resource was created in ECS | DateTime |
Valid Values:
|
| tags | Keywords and labels that can be added by a user to a resource to make it easy to find when doing a search. | ||
| tag | String |
0-* Elements |
|
| inactive | Indicates whether the resource is inactive. When a user removes a resource, the resource is put in this state before it is removed from the ECS database. | Boolean |
Valid Values:
|
| global | Indicates whether the resource is global. | Boolean |
Valid Values:
|
| remote | Indicates whether the resource is remote. | Boolean |
Valid Values:
|
| vdc | |||
| id | Id of the related object | URI | |
| link | Hyperlink to the related object | ||
| internal | Indicates whether the resource is an internal resource. | Boolean |
Valid Values:
|
Examples
Request
PUT https://192.168.0.0:4443/vdc/admin/authnproviders/urn:storageos:AuthnProvider:72c88db9-2e7b-41f3-a1a4-1e3ff1fc2d6d: HTTP/1.1 Content-Type: application/xml X-SDS-AUTH-TOKEN: <AUTH_TOKEN> <?xml version="1.0" encoding="UTF-8" ?> <group_whitelist_value_changes> <remove> <group_whitelist_value>*Review</group_whitelist_value> </remove> </group_whitelist_value_changes>
Response
HTTP/1.1 200 OK Content-Type: application/xml <?xml version="1.0" encoding="UTF-8" ?> <authnprovider_update> <id>urn:storageos:AuthnProvider:72c88db9-2e7b-41f3-a1a4-1e3ff1fc2d6d:</id> <link> <rel>self</rel> <href>/vdc/admin/authnproviders/urn:storageos:AuthnProvider:72c88db9-2e7b-41f3-a1a4-1e3ff1fc2d6d:</href> </link> <inactive>false</inactive> <mode>ldap</mode> <domains>tenant.domain</domains> <disable>false</disable> <creation_time>1379170785677</creation_time> <server_urls>ldap://192.168.0.10</server_urls> <group_whitelist_values>*Admins*</group_whitelist_values> <group_whitelist_values>*Test*</group_whitelist_values> </authnprovider_update>