LDAP endpoints

Use the v2 ds (directory service) endpoint to get information about the LDAP directory service connection.

Use the v1 LDAP endpoints to test the connection and replace LDAP settings.

GET /ds

Get information about your directory service. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, the request is a basic call with authentication, such as:

curl "https://$(puppet config print server):4433/rbac-api/v2/ds" -H "X-Authentication:$(puppet-access show)"

Response format

Returns an array of objects, where each object represenst a currently-configured LDAP servers. For example, this response contains information for one LDAP server:

[
  {
    "id": "6e33eb78-820f-463a-a65c-e1ef291d59a8",
    "help_link": "https://help.example.com",
    "ssl": true,
    "group_name_attr": "name",
    "group_rdn": null,
    "connect_timeout": 15,
    "user_display_name_attr": "cn",
    "disable_ldap_matching_rule_in_chain": false,
    "ssl_hostname_validation": true,
    "hostname": "ldap.example.com",
    "base_dn": "dc=example,dc=com",
    "user_lookup_attr": "uid",
    "port": 636,
    "login": "cn=ldapuser,ou=service,ou=users,dc=example,dc=com",
    "group_lookup_attr": "cn",
    "group_member_attr": "uniqueMember",
    "ssl_wildcard_validation": false,
    "user_email_attr": "mail",
    "user_rdn": "ou=users",
    "group_object_class": "groupOfUniqueNames",
    "display_name": "Acme Corp Ldap server",
    "search_nested_groups": true,
    "start_tls": false
  }
]

Returns an empty array if no LDAP servers are configured.

You must have the directory_service:edit permission to view all fields; otherwise, only the display name of the directory server is returned.

For information about each setting, refer to External directory settings.

For errors, refer to RBAC service errors.