Default language.

Configuring LDAP and group mappings by using the REST API

Set up or modify the LDAP and group mapping configuration by using the /security/ldap endpoint. The equivalent manual procedure is described in Managing-LDAP.

  1. Get LDAP configuration, including the options and the list of group mappings. To do this, use the GET /security/ldap endpoint.
    The endpoint returns JSON formatted data: 

    {
      "enabled": true,
      "server_uri": "ldap://eng.customer.com:3268/",
      "bind_username": "discoveryldap",
      "bind_timeout": 30,
      "search_base": "dc=eng,dc=customer,dc=com",
      "search_timeout": 30,
      "search_template": "(|(userPrincipalName=%(username)s@bmc.com)(userPrincipalName=%(username)s))",
      "search_scope": "SUBTREE",
      "group_cache_timeout": 1800,
      "cache_timeout": 21600,
      "group_mapping_enabled": true,
      "group_attr": "memberOf",
      "group_query": "(objectclass=group)",
      "group_member_attr": "member",
      "user_image_attr": "thumbnailPhoto",
      "status": "LDAP_STATUS_SUCCESS",
      "status_msg": "Connection established (last update: Fri Aug 16 2024 at 02:48:00)",
       "group_mapping": [
        {
          "ldap_group": "cn=london,ou=distribution groups,ou=security,dc=eng,dc=customer,dc=com",
          "test_groups": [
            "system"
          ]
        }
      ],
      "ldaps_upload_time": null 

  2. Modify the returned JSON to reflect the LDAP configuration that you require. The following example adds a group called general:

    {
      "enabled": true,
      "server_uri": "ldap://eng.customer.com:3268/",
      "bind_username": "discoveryldap",
      "bind_timeout": 30,
      "search_base": "dc=eng,dc=customer,dc=com",
      "search_timeout": 30,
      "search_template": "(|(userPrincipalName=%(username)s@bmc.com)(userPrincipalName=%(username)s))",
      "search_scope": "SUBTREE",
      "group_cache_timeout": 1800,
      "cache_timeout": 21600,
      "group_mapping_enabled": true,
      "group_attr": "memberOf",
      "group_query": "(objectclass=group)",
      "group_member_attr": "member",
      "user_image_attr": "thumbnailPhoto",
      "group_mapping": [
        {
          "ldap_group": "cn=london,ou=distribution groups,ou=security,dc=eng,dc=customer,dc=com",
          "discovery_groups": [
            "system"
          ]
        },
        {
          "ldap_group": "cn=general,ou=distribution groups,ou=security,dc=eng,dc=customer,dc=com",
          "discovery_groups": [
            "appmodel",
            "maintenance",
            "public",
            "readonly"
          ]
        }
      ],
      "ldaps_upload_time": null
    }
  3. To apply the changes, use the PATCH /security/ldap endpoint.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*