Default language.

Important This documentation space contains information about the on-premises version of BMC Helix Discovery. If you are using the SaaS version of BMC Helix Discovery, see BMC Helix Discovery (SaaS).

Configuring LDAP and group mappings by using the REST API

Set up or modify the LDAP and group mapping configuration by using the /security/ldap endpoint. The equivalent manual procedure is described in Managing-LDAP.

  1. Get LDAP configuration, including the options and the list of group mappings. To do this, use the GET /security/ldap endpoint.
    The endpoint returns JSON formatted data: 

    {
      "enabled": true,
      "server_uri": "ldap://eng.customer.com:3268/",
      "bind_username": "discoveryldap",
      "bind_timeout": 30,
      "search_base": "dc=eng,dc=customer,dc=com",
      "search_timeout": 30,
      "search_template": "(|(userPrincipalName=%(username)s@bmc.com)(userPrincipalName=%(username)s))",
      "search_scope": "SUBTREE",
      "group_cache_timeout": 1800,
      "cache_timeout": 21600,
      "group_mapping_enabled": true,
      "group_attr": "memberOf",
      "group_query": "(objectclass=group)",
      "group_member_attr": "member",
      "user_image_attr": "thumbnailPhoto",
      "status": "LDAP_STATUS_SUCCESS",
      "status_msg": "Connection established (last update: Fri Aug 16 2024 at 02:48:00)",
       "group_mapping": [
        {
          "ldap_group": "cn=london,ou=distribution groups,ou=security,dc=eng,dc=customer,dc=com",
          "test_groups": [
            "system"
          ]
        }
      ],
      "ldaps_upload_time": null 

  2. Modify the returned JSON to reflect the LDAP configuration that you require. The following example adds a group called general:

    {
      "enabled": true,
      "server_uri": "ldap://eng.customer.com:3268/",
      "bind_username": "discoveryldap",
      "bind_timeout": 30,
      "search_base": "dc=eng,dc=customer,dc=com",
      "search_timeout": 30,
      "search_template": "(|(userPrincipalName=%(username)s@bmc.com)(userPrincipalName=%(username)s))",
      "search_scope": "SUBTREE",
      "group_cache_timeout": 1800,
      "cache_timeout": 21600,
      "group_mapping_enabled": true,
      "group_attr": "memberOf",
      "group_query": "(objectclass=group)",
      "group_member_attr": "member",
      "user_image_attr": "thumbnailPhoto",
      "group_mapping": [
        {
          "ldap_group": "cn=london,ou=distribution groups,ou=security,dc=eng,dc=customer,dc=com",
          "discovery_groups": [
            "system"
          ]
        },
        {
          "ldap_group": "cn=general,ou=distribution groups,ou=security,dc=eng,dc=customer,dc=com",
          "discovery_groups": [
            "appmodel",
            "maintenance",
            "public",
            "readonly"
          ]
        }
      ],
      "ldaps_upload_time": null
    }
  3. To apply the changes, use the PATCH /security/ldap endpoint.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*