LDAP Target Connector External API Configuration

This topic describes the required and supported Attributes used when adding or updating an LDAP target application using the External API.
capam33
This topic describes the required and supported Attributes used when adding or updating an LDAP target application using the External API. External API Attributes

LDAP Target Application External API Attributes

To add or update an LDAP Target application using the External API, use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
port
The port that is used to connect to the LDAP Server.
Required
Default Value
Valid Values
Yes
N/A
0-65535. The GUI uses default value 389.
protocol
The protocol that is used to connect to the LDAP server.
Required
Default Value
Valid Values
Yes
clear
clear, ssl
serverType
The LDAP server type.
Required
Default Value
Valid Values
No
OpenLDAP
CA ACF2, CA Top Secret, CA RACF, Other, OpenLDAP
If the specified LDAP server type contains a space (for example, CA Top Secret), the entire serverType attribute must be enclosed in quotation marks (") as shown in the following example:
capam_command capam=10.10.10.10 userID=admin cmdName=addTargetApplication TargetServer.hostName=myhostname TargetApplication.name=myLDAP TargetApplication.type=ldap
"serverType=CA RACF"
Attribute.port=389 Attribute.protocol=clear
sslCertificate
The LDAP SSL certificate.
Required
Default Value
Valid Values
Required if the protocol is SSL.
N/A
X.509 digital certificate in BASE64 encoded format
ldapConnectTimeout
Time in milliseconds that Credential Manager waits before aborting the attempt to connect to the server.
Required
Default Value
Valid Values
No
3000
1000-99999
ldapReadTimeout
Time in milliseconds that Credential Manager waits before aborting the request to the server for data. The read timeout applies to the LDAP response from the server, after the initial connection is established with the server.
Required
Default Value
Valid Values
No
3000
1000-99999

LDAP Target Account External API Attributes

To add an LDAP target account that uses the target connector use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
useOtherAccountToChangePassword
This attribute specifies whether to use the target account or a different account to perform password change requests.
Required
Default Value
Valid Values
Yes
N/A
true, false
otherAccount
This attribute specifies which other account to use to perform password change requests.
Required
Default Value
Valid Values
yes
useOtherAccountToChangePassword
is true.
N/A
A valid target account ID.
userDN
The distinguished name of the user on the LDAP server.
Required
Default Value
Valid Values
yes
N/A
String.

LDAP Target Application External API Example

POST /api.php/v1/devices.json/{deviceId}/targetApplications { "applicationName":"ldapApp", "applicationType":"ldap", "attributes":{ "port":"389", "protocol":"clear", "serverType":"OpenLDAP", "ldapConnectTimeout":"3000", "ldapReadTimeout":"3000" } }

LDAP Target Account External API Example

POST /api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts { "accountName":"ldapAct", "attributes":{ "useOtherAccountToChangePassword":"false", "userDN":"CN=Administrator,CN=Users,DC=broadcom,DC=test" }, "cacheBehavior":"useCacheFirst", "cacheDuration":"30", "password":"sample", "passwordViewPolicyId":1000, "privileged":"t", "synchronize":"f", "useAliasNameParameter":"f" }