LDAP Target Connector External API Configuration
This topic describes the required and supported Attributes used when adding or updating an LDAP target application using the External API.
capam33
This topic describes the required and supported Attributes used when adding or updating an LDAP target application using the External API. External API Attributes
LDAP Target Application External API Attributes
To add or update an LDAP Target application using the External API, use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
port
The port that is used to connect to the LDAP Server.
Required | Default Value | Valid Values |
Yes | N/A | 0-65535. The GUI uses default value 389. |
protocol
The protocol that is used to connect to the LDAP server.
Required | Default Value | Valid Values |
Yes | clear | clear, ssl |
serverType
The LDAP server type.
Required | Default Value | Valid Values |
No | OpenLDAP | CA ACF2, CA Top Secret, CA RACF, Other, OpenLDAP |
If the specified LDAP server type contains a space (for example, CA Top Secret), the entire serverType attribute must be enclosed in quotation marks (") as shown in the following example:
capam_command capam=10.10.10.10 userID=admin cmdName=addTargetApplication TargetServer.hostName=myhostname TargetApplication.name=myLDAP TargetApplication.type=ldap
"serverType=CA RACF"
Attribute.port=389 Attribute.protocol=clearsslCertificate
The LDAP SSL certificate.
Required | Default Value | Valid Values |
Required if the protocol is SSL. | N/A | X.509 digital certificate in BASE64 encoded format |
ldapConnectTimeout
Time in milliseconds that Credential Manager waits before aborting the attempt to connect to the server.
Required | Default Value | Valid Values |
No | 3000 | 1000-99999 |
ldapReadTimeout
Time in milliseconds that Credential Manager waits before aborting the request to the server for data. The read timeout applies to the LDAP response from the server, after the initial connection is established with the server.
Required | Default Value | Valid Values |
No | 3000 | 1000-99999 |
LDAP Target Account External API Attributes
To add an LDAP target account that uses the target connector use the following properties as members of the "attributes" associative array included in the 'body' parameter of the REST call:
useOtherAccountToChangePassword
This attribute specifies whether to use the target account or a different account to perform password change requests.
Required | Default Value | Valid Values |
Yes | N/A | true, false |
otherAccount
This attribute specifies which other account to use to perform password change requests.
Required | Default Value | Valid Values |
yes useOtherAccountToChangePassword is true. | N/A | A valid target account ID. |
userDN
The distinguished name of the user on the LDAP server.
Required | Default Value | Valid Values |
yes | N/A | String. |
LDAP Target Application External API Example
POST /api.php/v1/devices.json/{deviceId}/targetApplications { "applicationName":"ldapApp", "applicationType":"ldap", "attributes":{ "port":"389", "protocol":"clear", "serverType":"OpenLDAP", "ldapConnectTimeout":"3000", "ldapReadTimeout":"3000" } }
LDAP Target Account External API Example
POST /api.php/v1/devices.json/{deviceId}/targetApplications/{applicationId}/targetAccounts { "accountName":"ldapAct", "attributes":{ "useOtherAccountToChangePassword":"false", "userDN":"CN=Administrator,CN=Users,DC=broadcom,DC=test" }, "cacheBehavior":"useCacheFirst", "cacheDuration":"30", "password":"sample", "passwordViewPolicyId":1000, "privileged":"t", "synchronize":"f", "useAliasNameParameter":"f" }