Adding an LDAP server¶
You can add an LDAP server.
Method and URI¶
To add an LDAP server, use a POST method with a URI:
POST https://{hostname|IPv4}/ngp/ldap
Parameters¶
None.
Data¶
Data 1: hostAddress
IPv4 address of the LDAP server.
Example value: 10.0.0.111
Type: String. Required. Available in the web user interface.
Data 2: portNumber
Port number to connect to the LDAP server. The typical default port is 389 for non-SSL connections or 636 for SSL connections.
Example value: 389
Type: Integer. Required. Available in the web user interface.
Data 3: sslConnection
Indication of whether SSL is used to connect with the LDAP server.
Example value: false (default)
Type: Boolean. Required. Available in the web user interface.
Data 4: useExistingUser
Indication of whether an existing identity is used.
Example value: true
Type: Boolean. Required. Available in the web user interface.
Data 5: existingUser
The {identityUserHref}
of the identity.
Tip
To get an {identityKeyHref}
value based on the name of the identity, follow the instructions in Getting an {identityUserHref}
Example value: https://10.0.0.100/api/identity/user/2148
Type: String. Required. Available in the web user interface.
Data 6: username
The {identityUserHref}
of the identity. This value should be the same as the existingUser
value.
Example value: https://10.0.0.100/api/identity/user/2148
Type: String. Required. Available in the web user interface.
Data 7: baseDN
The base distinguished name (DN) of the LDAP object.
Example value:
DC=BLUEMACHINES, DC=com
Type: String. Required. Available in the web user interface.
Data 8: userFilter
Filter value to select specific users in the base DN.
Example value:
sAMAccountName={0}
Type: String. Required. Available in the web user interface.
Data 9: userRDN
Relative distinguished names of users, separated by commas.
Example value:
cn=Users
Type: String. Required. Available in the web user interface.
Data 10: groupRDN
Relative distinguished names of groups, separated by commas.
Example value:
OU=BM,OU=Security Groups
Type: String. Required. Available in the web user interface.
Example: Add an LDAP server¶
Assume that you want to add the following LDAP server with an Active Directory database to IBM Spectrum Protect Plus:
Host address: 10.0.0.111
Port: 389
SSL: Disable
Credentials: BLUEMACHINESSALES (
{identityUserHref)
https://10.0.0.100/api/identity/user/2148)Base DN:
Domain component 1: BLUEMACHINES
Domain component 2: com
User filter:
sAMAccountName={0}
Active Directory authentication with the Windows user naming attribute,
sAMAccountName
.
User RDN:
Organization unit: SALES
Group RDN:
Organization unit 1: BM
Organization unit 2: Security Groups
A Python snippet that is similar to the following example can be used to add the LDAP server:
_data = f'''{{
"hostAddress": "10.0.0.111",
"portNumber": 389,
"sslConnection": false,
"useExistingUser": true,
"existingUser": "https://10.0.0.100/api/identity/user/2148",
"userame": "https://10.0.0.100/api/identity/user/2148",
"baseDN": "DC=BLUEMACHINES,DC=com",
"userFilter": "sAMAccountName={{0}}",
"userRDN": "OU=SALES",
"groupRDN": "OU=BM,OU=Security Groups"
}}'''
requests.post('https://' + spp_ipv4 + '/ngp/ldap',
headers={...}, data=_data, verify=...)

Figure 52 The same action can be taken in the IBM Spectrum Protect Plus web user interface: In the navigation pane, click System Configuration > LDAP/SMTP Servers and ensure that the LDAP Server tab is displayed. Click Add LDAP Server. Enter the required values in the fields and click Save.¶
The request prompts a response that is structured as shown, with the HTTP status of 201 (Created). Review the response to ensure that the LDAP server was added.
{
"statusCode": 201,
"response": {
"links": {...},
"tenantId": 1000,
"hostAddress": "10.0.0.111",
"name": "10.0.0.111",
"comment": null,
"user": {
"href": "https://10.0.0.100/api/identity/user/2148"
},
"sslConnection": false,
"portNumber": 389,
"baseDN": "DC=BLUEMACHINES,DC=com",
"userRDN": "OU=SALES",
"groupRDN": "OU=BM,OU=Security Groups",
"userFilter": "sAMAccountName={0}",
"rbacPath": "ldap:0/ldap:1012",
"resourceType": "ldap",
"id": "1012"
}
}