Adding an LDAP server

Add an LDAP server.

Method and URI

To add an LDAP server, use a POST method with a URI:

POST    https://{hostname|IPv4}/ngp/ldap

Parameters

None.

Data

Data 1: hostAddress

IPv4 address of the LDAP server.

  • Example value: 10.0.0.111

  • Type: String. Required. Available in the web user interface.

Data 2: portNumber

Port number to connect to the LDAP server. The typical default port is 389 for non-SSL connections or 636 for SSL connections.

  • Example value: 389 (default)

  • Type: Integer. Required. Available in the web user interface.

Data 3: sslConnection

Indication of whether SSL is used to connect with the LDAP server.

  • Example value: false (default)

  • Type: Boolean. Required. Available in the web user interface.

Data 4: useExistingUser

Indication of whether an existing identity is used.

  • Example value: true

  • Type: Boolean. Required. Available in the web user interface.

Data 5: existingUser

The {identityUserHref} of the identity.

Tip

To get an {identityKeyHref} value based on the name of the identity, follow the instructions in Getting an {identityUserHref}

  • Example value: https://10.0.0.100/api/identity/user/2148

  • Type: String. Required. Available in the web user interface.

Data 6: username

The {identityUserHref} of the identity. This value should be the same as the existingUser value.

  • Example value: https://10.0.0.100/api/identity/user/2148

  • Type: String. Required. Available in the web user interface.

Data 7: baseDN

The base distinguished name (DN) of the LDAP object.

  • Example value: DC=BLUEMACHINES, DC=com

  • Type: String. Required. Available in the web user interface.

Data 8: userFilter

Filter value to select specific users in the base DN.

  • Example value: sAMAccountName={0}

  • Type: String. Required. Available in the web user interface.

Data 9: userRDN

Relative distinguished names of users, separated by commas.

  • Example value: cn=Users

  • Type: String. Required. Available in the web user interface.

Data 10: groupRDN

Relative distinguished names of groups, separated by commas.

  • Example value: OU=BM,OU=Security Groups

  • Type: String. Required. Available in the web user interface.

Example

Assume that you want to add the following LDAP server with Active Directory to IBM Spectrum Protect Plus:

  • Host address: 10.0.0.111

  • Port: 389

  • SSL: Disable

  • Credentials: BLUEMACHINESSALES ({identityUserHref) https://10.0.0.100/api/identity/user/2148)

  • Base DN:

    • Domain component 1: BLUEMACHINES

    • Domain component 2: com

  • User filter: sAMAccountName={0}

    • Active Directory authentication with the Windows user naming attribute, sAMAccountName.

  • User RDN:

    • Organization unit: SALES

  • Group RDN:

    • Organization unit 1: BM

    • Organization unit 2: Security Groups

A Python snippet that is similar to the following example can be used to add the LDAP server:

_data = f'''{{
    "hostAddress":    "10.0.0.111",
    "portNumber":      389,
    "sslConnection":   false,
    "useExistingUser": true,
    "existingUser":    "https://10.0.0.100/api/identity/user/2148",
    "userame":         "https://10.0.0.100/api/identity/user/2148",
    "baseDN":          "DC=BLUEMACHINES,DC=com",
    "userFilter":      "sAMAccountName={{0}}",
    "userRDN":         "OU=SALES",
    "groupRDN":        "OU=BM,OU=Security Groups"
    }}'''

requests.post('https://' + spp_ipv4 + '/ngp/ldap',
    headers={...}, data=_data, verify=...)
_images/reference_ldap_create02.png

Figure 54 The same action can be taken in the IBM Spectrum Protect Plus web user interface: In the navigation pane, click System Configuration > LDAP / SMTP and ensure that the LDAP Server tab is displayed. Click Add LDAP Server. Enter the required values in the fields and click Save.

The request prompts a response that is structured as shown, with the HTTP status of 201 (Created). Review the response to ensure that the LDAP server was added.

{
    "statusCode": 201,
    "response": {
        "links": {...},
        "tenantId": 1000,
        "hostAddress": "10.0.0.111",
        "name": "10.0.0.111",
        "comment": null,
        "user": {
            "href": "https://10.0.0.100/api/identity/user/2148"
        },
        "sslConnection": false,
        "portNumber": 389,
        "baseDN": "DC=BLUEMACHINES,DC=com",
        "userRDN": "OU=SALES",
        "groupRDN": "OU=BM,OU=Security Groups",
        "userFilter": "sAMAccountName={0}",
        "rbacPath": "ldap:0/ldap:1012",
        "resourceType": "ldap",
        "id": "1012"
    }
}