AccountService
更新时间: 2026/06/29
在Gitcode上查看源码

ResourceDefinition

uris

  • /redfish/v1/AccountService

properties

名称类型是否只读取值范围/枚举值说明
@odata.contextstringtrue-AccountService资源模型的OData描述信息
@odata.idstringtrue-AccountService资源节点的访问路径
@odata.typestringtrue-AccountService资源类型
Idstringtrue-AccountService资源的ID
Namestringtrue-AccountService资源的名称
MinPasswordLengthnumberfalse8~20密码最小长度,可设置为8~20,默认为8
MaxPasswordLengthnumbertrue-密码最大长度
AccountLockoutThresholdnumberfalse0~6允许错误密码次数,即输入错误密码次数超过此参数时,用户被锁定。0表示不限制。
AccountLockoutDurationnumberfalse60~1800用户登录失败后被锁定的锁定时长。单位为秒。取值必须为60的整数倍。
PasswordExpirationDaysnumberfalse1~365, null设置一个密码后,要使用的最短时间,在此时间内不能修改密码。单位为天,取值为null时表示密码最短使用期无限期。说明 BMC300 5.9.0.1及以上版本支持
AccountLockoutCounterResetAfternumbertrue0~1800上次登录失败与重置锁定阈值计数间的时间间隔。单位为秒。
AuthFailureLoggingThresholdnumbertrue-在失败认证记录到日志前,每个帐户允许的认证失败次数。默认值:1
HTTPBasicAuthstringtrue-指示是否为此服务启用了HTTP基本身份验证。
LocalAccountAuthstringfalseEnabled,Fallback,LocalFirst指示服务如何使用此帐户服务中的帐户集合作为身份验证的一部分。
RequireChangePasswordActionbooleanfalsetrue,false指示是否要求仅可通过ManagerAccount.ChangePassword方法来修改账户密码。说明 BMC300 5.12.0.1及以上版本支持
ServiceEnabledstringtrue-帐户服务是否启用的指示
Statusobjecttrue-指定管理资源的状态,包括:Health:管理资源健康状态;State:管理资源使能状态
Oemobjectfalse-自定义属性
Oem.Public.TlsVersionarrayfalseTls1.2,Tls1.3支持的TLS协议版本(其中Tls1.3为必选项)
Oem.Public.OSUserManagementEnabledbooleanfalsetrue,false业务侧用户管理使能
Oem.Public.OSAdministratorPrivilegeEnabledbooleanfalsetrue,false业务侧管理员权限操作使能
Oem.Public.PasswordValidityDaysnumberfalse1~365, null用户密码的使用期限,单位为天,取值为null时表示密码无限期
Oem.Public.MinimumPasswordAgeDaysnumberfalse1~365, null设置一个密码后,要使用的最短时间,在此时间内不能修改密码。单位为天,取值为null时表示密码最短使用期无限期
Oem.Public.UsernamePasswordCompareInfoobjectfalse-用户名和密码的比对校验策略
Oem.Public.UsernamePasswordCompareInfo.UsernamePasswordCompareEnabledbooleanfalsetrue,false用户名和密码的比对校验使能
Oem.Public.UsernamePasswordCompareInfo.UsernamePasswordCompareLengthnumberfalse4~20用户名和密码的比对校验长度
Oem.Public.PreviousPasswordsDisallowedCountnumberfalse1~5, null用户修改密码时,禁止使用设置次数内的历史密码。取值为null时表示不限制使用历史密码
Oem.Public.SecurityBannerEnabledbooleanfalsetrue,false安全公告显示使能
Oem.Public.SecurityBannerstringfalse-安全公告信息,0~1024个字节的字符串
Oem.Public.DefaultSecurityBannerstringtrue-默认安全公告信息
Oem.Public.AccountInactiveTimelimitnumberfalse0, 30~365用户不活动期限,单位为天。0表示用户不活动期限无限制
Oem.Public.CLISessionTimeoutMinutesnumberfalse0~480CLI会话超时时间,单位为分,0表示CLI超时期限无限制
Oem.Public.PasswordComplexityCheckEnabledbooleanfalsetrue,false密码复杂度使能
Oem.Public.SSHPasswordAuthenticationEnabledbooleanfalsetrue,falseSSH密码认证使能
Oem.Public.CertificateOverdueWarningTimenumberfalse7~180证书过期提前告警时间,单位为天,默认为90
Oem.Public.EmergencyLoginUserstringfalse-紧急登录用户,仅管理员可以被设置为"紧急登录用户",空字符串表示无紧急登录用户。仅管理员可以查询该属性,其他角色查询均显示为null
Oem.Public.TwoFactorAuthenticationInformationobjectfalse-双因素认证信息
Oem.Public.TwoFactorAuthenticationInformation.RootCertificatearraytrue-双因素根证书信息。须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/Managers/manager_id/Certificates接口进行CA证书查询
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.CertIdnumbertrue-证书Id
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.IssueBystringtrue-颁发者
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.IssueTostringtrue-使用者
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.ValidFromstringtrue-证书有效起始日期
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.ValidTostringtrue-证书有效截止日期
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.SerialNumberstringtrue-序列号
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.IsImportCrlbooleantrue-是否配置证书吊销列表
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.SignatureAlgorithmstringtrue-签名算法
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.KeyUsagestringtrue-秘钥用法
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.PublicKeyLengthBitsnumbertrue-公钥长度
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.CrlValidFromstringtrue-证书吊销列表有效期起始日期
Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.CrlValidTostringtrue-证书吊销列表有效期截止日期
Oem.Public.SystemLockDownEnabledbooleanfalsetrue,false系统锁定模式使能
Oem.Public.InitialAccountPrivilegeRestrictEnabledbooleanfalsetrue,false初始账户权限限制使能
Oem.Public.PasswordRulePolicystringfalseDefault,Customized,Hybrid密码校验规则:Default:默认密码复杂度校验;Customized:自定义正则校验;Hybrid:两种校验模式共同生效。说明 BMC300 5.9.0.1及以上版本支持
Oem.Public.PasswordPatternstringfalse-密码校验正则表达式,带有起始符(^)和终止符($)的正则表达式,长度0-255。说明 BMC300 5.9.0.1及以上版本支持
Oem.Public.InterChassisAuthenticationobjectfalse-框间通信鉴权配置。说明 BMC300 5.10.0.1及以上版本支持
Oem.Public.InterChassisAuthentication.Enabledbooleanfalsetrue,false框间通信鉴权使能
Oem.Public.InterChassisAuthentication.AccessRolestringfalseAdministrator,Operator,CommonUser,NoAccess框间通信通道权限
Actionsobjecttrue-可执行的操作
#AccountService.ImportRootCertificateobjecttrue-导入双因素根证书操作
#AccountService.ImportRootCertificate.targetstringtrue-导入双因素根证书操作的路径
#AccountService.ImportRootCertificate.@Redfish.ActionInfostringtrue-导入双因素根证书操作的查询路径
#AccountService.DeleteRootCertificateobjecttrue-删除双因素根证书操作
#AccountService.DeleteRootCertificate.targetstringtrue-删除双因素根证书操作的路径
#AccountService.DeleteRootCertificate.@Redfish.ActionInfostringtrue-删除双因素根证书操作的查询路径
#AccountService.ImportCrlobjecttrue-导入双因素客户端证书吊销列表操作
#AccountService.ImportCrl.targetstringtrue-导入双因素客户端证书吊销列表操作的路径
#AccountService.ImportCrl.@Redfish.ActionInfostringtrue-导入双因素客户端证书吊销列表操作的查询路径
#AccountService.DeleteCrlobjecttrue-删除双因素客户端证书吊销列表操作(注:该接口为预留接口,功能暂未实现。)
#AccountService.DeleteCrl.targetstringtrue-删除双因素客户端证书吊销列表操作的路径
#AccountService.DeleteCrl.@Redfish.ActionInfostringtrue-删除双因素客户端证书吊销列表操作的查询路径
LdapServiceobjecttrue-Ldap服务资源访问路径
KerberosServiceobjecttrue-Kerberos服务资源访问路径
Accountsobjecttrue-用户资源节点的访问路径
LDAPobjectfalse-第一个LDAP控制器。说明 BMC300 5.9.0.1及以上版本支持
LDAP.ServiceEnabledbooleanfalsetrue,falseLDAP服务使能
LDAP.ServiceAddressesarrayfalse-LDAP服务器地址
LDAP.Authenticationobjecttrue-LDAP服务认证所需信息
LDAP.Authentication.AuthenticationTypestringtrue-LDAP服务进行身份验证的类型
LDAP.Certificatesobjecttrue-LDAP证书资源
LDAP.Certificates.@odata.idstringtrue-LDAP服务使用的证书资源集合链接
LDAP.LDAPServiceobjectfalse-LDAP服务的附加信息
LDAP.LDAPService.SearchSettingsobjectfalse-搜索LDAP服务所需配置
LDAP.LDAPService.SearchSettings.BaseDistinguishedNamesarrayfalse-LDAP服务域名
LDAP.RemoteRoleMappingarrayfalse-LDAP远程用户组与本地角色映射表
LDAP.RemoteRoleMapping.LocalRolestringfalseCommonUser,Operator,Administrator,CustomRole1~CustomRole16本地角色名
LDAP.RemoteRoleMapping.RemoteGroupstringfalse-远程用户组名称,形如"CN=groupName,OU=Role"
Rolesobjecttrue-Roles资源节点的访问路径
PrivilegeMapobjecttrue-PrivilegeMap资源节点的访问路径(注:该接口为预留接口,功能暂未实现。)

supported_methods

  • GET
  • PATCH
  • POST

HTTP methods

GET

命令功能

查询用户服务信息

说明

命令格式

URL: https://device_ip/redfish/v1/AccountService

请求头:

X-Auth-Token: 123456789***********************

请求消息体: 无

参数说明

参数参数说明取值
device_ip登录设备的IP地址IPv4或IPv6地址
auth_value执行该GET请求时,必须在"Headers"中携带"X-Auth-Token"值用于鉴权可通过/redfish/v1/SessionService/Sessions创建会话时获得

使用指南

使用实例

请求样例:

http
GET https://device_ip/redfish/v1/AccountService

请求头:

X-Auth-Token: 123456789***********************

请求消息体:无

响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
  "@odata.id": "/redfish/v1/AccountService",
  "@odata.type": "#AccountService.v1_15_1.AccountService",
  "Id": "AccountService",
  "Name": "Account Service",
  "MinPasswordLength": 8,
  "MaxPasswordLength": 20,
  "AccountLockoutThreshold": 5,
  "AccountLockoutDuration": 300,
  "PasswordExpirationDays": null,
  "AccountLockoutCounterResetAfter": 300,
  "AuthFailureLoggingThreshold": 1,
  "HTTPBasicAuth": "Enabled",
  "LocalAccountAuth": "LoalFirst",
  "ServiceEnabled": true,
  "RequireChangePasswordAction": false,
  "Status": {
    "State": "Enabled",
    "Health": "OK"
  },
  "Oem": {
    "Public": {
      "TlsVersion": ["Tls1.2","Tls1.3"],
      "OSUserManagementEnabled": true,
      "OSAdministratorPrivilegeEnabled": true,
      "PasswordValidityDays": null,
      "MinimumPasswordAgeDays": null,
      "UsernamePasswordCompareInfo": {
        "UsernamePasswordCompareEnabled": false,
        "UsernamePasswordCompareLength": 4
      },
      "PreviousPasswordsDisallowedCount": null,
      "SecurityBannerEnabled": true,
      "SecurityBanner": "information",
      "DefaultSecurityBanner": "WARNING! This system is PRIVATE and PROPRIETARY and may only be accessed by authorized users. Unauthorized use of the system is prohibited. The owner, or its agents, may monitor any activity or communication on the system. The owner, or its agents, may retrieve any information stored within the system. By accessing and using the system, you are consenting to such monitoring and information retrieval for law enforcement and other purposes.",
      "AccountInactiveTimelimit ": 0,
      "CLISessionTimeoutMinutes": 5,
      "PasswordComplexityCheckEnabled": true,
      "SSHPasswordAuthenticationEnabled": true,
      "CertificateOverdueWarningTime": 90,
      "EmergencyLoginUser": "",
      "TwoFactorAuthenticationInformation": {
        "RootCertificate": [
          {
            "CertId": 1,
            "IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
            "IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
            "ValidFrom": "Jan 07 2017 GMT",
            "ValidTo": "Jan 05 2027 GMT",
            "SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
            "IsImportCrl": false,
            "SignatureAlgorithm": "sha256WithRSAEncryption",
            "KeyUsage": "Certificate Signing, CRL Sign",
            "PublicKeyLengthBits": 2048,
            "CrlValidFrom":  null,
            "CrlValidTo":  null
          }
        ]
      },
      "SystemLockDownEnabled": false,
      "InitialAccountPrivilegeRestrictEnabled": false,
      "PasswordRulePolicy": "Default",
      "PasswordPattern": "",
      "InterChassisAuthentication": {
        "Enabled": false,
        "AccessRole": "Administrator"
      },
      "Actions": {
        "#AccountService.ImportRootCertificate": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportRootCertificateActionInfo"
        },
        "#AccountService.DeleteRootCertificate": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteRootCertificateActionInfo"
        },
        "#AccountService.ImportCrl": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportCrlActionInfo"
        },
        "#AccountService.DeleteCrl": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteCrlActionInfo"
        }
      },
      "LdapService": {
        "@odata.id": "/redfish/v1/AccountService/LdapService"
      },
      "KerberosService": {
        "@odata.id": "/redfish/v1/AccountService/KerberosService"
      }
    }
  },
  "Accounts": {
    "@odata.id": "/redfish/v1/AccountService/Accounts"
  },
  "LDAP": {
    "ServiceEnabled": true,
    "ServiceAddresses": [
      "127.0.0.1"
    ],
    "Authentication": {
      "AuthenticationType": "UsernameAndPassword"
    },
    "Certificates": {
      "@odata.id": "/redfish/v1/Managers/1/Certificates"
    },
    "LDAPService": {
      "SearchSettings": {
        "BaseDistinguishedNames": [
          "dc=bmc,dc=test,dc=com"
        ]
      }
    },
    "RemoteRoleMapping": [
      {
        "LocalRole": "Administrator",
        "RemoteGroup": "CN=GroupName,OU=Folder"
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      }
    ]
  },
  "Roles": {
    "@odata.id": "/redfish/v1/AccountService/Roles"
  },
  "PrivilegeMap": {
    "@odata.id": "/redfish/v1/AccountService/PrivilegeMap"
  }
}

响应码:200

PATCH

命令功能

修改用户服务信息

说明

针对指定用户,可同时修改请求消息体中包含的多个属性。

命令格式

URL: https://device_ip/redfish/v1/AccountService

请求头:

X-Auth-Token: 123456789***********************
Content-Type: header_type
If-Match: ifmatch_value

请求消息体:

json
{
  "AccountLockoutThreshold": count,
  "AccountLockoutDuration": time,
  "MinPasswordLength": MinPasswordLength_value,
  "PasswordExpirationDays": PasswordExpirationDays_value,
  "LocalAccountAuth": LocalAccountAuth_value,
  "RequireChangePasswordAction": RequireChangePasswordAction_value,
  "Oem": {
    "Public": {
      "TlsVersion": [tls_value],
      "PasswordComplexityCheckEnabled": PasswordComplexityCheckEnabled_value,
      "AccountInactiveTimelimit": AccountInactiveTimelimit_value,
      "CLISessionTimeoutMinutes": clitimeout_value,
      "SSHPasswordAuthenticationEnabled": SSHPasswordAuthenticationEnabled_value,
      "CertificateOverdueWarningTime": CertificateOverdueWarningTime_value,
      "OSUserManagementEnabled": OSUserManagementEnabled_value,
      "OSAdministratorPrivilegeEnabled": OSAdministratorPrivilegeEnabled_value,
      "PasswordValidityDays": PasswordValidityDays_value,
      "MinimumPasswordAgeDays": MinimumPasswordAgeDays_value,
      "PreviousPasswordsDisallowedCount": PreviousPasswordsDisallowedCount_value,
      "SecurityBannerEnabled": SecurityBannerEnabled_value,
      "SecurityBanner": SecurityBanner_value,
      "EmergencyLoginUser": EmergencyLoginUser_value,
      "SystemLockDownEnabled": SystemLockDownEnabled_value,
      "InitialAccountPrivilegeRestrictEnabled": InitialAccountPrivilegeRestrictEnabled_value,
      "PasswordRulePolicy": PasswordRulePolicy_value,
      "PasswordPattern": PasswordPattern_value,
      "UsernamePasswordCompareInfo": {
        "UsernamePasswordCompareEnabled": UsernamePasswordCompareEnabled_value,
        "UsernamePasswordCompareLength": UsernamePasswordCompareLength_value
      },
      "TwoFactorAuthenticationInformation": {
        "CrlVerificationEnabled": Crl_enabled_value
      },
      "InterChassisAuthentication": {
        "Enabled": InterChassisAuthentication_value,
        "AccessRole": InterChassisAccessRole_value
      }
    }
  },
  "LDAP": {
    "ServiceEnabled": ServiceEnabled_value,
    "ServiceAddresses": [ServiceAddresses_value],
    "LDAPService": {
      "SearchSettings": {
        "BaseDistinguishedNames": [BaseDistinguishedNames_value]
      }
    },
    "RemoteRoleMapping": [
      {
        "LocalRole": "LocalRole_value",
        "RemoteGroup": "RemoteGroup_value"
      }
    ]
  }
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
count允许输入错误密码次数0~6的整数,0表示不锁定
time用户登录失败被锁定后,自动解锁的时间间隔60~1800的整数,单位为秒,默认为300。取值必须为60的整数倍
MinPasswordLength_value用户密码最小长度8~20的整数,默认为8
PasswordExpirationDays_value密码最长有效期1~365的整数或者null,单位为天。null表示密码为无限期。PasswordExpirationDays_value与PasswordValidityDays_value单独只设置任意一个时,以当前设置的值为准,同时设置时以PasswordExpirationDays_value为准。说明 BMC300 5.9.0.1及以上版本支持
LocalAccountAuth_value本地用户认证模式Enabled:仅可使用本地用户认证;Fallback:优先使用远程资源认证;LocalFirst:优先使用本地用户认证
RequireChangePasswordAction_value是否仅可使用ManagerAccount.ChangePassword方法来修改用户密码true:仅可通过ManagerAccount.ChangePassword修改用户密码;false:可通过ManagerAccount.ChangePassword和PATCH的形式修改用户密码。说明 BMC300 5.12.0.1及以上版本支持
tls_valueTLS协议版本数组内容包括(其中Tls1.3为必选项):Tls1.2;Tls1.3
PasswordComplexityCheckEnabled_value密码复杂度使能true:开启;false:关闭
AccountInactiveTimelimit_value用户不活动期限0或者30~365的整数,单位为天。0表示用户不活动期限无限制
CLITimeout_valueCLI会话超时时间0~480的整数,单位为分。0表示CLI超时期限无限制
SSHPasswordAuthenticationEnabled_valueSSH密码认证使能true:开启;false:关闭
CertificateOverdueWarningTime_value证书过期提前告警时间7~180的整数,单位为天,默认为90
OSUserManagementEnabled_value业务侧用户管理使能true:开启;false:关闭
OSAdministratorPrivilegeEnabled业务侧管理员权限操作使能true:开启;false:关闭
PasswordValidityDays_value用户密码的使用期限1~365的整数或者null,单位为天。null表示密码为无限期
MinimumPasswordAgeDays_value设置一个密码后,要使用的最短时间1~365的整数或者null,单位为天。null表示密码最短使用期无限期
PreviousPasswordsDisallowedCount_value用户修改密码时,禁止使用设置次数内的历史密码1~5的整数或者null。null表示不限制使用历史密码
SecurityBannerEnabled_value安全公告显示使能true:开启;false:关闭
SecurityBanner_value安全公告信息字符串,0~1024个字节的字符串
EmergencyLoginUser_value紧急登录用户字符串,仅管理员用户可以被设置为"紧急登录用户"。空字符串表示无紧急登录用户
SystemLockDownEnabled_value系统锁定模式使能true:开启;false:关闭
InitialAccountPrivilegeRestrictEnabled_value初始账户权限限制使能true:开启;false:关闭
PasswordRulePolicy_value密码校验规则Default:默认密码复杂度校验;Customized:自定义正则校验;Hybrid:两种校验模式共同生效。说明 BMC300 5.9.0.1及以上版本支持
PasswordPattern_value密码校验正则表达式带有起始符(^)和终止符($)的正则表达式,长度0-255。说明 BMC300 5.9.0.1及以上版本支持
UsernamePasswordCompareEnabled_value用户名密码比对校验使能true:开启;false:关闭
UsernamePasswordCompareLength_value用户名密码比对校验长度4~20的整数
Crl_enabled_value双因素客户端证书吊销检查使能true:开启;false:关闭
InterChassisAuthentication_value框间通信鉴权使能true:开启;false:关闭。说明 BMC300 5.10.0.1及以上版本支持
InterChassisAccessRole_value框间通信通道权限Administrator:管理员权限;Operator:操作员权限;CommonUser:普通用户权限;NoAccess:无权限。说明 BMC300 5.10.0.1及以上版本支持
ServiceEnabled_valueLDAP服务使能true:开启;false:关闭。说明 BMC300 5.9.0.1及以上版本支持
ServiceAddresses_valueLDAP服务器地址字符串,ip地址或服务器全限定域名。说明 BMC300 5.9.0.1及以上版本支持
BaseDistinguishedNames_valueLDAP服务器域名字符串,形如"dc=test,dc=com"格式。说明 BMC300 5.9.0.1及以上版本支持
LocalRole_value本地角色名字符串,取值:CommonUser;Operator;Administrator;CustomRole1~CustomRole16。说明 BMC300 5.9.0.1及以上版本支持
RemoteGroup_valueLDAP远程用户组名称字符串,形如"CN=groupName,OU=Role",首个"CN="的内容为组名,其余内容为组应用文件夹。说明 BMC300 5.9.0.1及以上版本支持

使用指南

针对指定用户,可同时修改请求消息体中包含的多个属性。

使用实例

请求样例:

http
PATCH https://device_ip/redfish/v1/AccountService

请求头:

X-Auth-Token: 123456789***********************
Content-Type: application/json
If-Match: W/"bc428df5"

请求消息体:

json
{
  "AccountLockoutThreshold": 4,
  "AccountLockoutDuration": 180,
  "MinPasswordLength": 8,
  "PasswordExpirationDays": null,
  "AccountLockoutCounterResetAfter": 300,
  "AuthFailureLoggingThreshold": 1,
  "HTTPBasicAuth": "Enabled",
  "LocalAccountAuth": "LocalFirst",
  "RequireChangePasswordAction": false,
  "ServiceEnabled": true,
  "Status": {
    "State": "Enabled",
    "Health": "OK"
  },
  "Oem": {
    "Public": {
      "TlsVersion": ["Tls1.2","Tls1.3"],
      "PasswordComplexityCheckEnabled": true,
      "AccountInactiveTimelimit": 0,
      "CLISessionTimeoutMinutes": 5,
      "SSHPasswordAuthenticationEnabled": true,
      "CertificateOverdueWarningTime": 7,
      "OSUserManagementEnabled": true,
      "OSAdministratorPrivilegeEnabled": true,
      "PasswordValidityDays": null,
      "MinimumPasswordAgeDays": null,
      "PreviousPasswordsDisallowedCount": null,
      "SecurityBannerEnabled": true,
      "SecurityBanner": "information",
      "EmergencyLoginUser": "",
      "InitialAccountPrivilegeRestrictEnabled": true,
      "UsernamePasswordCompareInfo": {
        "UsernamePasswordCompareEnabled": false,
        "UsernamePasswordCompareLength": 4
      },
      "TwoFactorAuthenticationInformation": {
        "CrlVerificationEnabled": false
      },
      "InterChassisAuthentication": {
        "Enabled": true,
        "AccessRole": "Administrator"
      }
    }
  },
  "LDAP": {
    "ServiceEnabled": true,
    "ServiceAddresses": [
      "127.0.0.1"
    ],
    "LDAPService": {
      "SearchSettings": {
        "BaseDistinguishedNames": [
          "dc=bmc,dc=test,dc=com"
        ]
      }
    },
    "RemoteRoleMapping": [
      {
        "LocalRole": "Administrator",
        "RemoteGroup": "CN=GroupName,OU=Folder"
      }
    ]
  }
}

响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
  "@odata.id": "/redfish/v1/AccountService",
  "@odata.type": "#AccountService.v1_15_1.AccountService",
  "Id": "AccountService",
  "Name": "Account Service",
  "MinPasswordLength": 8,
  "MaxPasswordLength": 20,
  "AccountLockoutThreshold": 4,
  "AccountLockoutDuration": 180,
  "PasswordExpirationDays": null,
  "RequireChangePasswordAction": false,
  "Oem": {
    "Public": {
      "TlsVersion": ["Tls1.2","Tls1.3"],
      "OSUserManagementEnabled": true,
      "OSAdministratorPrivilegeEnabled": true,
      "PasswordValidityDays": null,
      "CLISessionTimeoutMinutes": 5,
      "MinimumPasswordAgeDays": null,
      "PreviousPasswordsDisallowedCount": null,
      "SecurityBannerEnabled": true,
      "SecurityBanner": "information",
      "DefaultSecurityBanner": "WARNING! This system is PRIVATE and PROPRIETARY and may only be accessed by authorized users. Unauthorized use of the system is prohibited. The owner, or its agents, may monitor any activity or communication on the system. The owner, or its agents, may retrieve any information stored within the system. By accessing and using the system, you are consenting to such monitoring and information retrieval for law enforcement and other purposes.",
      "AccountInactiveTimelimit ": 0,
      "CLISessionTimeoutMinutes": 5,
      "PasswordComplexityCheckEnabled": true,
      "SSHPasswordAuthenticationEnabled": true,
      "CertificateOverdueWarningTime": 7,
      "EmergencyLoginUser": "",
      "TwoFactorAuthenticationInformation": {
        "RootCertificate": [
          {
            "CertId": 1,
            "IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
            "IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
            "ValidFrom": "Jan 07 2017 GMT",
            "ValidTo": "Jan 05 2027 GMT",
            "SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
            "IsImportCrl": false,
            "SignatureAlgorithm": "sha256WithRSAEncryption",
            "KeyUsage": "Certificate Signing, CRL Sign",
            "PublicKeyLengthBits": 2048,
            "CrlValidFrom": null,
            "CrlValidTo": null
          }
        ]
      },
      "SystemLockDownEnabled": false,
      "InitialAccountPrivilegeRestrictEnabled": true,
      "PasswordRulePolicy": "Default",
      "PasswordPattern": "",
      "InterChassisAuthentication": {
        "Enabled": true,
        "AccessRole": "Administrator"
      },
      "Actions": {
        "#AccountService.ImportRootCertificate": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportRootCertificateActionInfo"
        },
        "#AccountService.DeleteRootCertificate": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteRootCertificateActionInfo"
        },
        "#AccountService.ImportCrl": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportCrlActionInfo"
        },
        "#AccountService.DeleteCrl": {
          "target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl",
          "@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteCrlActionInfo"
        }
      },
      "LdapService": {
        "@odata.id": "/redfish/v1/AccountService/LdapService"
      },
      "KerberosService": {
        "@odata.id": "/redfish/v1/AccountService/KerberosService"
      }
    }
  },
  "Accounts": {
    "@odata.id": "/redfish/v1/AccountService/Accounts"
  },
  "LDAP": {
    "ServiceEnabled": true,
    "ServiceAddresses": [
      "127.0.0.1"
    ],
    "Authentication": {
      "AuthenticationType": "UsernameAndPassword"
    },
    "Certificates": {
      "@odata.id": "/redfish/v1/Managers/1/Certificates"
    },
    "LDAPService": {
      "SearchSettings": {
        "BaseDistinguishedNames": [
          "dc=bmc,dc=test,dc=com"
        ]
      }
    },
    "RemoteRoleMapping": [
      {
        "LocalRole": "Administrator",
        "RemoteGroup": "CN=GroupName,OU=Folder"
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      },
      {
        "LocalRole": null,
        "RemoteGroup": null
      }
    ]
  },
  "Roles": {
    "@odata.id": "/redfish/v1/AccountService/Roles"
  },
  "PrivilegeMap": {
    "@odata.id": "/redfish/v1/AccountService/PrivilegeMap"
  }
}

响应码:200

POST (ACTION)

ImportRootCertificate

命令功能

双因素认证的根证书导入

说明

须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.3.0.1及以上版本支持。双因素认证根证书的内容或者证书路径需要预先存放在Content属性中,否则返回400。

命令格式

URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate

请求头:

X-Auth-Token: 123456789***********************
Content-Type: header_type

请求消息体:

json
{
  "Type": type_value,
  "Content": content_value
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
type_value双因素证书导入的方法URI;Text
content_value双因素证书导入的路径文本形式导入:填写根证书的内容;本地导入:"/tmp/目录/文件名";远程导入:"文件传输协议://用户名:密码@ip地址/目录/文件名"(文件传输协议包括五种:sftp、https、nfs、cifs、scp)

使用指南

BMC300 5.3.0.1及以上版本支持。

使用实例

请求样例(文本形式):

http
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate

请求头:

X-Auth-Token: 123456789***********************
Content-Type: application/json

请求消息体:

json
{
  "Type": "text",
  "Content": ""
}

文本形式和本地文件形式的响应样例:

json
{
  "error": {
    "code": "Base.1.0.GeneralError",
    "message": "A general error has occurred. See ExtendedInfo for more information.",
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_0.Message",
        "MessageId": "Base.1.0.Success",
        "RelatedProperties": [],
        "Message": "Successfully Completed Request",
        "MessageArgs": [],
        "Severity": "OK",
        "Resolution": "None"
      }
    ]
  }
}

响应码:200(文本形式和本地文件形式)

请求样例(远程文件形式):

请求消息体:

json
{
  "Type": "URI",
  "Content": "sftp://username:password@10.10.10.191/usr/ca.cer"
}

远程文件形式的响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
  "@odata.type": "#Task.v1_0_2.Task",
  "@odata.id": "/redfish/v1/TaskService/Tasks/1",
  "Id": "1",
  "Name": "ImportCACertificate",
  "Description": "",
  "TaskState": "Running",
  "TaskStatus": "OK",
  "StartTime": "2023-12-25T21:58:14+08:00",
  "Messages": [],
  "PercentComplete": null,
  "Oem": {
    "Public": {
      "TaskPercentage": null
    }
  }
}

响应码:202(远程文件形式)

POST (ACTION)

DeleteRootCertificate

命令功能

双因素认证的根证书删除

说明

须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.3.0.1及以上版本支持。

命令格式

URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate

请求头:

X-Auth-Token: 123456789***********************
Content-Type: header_type

请求消息体:

json
{
  "CertId": cerid_value
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
cerid_value双因素认证的根证书ID数值类型值,如果有双因素的根证书导入,这个值可以通过查询获取

使用指南

BMC300 5.3.0.1及以上版本支持。

使用实例

请求样例:

http
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate

请求头:

X-Auth-Token: 123456789***********************
Content-Type: application/json

请求消息体:

json
{
  "CertId": 1
}

响应样例:

json
{
  "error": {
    "code": "Base.1.0.GeneralError",
    "message": "A general error has occurred. See ExtendedInfo for more information.",
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_0.Message",
        "MessageId": "Base.1.0.Success",
        "RelatedProperties": [],
        "Message": "Successfully Completed Request",
        "MessageArgs": [],
        "Severity": "OK",
        "Resolution": "None"
      }
    ]
  }
}

响应码:200

POST (ACTION)

ImportCrl

命令功能

双因素认证的客户端证书吊销列表导入

说明

须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.3.0.1及以上版本支持。仅支持导入Base64编码格式的证书吊销列表。

命令格式

URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl

请求头:

Content-Type: header_type
X-Auth-Token: 123456789***********************

请求消息体: 文本导入:

json
{
  "Type": "text",
  "Content": crl_text,
  "RootCertId": root_cert_id
}

本地导入:

json
{
  "Type": "URI",
  "Content": tmp_uri,
  "RootCertId": root_cert_id
}

远程导入:

json
{
  "Type": "URI",
  "Content": remote_uri,
  "RootCertId": root_cert_id
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
Type证书吊销列表导入的方法text;URI
Content证书吊销列表导入的路径文本形式:吊销列表文件的文本内容;本地导入:"/tmp/目录/文件名",文件扩展名必须是".crl";远程导入:sftp://user:password@ip/path,目前支持五种传输协议(https、scp、sftp、cifs、nfs),远程文件的扩展名必须是".crl"
RootCertId签发吊销列表的根证书对象ID取值必须为查询用户服务信息时,返回的RootCertificate对象中某个数组成员的CertId

使用指南

BMC300 5.3.0.1及以上版本支持。 仅支持导入Base64编码格式的证书吊销列表。

使用实例

请求样例(文本导入):

http
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl

请求头:

Content-Type: application/json
X-Auth-Token: 123456789***********************

请求消息体:

json
{
  "Type": "text",
  "Content": "",
  "RootCertId": 1
}

文本和本地导入的响应样例:

json
{
  "error": {
    "code": "Base.1.0.GeneralError",
    "message": "A general error has occurred. See ExtendedInfo for more information.",
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_0.Message",
        "MessageId": "Base.1.0.Success",
        "RelatedProperties": [],
        "Message": "Successfully Completed Request",
        "MessageArgs": [],
        "Severity": "OK",
        "Resolution": "None"
      }
    ]
  }
}

响应码:200(文本和本地导入)

请求样例(远程导入):

请求消息体:

json
{
  "Type": "URI",
  "Content": "sftp://username:password@10.10.10.191/home/usr/ca.crl",
  "RootCertId": 1
}

远程导入的响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
  "@odata.type": "#Task.v1_0_2.Task",
  "@odata.id": "/redfish/v1/TaskService/Tasks/1",
  "Id": "1",
  "Name": "two-factor crl import",
  "Description": "",
  "TaskState": "Running",
  "TaskStatus": "OK",
  "StartTime": "2019-12-01T07:35:15+09:00",
  "Messages": [],
  "PercentComplete": null,
  "Oem": {
    "Public": {
      "TaskPercentage": null
    }
  }
}

响应码:202(远程导入)

POST (ACTION)

DeleteCrl

命令功能

双因素认证的客户端证书吊销列表删除

说明

须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.5.0.1之后的版本支持。

命令格式

URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl

请求头:

Content-Type: header_type
X-Auth-Token: 123456789***********************

请求消息体:

json
{
  "RootCertId": root_cert_id
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
root_cert_id签发吊销列表的根证书对象ID取值必须为查询用户服务信息时,返回的RootCertificate对象中某个数组成员的CertId

使用指南

BMC300 5.5.0.1之后的版本支持。

使用实例

请求样例:

http
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl

请求头:

Content-Type: application/json
X-Auth-Token: 123456789***********************

请求消息体:

json
{
  "RootCertId": 1
}

响应样例:

json
{
  "error": {
    "code": "Base.1.0.GeneralError",
    "message": "A general error has occurred. See ExtendedInfo for more information.",
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_0.Message",
        "MessageId": "Base.1.0.Success",
        "RelatedProperties": [],
        "Message": "Successfully Completed Request",
        "MessageArgs": [],
        "Severity": "OK",
        "Resolution": "None"
      }
    ]
  }
}

响应码:200