ResourceDefinition
uris
/redfish/v1/AccountService
properties
| 名称 | 类型 | 是否只读 | 取值范围/枚举值 | 说明 |
|---|---|---|---|---|
| @odata.context | string | true | - | AccountService资源模型的OData描述信息 |
| @odata.id | string | true | - | AccountService资源节点的访问路径 |
| @odata.type | string | true | - | AccountService资源类型 |
| Id | string | true | - | AccountService资源的ID |
| Name | string | true | - | AccountService资源的名称 |
| MinPasswordLength | number | false | 8~20 | 密码最小长度,可设置为8~20,默认为8 |
| MaxPasswordLength | number | true | - | 密码最大长度 |
| AccountLockoutThreshold | number | false | 0~6 | 允许错误密码次数,即输入错误密码次数超过此参数时,用户被锁定。0表示不限制。 |
| AccountLockoutDuration | number | false | 60~1800 | 用户登录失败后被锁定的锁定时长。单位为秒。取值必须为60的整数倍。 |
| PasswordExpirationDays | number | false | 1~365, null | 设置一个密码后,要使用的最短时间,在此时间内不能修改密码。单位为天,取值为null时表示密码最短使用期无限期。说明 BMC300 5.9.0.1及以上版本支持 |
| AccountLockoutCounterResetAfter | number | true | 0~1800 | 上次登录失败与重置锁定阈值计数间的时间间隔。单位为秒。 |
| AuthFailureLoggingThreshold | number | true | - | 在失败认证记录到日志前,每个帐户允许的认证失败次数。默认值:1 |
| HTTPBasicAuth | string | true | - | 指示是否为此服务启用了HTTP基本身份验证。 |
| LocalAccountAuth | string | false | Enabled,Fallback,LocalFirst | 指示服务如何使用此帐户服务中的帐户集合作为身份验证的一部分。 |
| RequireChangePasswordAction | boolean | false | true,false | 指示是否要求仅可通过ManagerAccount.ChangePassword方法来修改账户密码。说明 BMC300 5.12.0.1及以上版本支持 |
| ServiceEnabled | string | true | - | 帐户服务是否启用的指示 |
| Status | object | true | - | 指定管理资源的状态,包括:Health:管理资源健康状态;State:管理资源使能状态 |
| Oem | object | false | - | 自定义属性 |
| Oem.Public.TlsVersion | array | false | Tls1.2,Tls1.3 | 支持的TLS协议版本(其中Tls1.3为必选项) |
| Oem.Public.OSUserManagementEnabled | boolean | false | true,false | 业务侧用户管理使能 |
| Oem.Public.OSAdministratorPrivilegeEnabled | boolean | false | true,false | 业务侧管理员权限操作使能 |
| Oem.Public.PasswordValidityDays | number | false | 1~365, null | 用户密码的使用期限,单位为天,取值为null时表示密码无限期 |
| Oem.Public.MinimumPasswordAgeDays | number | false | 1~365, null | 设置一个密码后,要使用的最短时间,在此时间内不能修改密码。单位为天,取值为null时表示密码最短使用期无限期 |
| Oem.Public.UsernamePasswordCompareInfo | object | false | - | 用户名和密码的比对校验策略 |
| Oem.Public.UsernamePasswordCompareInfo.UsernamePasswordCompareEnabled | boolean | false | true,false | 用户名和密码的比对校验使能 |
| Oem.Public.UsernamePasswordCompareInfo.UsernamePasswordCompareLength | number | false | 4~20 | 用户名和密码的比对校验长度 |
| Oem.Public.PreviousPasswordsDisallowedCount | number | false | 1~5, null | 用户修改密码时,禁止使用设置次数内的历史密码。取值为null时表示不限制使用历史密码 |
| Oem.Public.SecurityBannerEnabled | boolean | false | true,false | 安全公告显示使能 |
| Oem.Public.SecurityBanner | string | false | - | 安全公告信息,0~1024个字节的字符串 |
| Oem.Public.DefaultSecurityBanner | string | true | - | 默认安全公告信息 |
| Oem.Public.AccountInactiveTimelimit | number | false | 0, 30~365 | 用户不活动期限,单位为天。0表示用户不活动期限无限制 |
| Oem.Public.CLISessionTimeoutMinutes | number | false | 0~480 | CLI会话超时时间,单位为分,0表示CLI超时期限无限制 |
| Oem.Public.PasswordComplexityCheckEnabled | boolean | false | true,false | 密码复杂度使能 |
| Oem.Public.SSHPasswordAuthenticationEnabled | boolean | false | true,false | SSH密码认证使能 |
| Oem.Public.CertificateOverdueWarningTime | number | false | 7~180 | 证书过期提前告警时间,单位为天,默认为90 |
| Oem.Public.EmergencyLoginUser | string | false | - | 紧急登录用户,仅管理员可以被设置为"紧急登录用户",空字符串表示无紧急登录用户。仅管理员可以查询该属性,其他角色查询均显示为null |
| Oem.Public.TwoFactorAuthenticationInformation | object | false | - | 双因素认证信息 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate | array | true | - | 双因素根证书信息。须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/Managers/manager_id/Certificates接口进行CA证书查询 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.CertId | number | true | - | 证书Id |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.IssueBy | string | true | - | 颁发者 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.IssueTo | string | true | - | 使用者 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.ValidFrom | string | true | - | 证书有效起始日期 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.ValidTo | string | true | - | 证书有效截止日期 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.SerialNumber | string | true | - | 序列号 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.IsImportCrl | boolean | true | - | 是否配置证书吊销列表 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.SignatureAlgorithm | string | true | - | 签名算法 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.KeyUsage | string | true | - | 秘钥用法 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.PublicKeyLengthBits | number | true | - | 公钥长度 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.CrlValidFrom | string | true | - | 证书吊销列表有效期起始日期 |
| Oem.Public.TwoFactorAuthenticationInformation.RootCertificate.CrlValidTo | string | true | - | 证书吊销列表有效期截止日期 |
| Oem.Public.SystemLockDownEnabled | boolean | false | true,false | 系统锁定模式使能 |
| Oem.Public.InitialAccountPrivilegeRestrictEnabled | boolean | false | true,false | 初始账户权限限制使能 |
| Oem.Public.PasswordRulePolicy | string | false | Default,Customized,Hybrid | 密码校验规则:Default:默认密码复杂度校验;Customized:自定义正则校验;Hybrid:两种校验模式共同生效。说明 BMC300 5.9.0.1及以上版本支持 |
| Oem.Public.PasswordPattern | string | false | - | 密码校验正则表达式,带有起始符(^)和终止符($)的正则表达式,长度0-255。说明 BMC300 5.9.0.1及以上版本支持 |
| Oem.Public.InterChassisAuthentication | object | false | - | 框间通信鉴权配置。说明 BMC300 5.10.0.1及以上版本支持 |
| Oem.Public.InterChassisAuthentication.Enabled | boolean | false | true,false | 框间通信鉴权使能 |
| Oem.Public.InterChassisAuthentication.AccessRole | string | false | Administrator,Operator,CommonUser,NoAccess | 框间通信通道权限 |
| Actions | object | true | - | 可执行的操作 |
| #AccountService.ImportRootCertificate | object | true | - | 导入双因素根证书操作 |
| #AccountService.ImportRootCertificate.target | string | true | - | 导入双因素根证书操作的路径 |
| #AccountService.ImportRootCertificate.@Redfish.ActionInfo | string | true | - | 导入双因素根证书操作的查询路径 |
| #AccountService.DeleteRootCertificate | object | true | - | 删除双因素根证书操作 |
| #AccountService.DeleteRootCertificate.target | string | true | - | 删除双因素根证书操作的路径 |
| #AccountService.DeleteRootCertificate.@Redfish.ActionInfo | string | true | - | 删除双因素根证书操作的查询路径 |
| #AccountService.ImportCrl | object | true | - | 导入双因素客户端证书吊销列表操作 |
| #AccountService.ImportCrl.target | string | true | - | 导入双因素客户端证书吊销列表操作的路径 |
| #AccountService.ImportCrl.@Redfish.ActionInfo | string | true | - | 导入双因素客户端证书吊销列表操作的查询路径 |
| #AccountService.DeleteCrl | object | true | - | 删除双因素客户端证书吊销列表操作(注:该接口为预留接口,功能暂未实现。) |
| #AccountService.DeleteCrl.target | string | true | - | 删除双因素客户端证书吊销列表操作的路径 |
| #AccountService.DeleteCrl.@Redfish.ActionInfo | string | true | - | 删除双因素客户端证书吊销列表操作的查询路径 |
| LdapService | object | true | - | Ldap服务资源访问路径 |
| KerberosService | object | true | - | Kerberos服务资源访问路径 |
| Accounts | object | true | - | 用户资源节点的访问路径 |
| LDAP | object | false | - | 第一个LDAP控制器。说明 BMC300 5.9.0.1及以上版本支持 |
| LDAP.ServiceEnabled | boolean | false | true,false | LDAP服务使能 |
| LDAP.ServiceAddresses | array | false | - | LDAP服务器地址 |
| LDAP.Authentication | object | true | - | LDAP服务认证所需信息 |
| LDAP.Authentication.AuthenticationType | string | true | - | LDAP服务进行身份验证的类型 |
| LDAP.Certificates | object | true | - | LDAP证书资源 |
| LDAP.Certificates.@odata.id | string | true | - | LDAP服务使用的证书资源集合链接 |
| LDAP.LDAPService | object | false | - | LDAP服务的附加信息 |
| LDAP.LDAPService.SearchSettings | object | false | - | 搜索LDAP服务所需配置 |
| LDAP.LDAPService.SearchSettings.BaseDistinguishedNames | array | false | - | LDAP服务域名 |
| LDAP.RemoteRoleMapping | array | false | - | LDAP远程用户组与本地角色映射表 |
| LDAP.RemoteRoleMapping.LocalRole | string | false | CommonUser,Operator,Administrator,CustomRole1~CustomRole16 | 本地角色名 |
| LDAP.RemoteRoleMapping.RemoteGroup | string | false | - | 远程用户组名称,形如"CN=groupName,OU=Role" |
| Roles | object | true | - | Roles资源节点的访问路径 |
| PrivilegeMap | object | true | - | PrivilegeMap资源节点的访问路径(注:该接口为预留接口,功能暂未实现。) |
supported_methods
- GET
- PATCH
- POST
HTTP methods
GET
命令功能
查询用户服务信息
说明
无
命令格式
URL: https://device_ip/redfish/v1/AccountService
请求头:
X-Auth-Token: 123456789***********************请求消息体: 无
参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| device_ip | 登录设备的IP地址 | IPv4或IPv6地址 |
| auth_value | 执行该GET请求时,必须在"Headers"中携带"X-Auth-Token"值用于鉴权 | 可通过/redfish/v1/SessionService/Sessions创建会话时获得 |
使用指南
无
使用实例
请求样例:
GET https://device_ip/redfish/v1/AccountService请求头:
X-Auth-Token: 123456789***********************请求消息体:无
响应样例:
{
"@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
"@odata.id": "/redfish/v1/AccountService",
"@odata.type": "#AccountService.v1_15_1.AccountService",
"Id": "AccountService",
"Name": "Account Service",
"MinPasswordLength": 8,
"MaxPasswordLength": 20,
"AccountLockoutThreshold": 5,
"AccountLockoutDuration": 300,
"PasswordExpirationDays": null,
"AccountLockoutCounterResetAfter": 300,
"AuthFailureLoggingThreshold": 1,
"HTTPBasicAuth": "Enabled",
"LocalAccountAuth": "LoalFirst",
"ServiceEnabled": true,
"RequireChangePasswordAction": false,
"Status": {
"State": "Enabled",
"Health": "OK"
},
"Oem": {
"Public": {
"TlsVersion": ["Tls1.2","Tls1.3"],
"OSUserManagementEnabled": true,
"OSAdministratorPrivilegeEnabled": true,
"PasswordValidityDays": null,
"MinimumPasswordAgeDays": null,
"UsernamePasswordCompareInfo": {
"UsernamePasswordCompareEnabled": false,
"UsernamePasswordCompareLength": 4
},
"PreviousPasswordsDisallowedCount": null,
"SecurityBannerEnabled": true,
"SecurityBanner": "information",
"DefaultSecurityBanner": "WARNING! This system is PRIVATE and PROPRIETARY and may only be accessed by authorized users. Unauthorized use of the system is prohibited. The owner, or its agents, may monitor any activity or communication on the system. The owner, or its agents, may retrieve any information stored within the system. By accessing and using the system, you are consenting to such monitoring and information retrieval for law enforcement and other purposes.",
"AccountInactiveTimelimit ": 0,
"CLISessionTimeoutMinutes": 5,
"PasswordComplexityCheckEnabled": true,
"SSHPasswordAuthenticationEnabled": true,
"CertificateOverdueWarningTime": 90,
"EmergencyLoginUser": "",
"TwoFactorAuthenticationInformation": {
"RootCertificate": [
{
"CertId": 1,
"IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"ValidFrom": "Jan 07 2017 GMT",
"ValidTo": "Jan 05 2027 GMT",
"SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
"IsImportCrl": false,
"SignatureAlgorithm": "sha256WithRSAEncryption",
"KeyUsage": "Certificate Signing, CRL Sign",
"PublicKeyLengthBits": 2048,
"CrlValidFrom": null,
"CrlValidTo": null
}
]
},
"SystemLockDownEnabled": false,
"InitialAccountPrivilegeRestrictEnabled": false,
"PasswordRulePolicy": "Default",
"PasswordPattern": "",
"InterChassisAuthentication": {
"Enabled": false,
"AccessRole": "Administrator"
},
"Actions": {
"#AccountService.ImportRootCertificate": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportRootCertificateActionInfo"
},
"#AccountService.DeleteRootCertificate": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteRootCertificateActionInfo"
},
"#AccountService.ImportCrl": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportCrlActionInfo"
},
"#AccountService.DeleteCrl": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteCrlActionInfo"
}
},
"LdapService": {
"@odata.id": "/redfish/v1/AccountService/LdapService"
},
"KerberosService": {
"@odata.id": "/redfish/v1/AccountService/KerberosService"
}
}
},
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
"LDAP": {
"ServiceEnabled": true,
"ServiceAddresses": [
"127.0.0.1"
],
"Authentication": {
"AuthenticationType": "UsernameAndPassword"
},
"Certificates": {
"@odata.id": "/redfish/v1/Managers/1/Certificates"
},
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"dc=bmc,dc=test,dc=com"
]
}
},
"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "CN=GroupName,OU=Folder"
},
{
"LocalRole": null,
"RemoteGroup": null
},
{
"LocalRole": null,
"RemoteGroup": null
},
{
"LocalRole": null,
"RemoteGroup": null
},
{
"LocalRole": null,
"RemoteGroup": null
}
]
},
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"PrivilegeMap": {
"@odata.id": "/redfish/v1/AccountService/PrivilegeMap"
}
}响应码:200
PATCH
命令功能
修改用户服务信息
说明
针对指定用户,可同时修改请求消息体中包含的多个属性。
命令格式
URL: https://device_ip/redfish/v1/AccountService
请求头:
X-Auth-Token: 123456789***********************
Content-Type: header_type
If-Match: ifmatch_value请求消息体:
{
"AccountLockoutThreshold": count,
"AccountLockoutDuration": time,
"MinPasswordLength": MinPasswordLength_value,
"PasswordExpirationDays": PasswordExpirationDays_value,
"LocalAccountAuth": LocalAccountAuth_value,
"RequireChangePasswordAction": RequireChangePasswordAction_value,
"Oem": {
"Public": {
"TlsVersion": [tls_value],
"PasswordComplexityCheckEnabled": PasswordComplexityCheckEnabled_value,
"AccountInactiveTimelimit": AccountInactiveTimelimit_value,
"CLISessionTimeoutMinutes": clitimeout_value,
"SSHPasswordAuthenticationEnabled": SSHPasswordAuthenticationEnabled_value,
"CertificateOverdueWarningTime": CertificateOverdueWarningTime_value,
"OSUserManagementEnabled": OSUserManagementEnabled_value,
"OSAdministratorPrivilegeEnabled": OSAdministratorPrivilegeEnabled_value,
"PasswordValidityDays": PasswordValidityDays_value,
"MinimumPasswordAgeDays": MinimumPasswordAgeDays_value,
"PreviousPasswordsDisallowedCount": PreviousPasswordsDisallowedCount_value,
"SecurityBannerEnabled": SecurityBannerEnabled_value,
"SecurityBanner": SecurityBanner_value,
"EmergencyLoginUser": EmergencyLoginUser_value,
"SystemLockDownEnabled": SystemLockDownEnabled_value,
"InitialAccountPrivilegeRestrictEnabled": InitialAccountPrivilegeRestrictEnabled_value,
"PasswordRulePolicy": PasswordRulePolicy_value,
"PasswordPattern": PasswordPattern_value,
"UsernamePasswordCompareInfo": {
"UsernamePasswordCompareEnabled": UsernamePasswordCompareEnabled_value,
"UsernamePasswordCompareLength": UsernamePasswordCompareLength_value
},
"TwoFactorAuthenticationInformation": {
"CrlVerificationEnabled": Crl_enabled_value
},
"InterChassisAuthentication": {
"Enabled": InterChassisAuthentication_value,
"AccessRole": InterChassisAccessRole_value
}
}
},
"LDAP": {
"ServiceEnabled": ServiceEnabled_value,
"ServiceAddresses": [ServiceAddresses_value],
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [BaseDistinguishedNames_value]
}
},
"RemoteRoleMapping": [
{
"LocalRole": "LocalRole_value",
"RemoteGroup": "RemoteGroup_value"
}
]
}
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| count | 允许输入错误密码次数 | 0~6的整数,0表示不锁定 |
| time | 用户登录失败被锁定后,自动解锁的时间间隔 | 60~1800的整数,单位为秒,默认为300。取值必须为60的整数倍 |
| MinPasswordLength_value | 用户密码最小长度 | 8~20的整数,默认为8 |
| PasswordExpirationDays_value | 密码最长有效期 | 1~365的整数或者null,单位为天。null表示密码为无限期。PasswordExpirationDays_value与PasswordValidityDays_value单独只设置任意一个时,以当前设置的值为准,同时设置时以PasswordExpirationDays_value为准。说明 BMC300 5.9.0.1及以上版本支持 |
| LocalAccountAuth_value | 本地用户认证模式 | Enabled:仅可使用本地用户认证;Fallback:优先使用远程资源认证;LocalFirst:优先使用本地用户认证 |
| RequireChangePasswordAction_value | 是否仅可使用ManagerAccount.ChangePassword方法来修改用户密码 | true:仅可通过ManagerAccount.ChangePassword修改用户密码;false:可通过ManagerAccount.ChangePassword和PATCH的形式修改用户密码。说明 BMC300 5.12.0.1及以上版本支持 |
| tls_value | TLS协议版本 | 数组内容包括(其中Tls1.3为必选项):Tls1.2;Tls1.3 |
| PasswordComplexityCheckEnabled_value | 密码复杂度使能 | true:开启;false:关闭 |
| AccountInactiveTimelimit_value | 用户不活动期限 | 0或者30~365的整数,单位为天。0表示用户不活动期限无限制 |
| CLITimeout_value | CLI会话超时时间 | 0~480的整数,单位为分。0表示CLI超时期限无限制 |
| SSHPasswordAuthenticationEnabled_value | SSH密码认证使能 | true:开启;false:关闭 |
| CertificateOverdueWarningTime_value | 证书过期提前告警时间 | 7~180的整数,单位为天,默认为90 |
| OSUserManagementEnabled_value | 业务侧用户管理使能 | true:开启;false:关闭 |
| OSAdministratorPrivilegeEnabled | 业务侧管理员权限操作使能 | true:开启;false:关闭 |
| PasswordValidityDays_value | 用户密码的使用期限 | 1~365的整数或者null,单位为天。null表示密码为无限期 |
| MinimumPasswordAgeDays_value | 设置一个密码后,要使用的最短时间 | 1~365的整数或者null,单位为天。null表示密码最短使用期无限期 |
| PreviousPasswordsDisallowedCount_value | 用户修改密码时,禁止使用设置次数内的历史密码 | 1~5的整数或者null。null表示不限制使用历史密码 |
| SecurityBannerEnabled_value | 安全公告显示使能 | true:开启;false:关闭 |
| SecurityBanner_value | 安全公告信息 | 字符串,0~1024个字节的字符串 |
| EmergencyLoginUser_value | 紧急登录用户 | 字符串,仅管理员用户可以被设置为"紧急登录用户"。空字符串表示无紧急登录用户 |
| SystemLockDownEnabled_value | 系统锁定模式使能 | true:开启;false:关闭 |
| InitialAccountPrivilegeRestrictEnabled_value | 初始账户权限限制使能 | true:开启;false:关闭 |
| PasswordRulePolicy_value | 密码校验规则 | Default:默认密码复杂度校验;Customized:自定义正则校验;Hybrid:两种校验模式共同生效。说明 BMC300 5.9.0.1及以上版本支持 |
| PasswordPattern_value | 密码校验正则表达式 | 带有起始符(^)和终止符($)的正则表达式,长度0-255。说明 BMC300 5.9.0.1及以上版本支持 |
| UsernamePasswordCompareEnabled_value | 用户名密码比对校验使能 | true:开启;false:关闭 |
| UsernamePasswordCompareLength_value | 用户名密码比对校验长度 | 4~20的整数 |
| Crl_enabled_value | 双因素客户端证书吊销检查使能 | true:开启;false:关闭 |
| InterChassisAuthentication_value | 框间通信鉴权使能 | true:开启;false:关闭。说明 BMC300 5.10.0.1及以上版本支持 |
| InterChassisAccessRole_value | 框间通信通道权限 | Administrator:管理员权限;Operator:操作员权限;CommonUser:普通用户权限;NoAccess:无权限。说明 BMC300 5.10.0.1及以上版本支持 |
| ServiceEnabled_value | LDAP服务使能 | true:开启;false:关闭。说明 BMC300 5.9.0.1及以上版本支持 |
| ServiceAddresses_value | LDAP服务器地址 | 字符串,ip地址或服务器全限定域名。说明 BMC300 5.9.0.1及以上版本支持 |
| BaseDistinguishedNames_value | LDAP服务器域名 | 字符串,形如"dc=test,dc=com"格式。说明 BMC300 5.9.0.1及以上版本支持 |
| LocalRole_value | 本地角色名 | 字符串,取值:CommonUser;Operator;Administrator;CustomRole1~CustomRole16。说明 BMC300 5.9.0.1及以上版本支持 |
| RemoteGroup_value | LDAP远程用户组名称 | 字符串,形如"CN=groupName,OU=Role",首个"CN="的内容为组名,其余内容为组应用文件夹。说明 BMC300 5.9.0.1及以上版本支持 |
使用指南
针对指定用户,可同时修改请求消息体中包含的多个属性。
使用实例
请求样例:
PATCH https://device_ip/redfish/v1/AccountService请求头:
X-Auth-Token: 123456789***********************
Content-Type: application/json
If-Match: W/"bc428df5"请求消息体:
{
"AccountLockoutThreshold": 4,
"AccountLockoutDuration": 180,
"MinPasswordLength": 8,
"PasswordExpirationDays": null,
"AccountLockoutCounterResetAfter": 300,
"AuthFailureLoggingThreshold": 1,
"HTTPBasicAuth": "Enabled",
"LocalAccountAuth": "LocalFirst",
"RequireChangePasswordAction": false,
"ServiceEnabled": true,
"Status": {
"State": "Enabled",
"Health": "OK"
},
"Oem": {
"Public": {
"TlsVersion": ["Tls1.2","Tls1.3"],
"PasswordComplexityCheckEnabled": true,
"AccountInactiveTimelimit": 0,
"CLISessionTimeoutMinutes": 5,
"SSHPasswordAuthenticationEnabled": true,
"CertificateOverdueWarningTime": 7,
"OSUserManagementEnabled": true,
"OSAdministratorPrivilegeEnabled": true,
"PasswordValidityDays": null,
"MinimumPasswordAgeDays": null,
"PreviousPasswordsDisallowedCount": null,
"SecurityBannerEnabled": true,
"SecurityBanner": "information",
"EmergencyLoginUser": "",
"InitialAccountPrivilegeRestrictEnabled": true,
"UsernamePasswordCompareInfo": {
"UsernamePasswordCompareEnabled": false,
"UsernamePasswordCompareLength": 4
},
"TwoFactorAuthenticationInformation": {
"CrlVerificationEnabled": false
},
"InterChassisAuthentication": {
"Enabled": true,
"AccessRole": "Administrator"
}
}
},
"LDAP": {
"ServiceEnabled": true,
"ServiceAddresses": [
"127.0.0.1"
],
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"dc=bmc,dc=test,dc=com"
]
}
},
"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "CN=GroupName,OU=Folder"
}
]
}
}响应样例:
{
"@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
"@odata.id": "/redfish/v1/AccountService",
"@odata.type": "#AccountService.v1_15_1.AccountService",
"Id": "AccountService",
"Name": "Account Service",
"MinPasswordLength": 8,
"MaxPasswordLength": 20,
"AccountLockoutThreshold": 4,
"AccountLockoutDuration": 180,
"PasswordExpirationDays": null,
"RequireChangePasswordAction": false,
"Oem": {
"Public": {
"TlsVersion": ["Tls1.2","Tls1.3"],
"OSUserManagementEnabled": true,
"OSAdministratorPrivilegeEnabled": true,
"PasswordValidityDays": null,
"CLISessionTimeoutMinutes": 5,
"MinimumPasswordAgeDays": null,
"PreviousPasswordsDisallowedCount": null,
"SecurityBannerEnabled": true,
"SecurityBanner": "information",
"DefaultSecurityBanner": "WARNING! This system is PRIVATE and PROPRIETARY and may only be accessed by authorized users. Unauthorized use of the system is prohibited. The owner, or its agents, may monitor any activity or communication on the system. The owner, or its agents, may retrieve any information stored within the system. By accessing and using the system, you are consenting to such monitoring and information retrieval for law enforcement and other purposes.",
"AccountInactiveTimelimit ": 0,
"CLISessionTimeoutMinutes": 5,
"PasswordComplexityCheckEnabled": true,
"SSHPasswordAuthenticationEnabled": true,
"CertificateOverdueWarningTime": 7,
"EmergencyLoginUser": "",
"TwoFactorAuthenticationInformation": {
"RootCertificate": [
{
"CertId": 1,
"IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"ValidFrom": "Jan 07 2017 GMT",
"ValidTo": "Jan 05 2027 GMT",
"SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
"IsImportCrl": false,
"SignatureAlgorithm": "sha256WithRSAEncryption",
"KeyUsage": "Certificate Signing, CRL Sign",
"PublicKeyLengthBits": 2048,
"CrlValidFrom": null,
"CrlValidTo": null
}
]
},
"SystemLockDownEnabled": false,
"InitialAccountPrivilegeRestrictEnabled": true,
"PasswordRulePolicy": "Default",
"PasswordPattern": "",
"InterChassisAuthentication": {
"Enabled": true,
"AccessRole": "Administrator"
},
"Actions": {
"#AccountService.ImportRootCertificate": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportRootCertificateActionInfo"
},
"#AccountService.DeleteRootCertificate": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteRootCertificateActionInfo"
},
"#AccountService.ImportCrl": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/ImportCrlActionInfo"
},
"#AccountService.DeleteCrl": {
"target": "/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/DeleteCrlActionInfo"
}
},
"LdapService": {
"@odata.id": "/redfish/v1/AccountService/LdapService"
},
"KerberosService": {
"@odata.id": "/redfish/v1/AccountService/KerberosService"
}
}
},
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
"LDAP": {
"ServiceEnabled": true,
"ServiceAddresses": [
"127.0.0.1"
],
"Authentication": {
"AuthenticationType": "UsernameAndPassword"
},
"Certificates": {
"@odata.id": "/redfish/v1/Managers/1/Certificates"
},
"LDAPService": {
"SearchSettings": {
"BaseDistinguishedNames": [
"dc=bmc,dc=test,dc=com"
]
}
},
"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "CN=GroupName,OU=Folder"
},
{
"LocalRole": null,
"RemoteGroup": null
},
{
"LocalRole": null,
"RemoteGroup": null
},
{
"LocalRole": null,
"RemoteGroup": null
},
{
"LocalRole": null,
"RemoteGroup": null
}
]
},
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"PrivilegeMap": {
"@odata.id": "/redfish/v1/AccountService/PrivilegeMap"
}
}响应码:200
POST (ACTION)
ImportRootCertificate
命令功能
双因素认证的根证书导入
说明
须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.3.0.1及以上版本支持。双因素认证根证书的内容或者证书路径需要预先存放在Content属性中,否则返回400。
命令格式
URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate
请求头:
X-Auth-Token: 123456789***********************
Content-Type: header_type请求消息体:
{
"Type": type_value,
"Content": content_value
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| type_value | 双因素证书导入的方法 | URI;Text |
| content_value | 双因素证书导入的路径 | 文本形式导入:填写根证书的内容;本地导入:"/tmp/目录/文件名";远程导入:"文件传输协议://用户名:密码@ip地址/目录/文件名"(文件传输协议包括五种:sftp、https、nfs、cifs、scp) |
使用指南
BMC300 5.3.0.1及以上版本支持。
使用实例
请求样例(文本形式):
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportRootCertificate请求头:
X-Auth-Token: 123456789***********************
Content-Type: application/json请求消息体:
{
"Type": "text",
"Content": ""
}文本形式和本地文件形式的响应样例:
{
"error": {
"code": "Base.1.0.GeneralError",
"message": "A general error has occurred. See ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"MessageId": "Base.1.0.Success",
"RelatedProperties": [],
"Message": "Successfully Completed Request",
"MessageArgs": [],
"Severity": "OK",
"Resolution": "None"
}
]
}
}响应码:200(文本形式和本地文件形式)
请求样例(远程文件形式):
请求消息体:
{
"Type": "URI",
"Content": "sftp://username:password@10.10.10.191/usr/ca.cer"
}远程文件形式的响应样例:
{
"@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
"@odata.type": "#Task.v1_0_2.Task",
"@odata.id": "/redfish/v1/TaskService/Tasks/1",
"Id": "1",
"Name": "ImportCACertificate",
"Description": "",
"TaskState": "Running",
"TaskStatus": "OK",
"StartTime": "2023-12-25T21:58:14+08:00",
"Messages": [],
"PercentComplete": null,
"Oem": {
"Public": {
"TaskPercentage": null
}
}
}响应码:202(远程文件形式)
POST (ACTION)
DeleteRootCertificate
命令功能
双因素认证的根证书删除
说明
须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.3.0.1及以上版本支持。
命令格式
URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate
请求头:
X-Auth-Token: 123456789***********************
Content-Type: header_type请求消息体:
{
"CertId": cerid_value
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| cerid_value | 双因素认证的根证书ID | 数值类型值,如果有双因素的根证书导入,这个值可以通过查询获取 |
使用指南
BMC300 5.3.0.1及以上版本支持。
使用实例
请求样例:
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteRootCertificate请求头:
X-Auth-Token: 123456789***********************
Content-Type: application/json请求消息体:
{
"CertId": 1
}响应样例:
{
"error": {
"code": "Base.1.0.GeneralError",
"message": "A general error has occurred. See ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"MessageId": "Base.1.0.Success",
"RelatedProperties": [],
"Message": "Successfully Completed Request",
"MessageArgs": [],
"Severity": "OK",
"Resolution": "None"
}
]
}
}响应码:200
POST (ACTION)
ImportCrl
命令功能
双因素认证的客户端证书吊销列表导入
说明
须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.3.0.1及以上版本支持。仅支持导入Base64编码格式的证书吊销列表。
命令格式
URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl
请求头:
Content-Type: header_type
X-Auth-Token: 123456789***********************请求消息体: 文本导入:
{
"Type": "text",
"Content": crl_text,
"RootCertId": root_cert_id
}本地导入:
{
"Type": "URI",
"Content": tmp_uri,
"RootCertId": root_cert_id
}远程导入:
{
"Type": "URI",
"Content": remote_uri,
"RootCertId": root_cert_id
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| Type | 证书吊销列表导入的方法 | text;URI |
| Content | 证书吊销列表导入的路径 | 文本形式:吊销列表文件的文本内容;本地导入:"/tmp/目录/文件名",文件扩展名必须是".crl";远程导入:sftp://user:password@ip/path,目前支持五种传输协议(https、scp、sftp、cifs、nfs),远程文件的扩展名必须是".crl" |
| RootCertId | 签发吊销列表的根证书对象ID | 取值必须为查询用户服务信息时,返回的RootCertificate对象中某个数组成员的CertId |
使用指南
BMC300 5.3.0.1及以上版本支持。 仅支持导入Base64编码格式的证书吊销列表。
使用实例
请求样例(文本导入):
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.ImportCrl请求头:
Content-Type: application/json
X-Auth-Token: 123456789***********************请求消息体:
{
"Type": "text",
"Content": "",
"RootCertId": 1
}文本和本地导入的响应样例:
{
"error": {
"code": "Base.1.0.GeneralError",
"message": "A general error has occurred. See ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"MessageId": "Base.1.0.Success",
"RelatedProperties": [],
"Message": "Successfully Completed Request",
"MessageArgs": [],
"Severity": "OK",
"Resolution": "None"
}
]
}
}响应码:200(文本和本地导入)
请求样例(远程导入):
请求消息体:
{
"Type": "URI",
"Content": "sftp://username:password@10.10.10.191/home/usr/ca.crl",
"RootCertId": 1
}远程导入的响应样例:
{
"@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
"@odata.type": "#Task.v1_0_2.Task",
"@odata.id": "/redfish/v1/TaskService/Tasks/1",
"Id": "1",
"Name": "two-factor crl import",
"Description": "",
"TaskState": "Running",
"TaskStatus": "OK",
"StartTime": "2019-12-01T07:35:15+09:00",
"Messages": [],
"PercentComplete": null,
"Oem": {
"Public": {
"TaskPercentage": null
}
}
}响应码:202(远程导入)
POST (ACTION)
DeleteCrl
命令功能
双因素认证的客户端证书吊销列表删除
说明
须知此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务。BMC300 5.5.0.1之后的版本支持。
命令格式
URL: https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl
请求头:
Content-Type: header_type
X-Auth-Token: 123456789***********************请求消息体:
{
"RootCertId": root_cert_id
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| root_cert_id | 签发吊销列表的根证书对象ID | 取值必须为查询用户服务信息时,返回的RootCertificate对象中某个数组成员的CertId |
使用指南
BMC300 5.5.0.1之后的版本支持。
使用实例
请求样例:
POST https://device_ip/redfish/v1/AccountService/Oem/Public/Actions/AccountService.DeleteCrl请求头:
Content-Type: application/json
X-Auth-Token: 123456789***********************请求消息体:
{
"RootCertId": 1
}响应样例:
{
"error": {
"code": "Base.1.0.GeneralError",
"message": "A general error has occurred. See ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"MessageId": "Base.1.0.Success",
"RelatedProperties": [],
"Message": "Successfully Completed Request",
"MessageArgs": [],
"Severity": "OK",
"Resolution": "None"
}
]
}
}响应码:200