LdapController
更新时间: 2026/06/26
在Gitcode上查看源码

ResourceDefinition

uris

  • /redfish/v1/AccountService/LdapService/LdapControllers/{member_id}

properties

名称类型是否只读取值范围/枚举值说明
@odata.contextstringtrue-Ldap资源模型的OData描述信息
@odata.idstringtrue-Ldap资源节点的访问路径
@odata.typestringtrue-Ldap资源类型
Idstringtrue-Ldap资源的ID
Namestringtrue-Ldap资源的名称
LdapServerAddressstringfalse-域控制器的地址
LdapPortnumberfalse-域控制器的端口号
UserDomainstringfalse-域控制器的用户域
BindDNstringfalse-Ldap代理用户标识名
BindPasswordstringfalse-Ldap代理用户的认证密码
CertificateVerificationEnabledbooleanfalsetrue,false证书启用的使能
CertificateVerificationLevelstringfalseDemand,Allow证书校验级别,仅在证书启用使能状态下生效
CertificateInformationobjecttrue-证书信息:
● IssueBy:证书的颁发者
● IssueTo:证书的使用者
● ValidFrom:证书的开始时间
● ValidTo:证书的结束时间
● SerialNumber:证书的序列号
● SignatureAlgorithm:证书的签名算法
● KeyUsage:证书的使用方法
● PublicKeyLengthBits:证书的公钥长度
● IsImportCrl:吊销列表是否存在
● CrlValidFrom:吊销列表起始时间
● CrlValidTo:吊销列表结束时间
CertificateChainInformationobjecttrue-证书链信息:
● ServerCert:服务器证书
● IntermediateCert:中间证书
● RootCert:根证书
LdapGroupsarrayfalse-Ldap用户组
MemberIdnumbertrue-用户组id
GroupNamestringfalse-用户组组名
GroupFolderstringfalse-用户组组文件夹
GroupDomainstringfalse-用户组组域
GroupRolestringfalse-用户组角色
GroupLoginRulearrayfalse-用户组登录规则,每一项为对象,对象中属性:
● @odata.id:具体登录规则的路径
GroupLoginInterfacearrayfalse-登录接口,每一项为字符串
Actionsobjecttrue-域控制器资源可执行的操作
#HwLdapController.ImportCertobjecttrue-导入证书操作
#HwLdapController.ImportCert.targetstringtrue-导入证书操作的路径
#HwLdapController.ImportCert.@Redfish.ActionInfostringtrue-导入证书操作的查询路径
#LdapController.ImportCrlobjecttrue-导入服务器证书吊销列表操作
#LdapController.ImportCrl.targetstringtrue-导入服务器证书吊销列表操作的路径
#LdapController.ImportCrl.@Redfish.ActionInfostringtrue-导入服务器证书吊销列表操作的查询路径
#LdapController.DeleteCrlobjecttrue-删除服务器证书吊销列表操作
#LdapController.DeleteCrl.targetstringtrue-删除服务器证书吊销列表操作的路径
#LdapController.DeleteCrl.@Redfish.ActionInfostringtrue-删除服务器证书吊销列表操作的查询路径

supported_methods

  • GET
  • PATCH
  • POST

HTTP methods

GET

命令功能

查询具体域控制器的信息

说明

命令格式

URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id

请求头:


X-Auth-Token: 123456789***********************

请求消息体: 无

参数说明

参数参数说明取值
device_ip登录设备的IP地址IPv4或IPv6地址
auth_value执行该GET请求时,必须在"Headers"中携带"X-Auth-Token"值用于鉴权可通过/redfish/v1/SessionService/Sessions创建会话时获得
member_id域控制器Id通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个

使用指南

使用实例

请求样例:

http
GET https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1

请求头:


X-Auth-Token: 123456789***********************

请求消息体:无

响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#HwLdapControllers.HwLdapControllers",
  "@odata.id": "/redfish/v1/AccountService/LdapService/LdapControllers/1",
  "@odata.type": "#HwLdapController.v1_0_0.HwLdapController",
  "Id": "1",
  "Name": "Ldap Controller",
  "LdapServerAddress": "device_ip",
  "LdapPort": 635,
  "UserDomain": "CN=test,,DC=,DC=com",
  "BindDN": "testname",
  "BindPassword": null,
  "CertificateVerificationEnabled": false,
  "CrlVerificationEnabled": false,
  "CrlValidFrom": null,
  "CrlValidTo": null,
  "CertificateVerificationLevel": "Demand",
  "CertificateInformation": {
    "IssueBy": "CN=Second_ca, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
    "IssueTo": "CN=ibmc.com, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
    "ValidFrom": "Jan 07 2017 GMT",
    "ValidTo": "Jan 05 2027 GMT",
    "SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
    "SignatureAlgorithm": "sha256WithRSAEncryption",
    "KeyUsage": "Certificate Signing, CRL Sign",
    "PublicKeyLengthBits": 2048
  },
  "CertificateChainInformation": {
    "ServerCert": {
      "IssueBy": "CN=Second_ca, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
      "IssueTo": "CN=ibmc.com, OU= IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
      "ValidFrom": "Jan 07 2017 GMT",
      "ValidTo": "Jan 05 2027 GMT",
      "SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
      "SignatureAlgorithm": "sha256WithRSAEncryption",
      "KeyUsage": "Certificate Signing, CRL Sign",
      "PublicKeyLengthBits": 2048
    },
    "IntermediateCert": [
      {
        "IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
        "IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
        "ValidFrom": "Jan 07 2017 GMT",
        "ValidTo": "Apr 09 2027 GMT",
        "SerialNumber": "03 ",
        "SignatureAlgorithm": "sha256WithRSAEncryption",
        "KeyUsage": "Certificate Signing, CRL Sign",
        "PublicKeyLengthBits": 2048
      }
    ],
    "RootCert": {
      "IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
      "IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
      "ValidFrom": "Jan 07 2017 GMT",
      "ValidTo": "Apr 05 2028 GMT",
      "SerialNumber": "01 ",
      "SignatureAlgorithm": "sha256WithRSAEncryption",
      "KeyUsage": "Certificate Signing, CRL Sign",
      "PublicKeyLengthBits": 2048
    }
  },
  "LdapGroups": [
    {
      "MemberId": 0,
      "GroupName": "qwert",
      "GroupFolder": "admin",
      "GroupDomain": "CN=qwert,OU=admin,DC=,DC=com",
      "GroupRole": "Administrator",
      "GroupLoginRule": [
        {
          "@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/1"
        },
        {
          "@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/3"
        }
      ],
      "GroupLoginInterface": [
        "Web",
        "SSH",
        "Redfish"
      ]
    }
  ],
  "Actions": {
    "#HwLdapController.ImportCert": {
      "target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/HwLdapController.ImportCert",
      "@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCertActionInfo"
    },
    "#LdapController.ImportCrl": {
      "target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.ImportCrl",
      "@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCrlActionInfo"
    },
    "#LdapController.DeleteCrl": {
      "target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.DeleteCrl",
      "@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/DeleteCrlActionInfo"
    }
  }
}

响应码:200

PATCH

命令功能

修改具体域控制器的信息

说明

命令格式

URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id

请求头:


X-Auth-Token: 123456789***********************
Content-Type: header_type
If-Match: ifmatch_value

请求消息体:

json
{
  "LdapServerAddress": server_addr,
  "LdapPort": port,
  "UserDomain": domain,
  "BindDN": binddn,
  "BindPassword": bindpwd,
  "CertificateVerificationEnabled": enabled,
  "CertificateVerificationLevel": "Demand",
  "LdapGroups": [
    {
      "GroupName": group_name,
      "GroupFolder": group_folder,
      "GroupDomain": group_domain,
      "GroupRole": group_role,
      "GroupLoginRule": [
        Rule_id
      ],
      "GroupLoginInterface": [
        Inter_id
      ]
    }
  ]
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
member_id域控制器id通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个
server_addr域控制器地址可以是ipv4或者ipv6地址,也可以是一个域名
port域控制器端口号1到65535的数字
domain域控制器的用户域字符串类型,形如:CN=test,OU=testusers,DC=,DC=com
说明:其中"CN=test,OU=testusers"为用户应用文件夹名称,"DC=,DC=com"为域名
binddnLdap代理用户标识名字符串:0 ~ 255
bindpwdLdap代理用户的认证密码字符串:0 ~ 20
enabled证书开启使能布尔类型
Demand证书校验级别字符串,可选值["Demand","Allow"],仅在证书启用使能状态下生效
group_nameLdap用户组的组名字符串
说明:group_name值为null时表示删除该Group配置信息
group_folderLdap用户组的组文件夹字符串
group_domainLdap用户组的组域字符串类型,形如:CN=qwert,OU=admin,DC=,DC=com
group_roleLdap用户组的组角色字符串类型
rule_idLdap用户组的登录规则数组,数组中是字符串,可填多个,形如:["Rule1","Rule2","Rule3"]
inter_idLdap用户组的登录接口数组,数组中是字符串,可填多个

使用指南

使用实例

请求样例:

http
PATCH https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1

请求头:


X-Auth-Token: 123456789***********************
Content-Type: application/json
If-Match: W/"bc428df5"

请求消息体:

json
{
  "LdapServerAddress": "device_ip"
}

响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#HwLdapControllers.HwLdapControllers",
  "@odata.id": "/redfish/v1/AccountService/LdapService/LdapControllers/1",
  "@odata.type": "#HwLdapController.v1_0_0.HwLdapController",
  "Id": "1",
  "Name": "Ldap Controller",
  "LdapServerAddress": "device_ip",
  "LdapPort": 635,
  "UserDomain": "CN=test,,DC=,DC=com",
  "BindDN": "testname",
  "BindPassword": null,
  "CertificateInformation": {
    "IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
    "IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
    "ValidFrom": "Jan 07 2017 GMT",
    "ValidTo": "Jan 05 2027 GMT",
    "SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
    "SignatureAlgorithm": "sha256WithRSAEncryption",
    "KeyUsage": "Certificate Signing, CRL Sign",
    "PublicKeyLengthBits": 2048
  },
  "LdapGroups": [
    {
      "MemberId": 0,
      "GroupName": "qwert",
      "GroupFolder": "admin",
      "GroupDomain": "CN=qwert,OU=admin,DC=,DC=com",
      "GroupRole": "Administrator",
      "GroupLoginRule": [
        {
          "@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/1"
        },
        {
          "@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/3"
        }
      ],
      "GroupLoginInterface": [
        "Web",
        "SSH",
        "Redfish"
      ]
    }
  ],
  "Actions": {
    "#HwLdapController.ImportCert": {
      "target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/HwLdapController.ImportCert",
      "@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCertActionInfo"
    },
    "#LdapController.ImportCrl": {
      "target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.ImportCrl",
      "@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCrlActionInfo"
    },
    "#LdapController.DeleteCrl": {
      "target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.DeleteCrl",
      "@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/DeleteCrlActionInfo"
    }
  }
}

响应码:200

POST (ACTION)

ImportCert

命令功能

具体域控制器 Ldap 证书的导入

说明

此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。 自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务

命令格式

URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id/Actions/HwLdapController.ImportCert

请求头:


Content-Type: header_type
X-Auth-Token: 123456789***********************

请求消息体: 文本导入:

json
{
  "Type": "text",
  "Content": cert_text
}

本地导入:

json
{
  "Type": "URI",
  "Content": tmp_uri
}

远程导入:

json
{
  "Type": "URI",
  "Content": remote_uri
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
member_id域控制器Id通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个
cert_text证书文本证书的文本内容
tmp_uri证书本地路径证书的本地路径,/tmp/目录/文件名
remote_uri证书远程路径远程导入的路径,形如:sftp://user:password@ip/path;目前支持五种传输协议:https、scp、sftp、cifs、nfs

使用指南

使用实例

请求样例:

http
POST https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/HwLdapController.ImportCert

请求头:


Content-Type: application/json
X-Auth-Token: 123456789***********************

请求消息体: 文本导入:

json
{
  "Type": "text",
  "Content": ""
}

本地导入:

json
{
  "Type": "URI",
  "Content": "/tmp/ca.cer"
}

远程导入:

json
{
  "Type": "URI",
  "Content": "sftp://username:password@10.10.10.191/home/usr/server.cer"
}

文本和本地导入响应样例:

json
{
  "error": {
    "code": "Base.1.0.GeneralError",
    "message": "A general error has occurred. See ExtendedInfo for more information.",
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_0.Message",
        "MessageId": "iBMC.1.0.LDAPCertImportSuccess",
        "RelatedProperties": [],
        "Message": "The LDAP certificate is imported successfully.",
        "MessageArgs": [],
        "Severity": "OK",
        "Resolution": "None"
      }
    ]
  }
}

文本和本地导入响应码:200

远程导入响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
  "@odata.type": "#Task.v1_0_2.Task",
  "@odata.id": "/redfish/v1/TaskService/Tasks/1",
  "Id": "1",
  "Name": "ldap root cert import",
  "Description": "",
  "TaskState": "Running",
  "TaskStatus": "OK",
  "StartTime": "2018-11-01T07:35:15+09:00",
  "Messages": [],
  "PercentComplete": null,
  "Oem": {
    "Public": {
      "TaskPercentage": null
    }
  }
}

远程导入响应码:200

POST (ACTION)

ImportCrl

命令功能

具体域控制器 Ldap 服务器证书吊销列表导入

说明

此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。 自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务

仅支持导入Base64编码格式的证书吊销列表。

命令格式

URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id/Actions/LdapController.ImportCrl

请求头:


Content-Type: header_type
X-Auth-Token: 123456789***********************

请求消息体: 文本导入:

json
{
  "Type": "text",
  "Content": crl_text
}

本地导入:

json
{
  "Type": "URI",
  "Content": tmp_uri
}

远程导入:

json
{
  "Type": "URI",
  "Content": remote_uri
}

请求头参数说明

参见 请求头参数说明

请求体参数说明

参数参数说明取值
member_id域控制器Id通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个
crl_text证书吊销列表文本吊销列表文件的文本内容
tmp_uri证书吊销列表的本地路径证书的本地路径,/tmp/目录/文件名,文件拓展名必须是".crl"
remote_uri证书吊销列表的远程路径远程导入的路径,形如:sftp://user:password@ip/path;目前支持五种传输协议:https、scp、sftp、cifs、nfs,远程文件的扩展名必须是".crl"

使用指南

使用实例

请求样例:

http
POST https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.ImportCrl

请求头:


Content-Type: application/json
X-Auth-Token: 123456789***********************

请求消息体: 文本导入:

json
{
  "Type": "text",
  "Content": ""
}

本地导入:

json
{
  "Type": "URI",
  "Content": "/tmp/ca.crl"
}

远程导入:

json
{
  "Type": "URI",
  "Content": "sftp://username:password@10.10.10.191/home/usr/ca.crl"
}

文本和本地导入响应样例:

json
{
  "error": {
    "code": "Base.1.0.GeneralError",
    "message": "A general error has occurred. See ExtendedInfo for more information.",
    "@Message.ExtendedInfo": [
      {
        "@odata.type": "#Message.v1_0_0.Message",
        "MessageId": "Base.1.0.Success",
        "RelatedProperties": [],
        "Message": "Successfully Completed Request",
        "MessageArgs": [],
        "Severity": "OK",
        "Resolution": "None"
      }
    ]
  }
}

文本和本地导入响应码:200

远程导入响应样例:

json
{
  "@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
  "@odata.type": "#Task.v1_0_2.Task",
  "@odata.id": "/redfish/v1/TaskService/Tasks/1",
  "Id": "1",
  "Name": "ldap crl import",
  "Description": "",
  "TaskState": "Running",
  "TaskStatus": "OK",
  "StartTime": "2019-12-01T07:35:15+09:00",
  "Messages": [],
  "PercentComplete": null,
  "Oem": {
    "Public": {
      "TaskPercentage": null
    }
  }
}

远程导入响应码:200