ResourceDefinition
uris
/redfish/v1/AccountService/LdapService/LdapControllers/{member_id}
properties
| 名称 | 类型 | 是否只读 | 取值范围/枚举值 | 说明 |
|---|---|---|---|---|
| @odata.context | string | true | - | Ldap资源模型的OData描述信息 |
| @odata.id | string | true | - | Ldap资源节点的访问路径 |
| @odata.type | string | true | - | Ldap资源类型 |
| Id | string | true | - | Ldap资源的ID |
| Name | string | true | - | Ldap资源的名称 |
| LdapServerAddress | string | false | - | 域控制器的地址 |
| LdapPort | number | false | - | 域控制器的端口号 |
| UserDomain | string | false | - | 域控制器的用户域 |
| BindDN | string | false | - | Ldap代理用户标识名 |
| BindPassword | string | false | - | Ldap代理用户的认证密码 |
| CertificateVerificationEnabled | boolean | false | true,false | 证书启用的使能 |
| CertificateVerificationLevel | string | false | Demand,Allow | 证书校验级别,仅在证书启用使能状态下生效 |
| CertificateInformation | object | true | - | 证书信息: ● IssueBy:证书的颁发者 ● IssueTo:证书的使用者 ● ValidFrom:证书的开始时间 ● ValidTo:证书的结束时间 ● SerialNumber:证书的序列号 ● SignatureAlgorithm:证书的签名算法 ● KeyUsage:证书的使用方法 ● PublicKeyLengthBits:证书的公钥长度 ● IsImportCrl:吊销列表是否存在 ● CrlValidFrom:吊销列表起始时间 ● CrlValidTo:吊销列表结束时间 |
| CertificateChainInformation | object | true | - | 证书链信息: ● ServerCert:服务器证书 ● IntermediateCert:中间证书 ● RootCert:根证书 |
| LdapGroups | array | false | - | Ldap用户组 |
| MemberId | number | true | - | 用户组id |
| GroupName | string | false | - | 用户组组名 |
| GroupFolder | string | false | - | 用户组组文件夹 |
| GroupDomain | string | false | - | 用户组组域 |
| GroupRole | string | false | - | 用户组角色 |
| GroupLoginRule | array | false | - | 用户组登录规则,每一项为对象,对象中属性: ● @odata.id:具体登录规则的路径 |
| GroupLoginInterface | array | false | - | 登录接口,每一项为字符串 |
| Actions | object | true | - | 域控制器资源可执行的操作 |
| #HwLdapController.ImportCert | object | true | - | 导入证书操作 |
| #HwLdapController.ImportCert.target | string | true | - | 导入证书操作的路径 |
| #HwLdapController.ImportCert.@Redfish.ActionInfo | string | true | - | 导入证书操作的查询路径 |
| #LdapController.ImportCrl | object | true | - | 导入服务器证书吊销列表操作 |
| #LdapController.ImportCrl.target | string | true | - | 导入服务器证书吊销列表操作的路径 |
| #LdapController.ImportCrl.@Redfish.ActionInfo | string | true | - | 导入服务器证书吊销列表操作的查询路径 |
| #LdapController.DeleteCrl | object | true | - | 删除服务器证书吊销列表操作 |
| #LdapController.DeleteCrl.target | string | true | - | 删除服务器证书吊销列表操作的路径 |
| #LdapController.DeleteCrl.@Redfish.ActionInfo | string | true | - | 删除服务器证书吊销列表操作的查询路径 |
supported_methods
- GET
- PATCH
- POST
HTTP methods
GET
命令功能
查询具体域控制器的信息
说明
无
命令格式
URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id
请求头:
X-Auth-Token: 123456789***********************请求消息体: 无
参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| device_ip | 登录设备的IP地址 | IPv4或IPv6地址 |
| auth_value | 执行该GET请求时,必须在"Headers"中携带"X-Auth-Token"值用于鉴权 | 可通过/redfish/v1/SessionService/Sessions创建会话时获得 |
| member_id | 域控制器Id | 通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个 |
使用指南
无
使用实例
请求样例:
GET https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1请求头:
X-Auth-Token: 123456789***********************请求消息体:无
响应样例:
{
"@odata.context": "/redfish/v1/$metadata#HwLdapControllers.HwLdapControllers",
"@odata.id": "/redfish/v1/AccountService/LdapService/LdapControllers/1",
"@odata.type": "#HwLdapController.v1_0_0.HwLdapController",
"Id": "1",
"Name": "Ldap Controller",
"LdapServerAddress": "device_ip",
"LdapPort": 635,
"UserDomain": "CN=test,,DC=,DC=com",
"BindDN": "testname",
"BindPassword": null,
"CertificateVerificationEnabled": false,
"CrlVerificationEnabled": false,
"CrlValidFrom": null,
"CrlValidTo": null,
"CertificateVerificationLevel": "Demand",
"CertificateInformation": {
"IssueBy": "CN=Second_ca, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"IssueTo": "CN=ibmc.com, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"ValidFrom": "Jan 07 2017 GMT",
"ValidTo": "Jan 05 2027 GMT",
"SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
"SignatureAlgorithm": "sha256WithRSAEncryption",
"KeyUsage": "Certificate Signing, CRL Sign",
"PublicKeyLengthBits": 2048
},
"CertificateChainInformation": {
"ServerCert": {
"IssueBy": "CN=Second_ca, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"IssueTo": "CN=ibmc.com, OU= IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"ValidFrom": "Jan 07 2017 GMT",
"ValidTo": "Jan 05 2027 GMT",
"SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
"SignatureAlgorithm": "sha256WithRSAEncryption",
"KeyUsage": "Certificate Signing, CRL Sign",
"PublicKeyLengthBits": 2048
},
"IntermediateCert": [
{
"IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"ValidFrom": "Jan 07 2017 GMT",
"ValidTo": "Apr 09 2027 GMT",
"SerialNumber": "03 ",
"SignatureAlgorithm": "sha256WithRSAEncryption",
"KeyUsage": "Certificate Signing, CRL Sign",
"PublicKeyLengthBits": 2048
}
],
"RootCert": {
"IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"ValidFrom": "Jan 07 2017 GMT",
"ValidTo": "Apr 05 2028 GMT",
"SerialNumber": "01 ",
"SignatureAlgorithm": "sha256WithRSAEncryption",
"KeyUsage": "Certificate Signing, CRL Sign",
"PublicKeyLengthBits": 2048
}
},
"LdapGroups": [
{
"MemberId": 0,
"GroupName": "qwert",
"GroupFolder": "admin",
"GroupDomain": "CN=qwert,OU=admin,DC=,DC=com",
"GroupRole": "Administrator",
"GroupLoginRule": [
{
"@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/1"
},
{
"@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/3"
}
],
"GroupLoginInterface": [
"Web",
"SSH",
"Redfish"
]
}
],
"Actions": {
"#HwLdapController.ImportCert": {
"target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/HwLdapController.ImportCert",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCertActionInfo"
},
"#LdapController.ImportCrl": {
"target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.ImportCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCrlActionInfo"
},
"#LdapController.DeleteCrl": {
"target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.DeleteCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/DeleteCrlActionInfo"
}
}
}响应码:200
PATCH
命令功能
修改具体域控制器的信息
说明
无
命令格式
URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id
请求头:
X-Auth-Token: 123456789***********************
Content-Type: header_type
If-Match: ifmatch_value请求消息体:
{
"LdapServerAddress": server_addr,
"LdapPort": port,
"UserDomain": domain,
"BindDN": binddn,
"BindPassword": bindpwd,
"CertificateVerificationEnabled": enabled,
"CertificateVerificationLevel": "Demand",
"LdapGroups": [
{
"GroupName": group_name,
"GroupFolder": group_folder,
"GroupDomain": group_domain,
"GroupRole": group_role,
"GroupLoginRule": [
Rule_id
],
"GroupLoginInterface": [
Inter_id
]
}
]
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| member_id | 域控制器id | 通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个 |
| server_addr | 域控制器地址 | 可以是ipv4或者ipv6地址,也可以是一个域名 |
| port | 域控制器端口号 | 1到65535的数字 |
| domain | 域控制器的用户域 | 字符串类型,形如:CN=test,OU=testusers,DC=,DC=com 说明:其中"CN=test,OU=testusers"为用户应用文件夹名称,"DC=,DC=com"为域名 |
| binddn | Ldap代理用户标识名 | 字符串:0 ~ 255 |
| bindpwd | Ldap代理用户的认证密码 | 字符串:0 ~ 20 |
| enabled | 证书开启使能 | 布尔类型 |
| Demand | 证书校验级别 | 字符串,可选值["Demand","Allow"],仅在证书启用使能状态下生效 |
| group_name | Ldap用户组的组名 | 字符串 说明:group_name值为null时表示删除该Group配置信息 |
| group_folder | Ldap用户组的组文件夹 | 字符串 |
| group_domain | Ldap用户组的组域 | 字符串类型,形如:CN=qwert,OU=admin,DC=,DC=com |
| group_role | Ldap用户组的组角色 | 字符串类型 |
| rule_id | Ldap用户组的登录规则 | 数组,数组中是字符串,可填多个,形如:["Rule1","Rule2","Rule3"] |
| inter_id | Ldap用户组的登录接口 | 数组,数组中是字符串,可填多个 |
使用指南
无
使用实例
请求样例:
PATCH https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1请求头:
X-Auth-Token: 123456789***********************
Content-Type: application/json
If-Match: W/"bc428df5"请求消息体:
{
"LdapServerAddress": "device_ip"
}响应样例:
{
"@odata.context": "/redfish/v1/$metadata#HwLdapControllers.HwLdapControllers",
"@odata.id": "/redfish/v1/AccountService/LdapService/LdapControllers/1",
"@odata.type": "#HwLdapController.v1_0_0.HwLdapController",
"Id": "1",
"Name": "Ldap Controller",
"LdapServerAddress": "device_ip",
"LdapPort": 635,
"UserDomain": "CN=test,,DC=,DC=com",
"BindDN": "testname",
"BindPassword": null,
"CertificateInformation": {
"IssueBy": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"IssueTo": "CN=xxx, OU=IT, O=xxx, L=ShenZhen, S=GuangDong, C=CN",
"ValidFrom": "Jan 07 2017 GMT",
"ValidTo": "Jan 05 2027 GMT",
"SerialNumber": "e8 ff d7 e0 21 a3 01 96 ",
"SignatureAlgorithm": "sha256WithRSAEncryption",
"KeyUsage": "Certificate Signing, CRL Sign",
"PublicKeyLengthBits": 2048
},
"LdapGroups": [
{
"MemberId": 0,
"GroupName": "qwert",
"GroupFolder": "admin",
"GroupDomain": "CN=qwert,OU=admin,DC=,DC=com",
"GroupRole": "Administrator",
"GroupLoginRule": [
{
"@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/1"
},
{
"@odata.id": "/redfish/v1/Managers/Blade8#/Oem/Public/LoginRule/3"
}
],
"GroupLoginInterface": [
"Web",
"SSH",
"Redfish"
]
}
],
"Actions": {
"#HwLdapController.ImportCert": {
"target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/HwLdapController.ImportCert",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCertActionInfo"
},
"#LdapController.ImportCrl": {
"target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.ImportCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/ImportCrlActionInfo"
},
"#LdapController.DeleteCrl": {
"target": "/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.DeleteCrl",
"@Redfish.ActionInfo": "/redfish/v1/AccountService/LdapService/LdapControllers/1/DeleteCrlActionInfo"
}
}
}响应码:200
POST (ACTION)
ImportCert
命令功能
具体域控制器 Ldap 证书的导入
说明
此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。 自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务
命令格式
URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id/Actions/HwLdapController.ImportCert
请求头:
Content-Type: header_type
X-Auth-Token: 123456789***********************请求消息体: 文本导入:
{
"Type": "text",
"Content": cert_text
}本地导入:
{
"Type": "URI",
"Content": tmp_uri
}远程导入:
{
"Type": "URI",
"Content": remote_uri
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| member_id | 域控制器Id | 通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个 |
| cert_text | 证书文本 | 证书的文本内容 |
| tmp_uri | 证书本地路径 | 证书的本地路径,/tmp/目录/文件名 |
| remote_uri | 证书远程路径 | 远程导入的路径,形如:sftp://user:password@ip/path;目前支持五种传输协议:https、scp、sftp、cifs、nfs |
使用指南
无
使用实例
请求样例:
POST https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/HwLdapController.ImportCert请求头:
Content-Type: application/json
X-Auth-Token: 123456789***********************请求消息体: 文本导入:
{
"Type": "text",
"Content": ""
}本地导入:
{
"Type": "URI",
"Content": "/tmp/ca.cer"
}远程导入:
{
"Type": "URI",
"Content": "sftp://username:password@10.10.10.191/home/usr/server.cer"
}文本和本地导入响应样例:
{
"error": {
"code": "Base.1.0.GeneralError",
"message": "A general error has occurred. See ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"MessageId": "iBMC.1.0.LDAPCertImportSuccess",
"RelatedProperties": [],
"Message": "The LDAP certificate is imported successfully.",
"MessageArgs": [],
"Severity": "OK",
"Resolution": "None"
}
]
}
}文本和本地导入响应码:200
远程导入响应样例:
{
"@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
"@odata.type": "#Task.v1_0_2.Task",
"@odata.id": "/redfish/v1/TaskService/Tasks/1",
"Id": "1",
"Name": "ldap root cert import",
"Description": "",
"TaskState": "Running",
"TaskStatus": "OK",
"StartTime": "2018-11-01T07:35:15+09:00",
"Messages": [],
"PercentComplete": null,
"Oem": {
"Public": {
"TaskPercentage": null
}
}
}远程导入响应码:200
POST (ACTION)
ImportCrl
命令功能
具体域控制器 Ldap 服务器证书吊销列表导入
说明
此资源已经废弃,仅供兼容性用途使用。建议使用redfish/v1/CertificateService接口进行CA证书/吊销列表管理。 自BMC300 5.2.0.1版本后CA证书升级为资源池,所有BMC业务共用资源池中的CA证书,此接口导入证书会影响到其他包含根证书的接口。共用CA证书业务包括:Syslog、SMTP、LDAP、SSL证书自动更新、远程HTTPS服务器、双因素登录业务
仅支持导入Base64编码格式的证书吊销列表。
命令格式
URL: https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/member_id/Actions/LdapController.ImportCrl
请求头:
Content-Type: header_type
X-Auth-Token: 123456789***********************请求消息体: 文本导入:
{
"Type": "text",
"Content": crl_text
}本地导入:
{
"Type": "URI",
"Content": tmp_uri
}远程导入:
{
"Type": "URI",
"Content": remote_uri
}请求头参数说明
参见 请求头参数说明
请求体参数说明
| 参数 | 参数说明 | 取值 |
|---|---|---|
| member_id | 域控制器Id | 通过/redfish/v1/AccountService/LdapService/LdapControllers获取的信息中Members属性中的一个 |
| crl_text | 证书吊销列表文本 | 吊销列表文件的文本内容 |
| tmp_uri | 证书吊销列表的本地路径 | 证书的本地路径,/tmp/目录/文件名,文件拓展名必须是".crl" |
| remote_uri | 证书吊销列表的远程路径 | 远程导入的路径,形如:sftp://user:password@ip/path;目前支持五种传输协议:https、scp、sftp、cifs、nfs,远程文件的扩展名必须是".crl" |
使用指南
无
使用实例
请求样例:
POST https://device_ip/redfish/v1/AccountService/LdapService/LdapControllers/1/Actions/LdapController.ImportCrl请求头:
Content-Type: application/json
X-Auth-Token: 123456789***********************请求消息体: 文本导入:
{
"Type": "text",
"Content": ""
}本地导入:
{
"Type": "URI",
"Content": "/tmp/ca.crl"
}远程导入:
{
"Type": "URI",
"Content": "sftp://username:password@10.10.10.191/home/usr/ca.crl"
}文本和本地导入响应样例:
{
"error": {
"code": "Base.1.0.GeneralError",
"message": "A general error has occurred. See ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"MessageId": "Base.1.0.Success",
"RelatedProperties": [],
"Message": "Successfully Completed Request",
"MessageArgs": [],
"Severity": "OK",
"Resolution": "None"
}
]
}
}文本和本地导入响应码:200
远程导入响应样例:
{
"@odata.context": "/redfish/v1/$metadata#TaskService/Tasks/Members/$entity",
"@odata.type": "#Task.v1_0_2.Task",
"@odata.id": "/redfish/v1/TaskService/Tasks/1",
"Id": "1",
"Name": "ldap crl import",
"Description": "",
"TaskState": "Running",
"TaskStatus": "OK",
"StartTime": "2019-12-01T07:35:15+09:00",
"Messages": [],
"PercentComplete": null,
"Oem": {
"Public": {
"TaskPercentage": null
}
}
}远程导入响应码:200