EMC ViPR REST API

Search (SHIFT+S)

API Reference


Create Provider

POST /vdc/admin/authnproviders

Create an authentication provider. The submitted provider element values will be validated.

The minimal set of parameters include: mode, server_urls, manager_dn, manager_password, domains, search_base, search_filter and group_attribute


Required Roles

  • SECURITY_ADMIN

Request Payload

All parameters are required unless otherwise stated.

Field Description Type Notes
<authnprovider_create>
<tenants_synchronization_options>
<tenants_synchronization_option> String 0-* Elements
</tenants_synchronization_options>
<server_urls>
<server_url> String 0-* Elements
</server_urls>
<domains>
<domain> String 0-* Elements
</domains>
<group_whitelist_values>
<group_whitelist_value> String 0-* Elements
</group_whitelist_values>
<group_object_classes>
<group_object_class> String 0-* Elements
</group_object_classes>
<group_member_attributes>
<group_member_attribute> String 0-* Elements
</group_member_attributes>
<mode> String
<name> String Valid Values:
  •  Length: 2..128
<description> String
<disable> Boolean
<autoreg_coprhd_import_osprojects> Boolean
<manager_dn> String
<manager_password> String
<search_base> String
<search_filter> String
<search_scope> String
<group_attribute> String
<max_page_size> Integer
<validate_certificates> Boolean
</authnprovider_create>

Response Body

Newly created provider details as AuthnProviderRestRep

Field Description Type Notes
<authnprovider>
<description> Description of the provider String
<disable> Specifies if a provider is disabled or enabled. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. Boolean
<autoreg_coprhd_import_osprojects> Specifies if OpenStack Projects will be auto-registered as Tenants in CoprHD. Boolean
<tenants_synchronization_options>
<tenants_synchronization_option> String 0-* Elements
</tenants_synchronization_options>
<domains>
<domain> String 0-* Elements
</domains>
<group_attribute> Attribute for group search. This is the attribute name that will be used to represent group membership. String
<group_whitelist_values>
<group_whitelist_value> String 0-* Elements
</group_whitelist_values>
<manager_dn> Distinguished Name for the bind user. String
<max_page_size> Maximum number of results that the LDAP server will return on a single page. Valid value: Value must be greater than 0 and cannot be higher than the max page size configured on LDAP server. Integer
<mode> String
<search_base> Search base from which the LDAP search will start when authenticating users. See also: search_scope String
<search_filter> Key value pair representing the search filter criteria. user. %u is user@company.com) String
<search_scope> In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. Valid values: ONELEVEL = The search will start at the search_base location and continue up to one level deep SUBTREE = The search will start at the search_base location and continue through the entire tree String
<server_urls>
<server_url> String 0-* Elements
</server_urls>
<group_object_classes> Attribute for group's objectClass search. This is the attribute name that will be used to represent group's name.
<group_object_class> String 0-* Elements
</group_object_classes>
<group_member_attributes> Attribute for group's member search. This is the attribute name that will be used to represent group members.
<group_member_attribute> String 0-* Elements
</group_member_attributes>
<name> The name assigned to this resource in ViPR. The resource name is set by a user and can be changed at any time. It is not a unique identifier. String
<id> An identifier that is generated by ViPR when the resource is created. The resource ID is guaranteed to be unique and immutable across all virtual data centers for all time. URI
<link> A hyperlink to the details for this resource
<creation_time> A timestamp that shows when this resource was created in ViPR DateTime
<tags> Keywords and labels that can be added by a user to a resource to make it easy to find when doing a search.
<tag> String 0-* Elements
</tags>
<inactive> Whether or not the resource is inactive. When a user removes a resource, the resource is put in this state before it is removed from the ViPR database. Boolean
<global> Boolean
<remote> Boolean
<vdc>    
<id> ViPR ID of the related object URI
<link> A hyperlink to the related object
</vdc>      
<internal> Whether or not the resource is an internal resource. Boolean
</authnprovider>

Examples

Request
POST https://192.168.0.0:4443/vdc/admin/authnproviders HTTP/1.1

Content-Type: application/xml
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>

<authnprovider_create>
  <name>ad configuration</name> 
  <mode>ad</mode>  
  <server_urls>
       <server_url>ldap://192.168.0.10</server_url>
  </server_urls> 
  <domains>
       <domain>mycompany.com</domain>
  </domains>
  <group_whitelist_values>
       <group_whitelist_value>*Admin*</group_whitelist_value>
  </group_whitelist_values> 
  <search_filter>userPrincipalName=%u</search_filter> 
  <search_attribute_key>userPrincipalName</search_attribute_key>
  <search_base>CN=Users,DC=mycompany,DC=com</search_base> 
  <manager_dn>CN=Administrator,CN=Users,DC=mycompany,DC=com</manager_dn>
  <manager_password>password</manager_password>
  <search_scope>SUBTREE</search_scope>
  <group_attribute>CN</group_attribute>
</authnprovider_create>
Response
HTTP/1.1 200 OK
Content-Type: application/xml

<authnprovider>
	<name>ad configuration</name>
	<id>urn:storageos:AuthnProvider:376238bf-dc31-43ee-850b-ef49a15f5c49:</id>
	<link "rel" "self","href":"/vdc/admin/authnproviders/urn:storageos:AuthnProvider:376238bf-dc31-43ee-850b-ef49a15f5c49:</link>
	<inactive>false</inactive>
	</tags>
	<mode>ad</mode>
	<domains>mycompany.com</domains>
	<disable>false</disable>
	<creation_time>1379087030417</creation_time>
	<search_filter>userPrincipalName=%u</search_filter>
	<search_base>CN=Users,DC=mycompany,DC=com<s/earch_base>
	<search_attribute_key>userPrincipalName</search_attribute_key>
	<manager_dn>CN=Administrator,CN=Users,DC=mycompany,DC=com</manager_dn>
	<group_attribute>CN</group_attribute>
	<server_urls>ldap://192.168.0.10</group_attribute>
	<group_whitelist_values>*Admin*<group_whitelist_values>
	<search_scope>SUBTREE</search_scope>
</authnprovider>