
Create an authentication provider. The submitted provider element values will be validated.
The minimal set of parameters include: mode, server_urls, manager_dn, manager_password, domains, search_base, search_filter and group_attribute
All parameters are required unless otherwise stated.
Field | Description | Type | Notes |
<authnprovider_create> | |||
<tenants_synchronization_options> | |||
<tenants_synchronization_option> | String |
0-* Elements |
|
</tenants_synchronization_options> | |||
<server_urls> | |||
<server_url> | String |
0-* Elements |
|
</server_urls> | |||
<domains> | |||
<domain> | String |
0-* Elements |
|
</domains> | |||
<group_whitelist_values> | |||
<group_whitelist_value> | String |
0-* Elements |
|
</group_whitelist_values> | |||
<group_object_classes> | |||
<group_object_class> | String |
0-* Elements |
|
</group_object_classes> | |||
<group_member_attributes> | |||
<group_member_attribute> | String |
0-* Elements |
|
</group_member_attributes> | |||
<mode> | String | ||
<name> | String |
Valid Values:
|
|
<description> | String | ||
<disable> | Boolean | ||
<autoreg_coprhd_import_osprojects> | Boolean | ||
<manager_dn> | String | ||
<manager_password> | String | ||
<search_base> | String | ||
<search_filter> | String | ||
<search_scope> | String | ||
<group_attribute> | String | ||
<max_page_size> | Integer | ||
<validate_certificates> | Boolean | ||
</authnprovider_create> |
Newly created provider details as AuthnProviderRestRep
Field | Description | Type | Notes |
<authnprovider> | |||
<description> | Description of the provider | String | |
<disable> | Specifies if a provider is disabled or enabled. During the operation of the system, a disabled provider will exist but not be considered when authenticating principals. | Boolean | |
<autoreg_coprhd_import_osprojects> | Specifies if OpenStack Projects will be auto-registered as Tenants in CoprHD. | Boolean | |
<tenants_synchronization_options> | |||
<tenants_synchronization_option> | String |
0-* Elements |
|
</tenants_synchronization_options> | |||
<domains> | |||
<domain> | String |
0-* Elements |
|
</domains> | |||
<group_attribute> | Attribute for group search. This is the attribute name that will be used to represent group membership. | String | |
<group_whitelist_values> | |||
<group_whitelist_value> | String |
0-* Elements |
|
</group_whitelist_values> | |||
<manager_dn> | Distinguished Name for the bind user. | String | |
<max_page_size> | Maximum number of results that the LDAP server will return on a single page. Valid value: Value must be greater than 0 and cannot be higher than the max page size configured on LDAP server. | Integer | |
<mode> | String | ||
<search_base> | Search base from which the LDAP search will start when authenticating users. See also: search_scope | String | |
<search_filter> | Key value pair representing the search filter criteria. user. %u is user@company.com) | String | |
<search_scope> | In conjunction with the search_base, the search_scope indicates how many levels below the base the search can continue. Valid values: ONELEVEL = The search will start at the search_base location and continue up to one level deep SUBTREE = The search will start at the search_base location and continue through the entire tree | String | |
<server_urls> | |||
<server_url> | String |
0-* Elements |
|
</server_urls> | |||
<group_object_classes> | Attribute for group's objectClass search. This is the attribute name that will be used to represent group's name. | ||
<group_object_class> | String |
0-* Elements |
|
</group_object_classes> | |||
<group_member_attributes> | Attribute for group's member search. This is the attribute name that will be used to represent group members. | ||
<group_member_attribute> | String |
0-* Elements |
|
</group_member_attributes> | |||
<name> | The name assigned to this resource in ViPR. The resource name is set by a user and can be changed at any time. It is not a unique identifier. | String | |
<id> | An identifier that is generated by ViPR when the resource is created. The resource ID is guaranteed to be unique and immutable across all virtual data centers for all time. | URI | |
<link> | A hyperlink to the details for this resource | ||
<creation_time> | A timestamp that shows when this resource was created in ViPR | DateTime | |
<tags> | Keywords and labels that can be added by a user to a resource to make it easy to find when doing a search. | ||
<tag> | String |
0-* Elements |
|
</tags> | |||
<inactive> | Whether or not the resource is inactive. When a user removes a resource, the resource is put in this state before it is removed from the ViPR database. | Boolean | |
<global> | Boolean | ||
<remote> | Boolean | ||
<vdc> | |||
<id> | ViPR ID of the related object | URI | |
<link> | A hyperlink to the related object | ||
</vdc> | |||
<internal> | Whether or not the resource is an internal resource. | Boolean | |
</authnprovider> |
POST https://192.168.0.0:4443/vdc/admin/authnproviders HTTP/1.1 Content-Type: application/xml X-SDS-AUTH-TOKEN: <AUTH_TOKEN> <authnprovider_create> <name>ad configuration</name> <mode>ad</mode> <server_urls> <server_url>ldap://192.168.0.10</server_url> </server_urls> <domains> <domain>mycompany.com</domain> </domains> <group_whitelist_values> <group_whitelist_value>*Admin*</group_whitelist_value> </group_whitelist_values> <search_filter>userPrincipalName=%u</search_filter> <search_attribute_key>userPrincipalName</search_attribute_key> <search_base>CN=Users,DC=mycompany,DC=com</search_base> <manager_dn>CN=Administrator,CN=Users,DC=mycompany,DC=com</manager_dn> <manager_password>password</manager_password> <search_scope>SUBTREE</search_scope> <group_attribute>CN</group_attribute> </authnprovider_create>
HTTP/1.1 200 OK Content-Type: application/xml <authnprovider> <name>ad configuration</name> <id>urn:storageos:AuthnProvider:376238bf-dc31-43ee-850b-ef49a15f5c49:</id> <link "rel" "self","href":"/vdc/admin/authnproviders/urn:storageos:AuthnProvider:376238bf-dc31-43ee-850b-ef49a15f5c49:</link> <inactive>false</inactive> </tags> <mode>ad</mode> <domains>mycompany.com</domains> <disable>false</disable> <creation_time>1379087030417</creation_time> <search_filter>userPrincipalName=%u</search_filter> <search_base>CN=Users,DC=mycompany,DC=com<s/earch_base> <search_attribute_key>userPrincipalName</search_attribute_key> <manager_dn>CN=Administrator,CN=Users,DC=mycompany,DC=com</manager_dn> <group_attribute>CN</group_attribute> <server_urls>ldap://192.168.0.10</group_attribute> <group_whitelist_values>*Admin*<group_whitelist_values> <search_scope>SUBTREE</search_scope> </authnprovider>