POST /command/ldap/test

Test a directory service connection based on supplied settings. Authentication and appropriate permissions are required.

Request format

When Forming RBAC API requests to this endpoint, the content type is application/json. The body must be a JSON object using all directory service setting keys. For information about each setting, refer to External directory settings.

If an LDAP connection already exists, use GET /ldap or GET /ldap/<id> to retrieve the current settings object and use it as a template for your POST /command/ldap/test request. The id key is ignored if you include it in your request.

Request example:

curl -X POST "https://$(puppet config print server):4433/rbac-api/v1/command/ldap/test" \
-H "X-Authentication: 0F4DITVB7HP3z8YnD95kx1W1jY0z5Pnc3ixB5uGAXzLY" \
-H "Content-type: application/json" \
-d '{"help_link": "https://example.com/login-help.html",
    "ssl": true,
    "group_name_attr": "name",
    "group_rdn": null,
    "connect_timeout": 15,
    "user_display_name_attr": "cn",
    "disable_ldap_matching_rule_in_chain": false,
    "ssl_hostname_validation": true,
    "hostname": "ldap.example.com",
    "base_dn": "dc=example,dc=com",
    "user_lookup_attr": "uid",
    "port": 636,
    "login": "cn=pe-orch,ou=service,ou=users,dc=example,dc=com",
    "group_lookup_attr": "cn",
    "group_member_attr": "uniqueMember",
    "ssl_wildcard_validation": false,
    "user_email_attr": "mail",
    "user_rdn": "ou=users",
    "group_object_class": "groupOfUniqueNames",
    "display_name": "ldap.example.com",
    "search_nested_groups": true,
    "start_tls": false}'

Response format

If the test succeeds, the endpoint returns 200 OK and a JSON object containing the elapsed time in seconds, for example: {"elapsed": 10}.

If the test fails, the endpoints returns 200 OK and a body containing the elapsed time and an error key, for example: {"elapsed": 20, "error": "..."}.

If you're satisfied with the test results, you can use POST /command/ldap/create or POST /command/ldap/update to apply these settings to an actual LDAP connection.

If the test can't run, the endpoint returns:

  • 403 Not Permitted if you don't have appropriate permissions.
  • 400 if the request is malformed.
  • Other errors as described in RBAC service errors .