POST /command/ldap/update

Replace an existing directory service connection's settings. Authentication and appropriate permissions are required.

This endpoint updates an existing LDAP connection. To create a connection, use POST /command/ldap/create. To test a connection, use POST /command/ldap/test. To remove a connection, use POST /command/ldap/delete.

Request format

When Forming RBAC API requests to this endpoint, the content type is application/json. The body must be a JSON object containing the ID of the directory service connection you want to modify and the connection's settings.

Your request body must contain the connection's ID, all required settings, and any previously-configured optional settings, including settings you aren't changing. Omitting a setting resets it to the default value (if any) or assigns a null value. For information about required and optional values refer to External directory settings and POST /command/ldap/create.

Use GET /ldap or GET /ldap/<id> to retrieve the connection's complete settings object and use it as a template for your

POST
                    /command/ldap/update

request. This helps avoid accidentally omitting a setting.

Request example:

curl -X POST "https://$(puppet config print server):4433/rbac-api/v1/command/ldap/update" \
-H "X-Authentication:$(puppet-access show)" \
-H "Content-type: application/json" \
-d '{"id": "e97188aa-9573-413b-945e-07f5f261613e",
    "help_link": "https://example.com/login-help.html",
    "ssl": true,
    "group_name_attr": "name",
    "group_rdn": null,
    "connect_timeout": 15,
    "user_display_name_attr": "cn",
    "disable_ldap_matching_rule_in_chain": false,
    "ssl_hostname_validation": true,
    "hostname": "ldap.example.com",
    "base_dn": "dc=example,dc=com",
    "user_lookup_attr": "uid",
    "port": 636,
    "login": "cn=pe-orch,ou=service,ou=users,dc=example,dc=com",
    "password": "somepassword",
    "group_lookup_attr": "cn",
    "group_member_attr": "uniqueMember",
    "ssl_wildcard_validation": false,
    "user_email_attr": "mail",
    "user_rdn": "ou=users",
    "group_object_class": "groupOfUniqueNames",
    "display_name": "ldap.example.com",
    "search_nested_groups": true,
    "start_tls": false}'

Response format

A successful request returns 200 OK with an object showing the updated connection settings. For example:

{
  "id": "e97188aa-9573-413b-945e-07f5f261613e",
  "help_link": "https://example.com/login-help.html",
  "ssl": true,
  "group_name_attr": "name",
  "group_rdn": null,
  "connect_timeout": 15,
  "user_display_name_attr": "cn",
  "disable_ldap_matching_rule_in_chain": false,
  "ssl_hostname_validation": true,
  "hostname": "ldap.example.com",
  "base_dn": "dc=example,dc=com",
  "user_lookup_attr": "uid",
  "port": 636,
  "login": "cn=pe-orch,ou=service,ou=users,dc=example,dc=com",
  "group_lookup_attr": "cn",
  "group_member_attr": "uniqueMember",
  "ssl_wildcard_validation": false,
  "user_email_attr": "mail",
  "user_rdn": "ou=users",
  "group_object_class": "groupOfUniqueNames",
  "display_name": "ldap.example.com",
  "search_nested_groups": true,
  "start_tls": false
}

If there is no match for the given ID, the response is 404 Not Found.

If you don't have permission to modify LDAP connection settings, the response is 403 Not Permitted.

A malformed request, such as omitting a required setting, returns 400 with a schema failure.

For other errors, refer to RBAC service errors .