GET /ldap

Get details of configured LDAP connections. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, the request is a basic call with authentication, for example:

curl "https://$(puppet config print server):4433/rbac-api/v2/ldap" -H "X-Authentication:$(puppet-access show)"

Response format

A successful request returns an array of objects in which each object represents one LDAP server's External directory settings. For example, this response contains information for one LDAP server:

[
  {
    "help_link": "",
    "ssl": false,
    "group_name_attr": "name",
    "group_rdn": "ou=groups",
    "connect_timeout": 10,
    "user_display_name_attr": "*",
    "disable_ldap_matching_rule_in_chain": false,
    "ssl_hostname_validation": true,
    "hostname": "ldap.internal",
    "base_dn": "dc=glauth,dc=com",
    "user_lookup_attr": "cn",
    "port": 3893,
    "login": "cn=serviceuser,ou=svcaccts,dc=glauth,dc=com",
    "group_lookup_attr": "cn",
    "group_member_attr": "uniqueMember",
    "id": "e97188aa-9573-413b-945e-07f5f261613e",
    "ssl_wildcard_validation": false,
    "user_email_attr": "mail",
    "user_rdn": "ou=users",
    "group_object_class": "groupOfUniqueNames",
    "display_name": "ldap.internal",
    "search_nested_groups": true,
    "start_tls": false
  }
]

You must have the directory_service:edit:* permission to get complete responses. Otherwise, responses are limited to the id and display_name, for example:

[
  {
    "id": "e97188aa-9573-413b-945e-07f5f261613e",
    "display_name": "ldap.internal"
  }
]

An empty array means there are no LDAP connections configured.

For error responses, refer to RBAC service errors .