Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # LDAP API Commands
- user='admin'
- password='admin'
- endpoint=''
- curl -k -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=password&username=admin&password=admin&scope=openid" https://<url>:8443/idprovider/v1/auth/identitytoken
- Retrieve using Python
- ACCESS_TOKEN=$(curl -k -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=password&username=$user&password=$password&scope=openid" "https://$endpoint:8443/idprovider/v1/auth/identitytoken" | python -c "import sys, json; print(json.load(sys.stdin)['access_token'])")
- template
- curl -k -X POST --header "Authorization: bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' -d '{"LDAP_ID": "Corp", "LDAP_URL": "ldap://corp.abc.com:389", "LDAP_BASEDN": "o=ibm.com", "LDAP_BINDDN": "", "LDAP_BINDPASSWORD": "", "LDAP_TYPE": "IBM Tivoli Directory Server", "LDAP_USERFILTER": "(&(emailAddress=%v)(objectclass=ePerson))", "LDAP_GROUPFILTER": "(&(cn=%v)(objectclass=groupOfUniqueNames))", "LDAP_USERIDMAP": "*:emailAddress","LDAP_GROUPIDMAP":"*:cn", "LDAP_GROUPMEMBERIDMAP": "groupOfUniqueNames:uniqueMember"}' 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/directory/ldap/onboardDirectory'
- actual
- ldap_ip=''
- icp_ip=''
- base_dn=''
- bind_dn=''
- base64_pw=''
- curl -k -X POST --header "Authorization: bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' -d '{"LDAP_ID": "LABAD", "LDAP_URL": "ldap://${ldap_ip}:389", "LDAP_BASEDN": "${base_dn}", "LDAP_BINDDN": "${bind_dn}", "LDAP_BINDPASSWORD": "${base64_pw}", "LDAP_TYPE": "Microsoft Active Directory", "LDAP_USERFILTER": "(&(sAMAccountName=%v)(objectclass=person))", "LDAP_GROUPFILTER": "(&(cn=%v)(objectcategory=group))", "LDAP_USERIDMAP": "user:sAMAccountName","LDAP_GROUPIDMAP":"*:cn", "LDAP_GROUPMEMBERIDMAP": "memberof:member"}' 'https://${icp_ip}:8443/idmgmt/identity/api/v1/directory/ldap/onboardDirectory'
- Create team
- curl -k -X POST --header 'Content-Type: application/json' --header "Authorization: bearer $ACCESS_TOKEN" -d '{"teamId":"cluster-administrators","name":"Cluster Administrators"}' https://<url>:8443/idmgmt/identity/api/v1/teams
- Add users to team
- curl -k -X PUT --header "Authorization: Bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"teamId":"test-team","name":"Test Team","users":[{"userId":"testuser","userBaseDN":"uid=testuser,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}],"usergroups":[{"name":"security","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}]}' "https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/test-team"
- Pretty
- {
- "teamId": "cluster-administrators",
- "name": "Cluster Administrators",
- "users": [
- {
- "userId": "matteo",
- "userBaseDN": "uid=matteo,ou=Users,dc=ynap,dc=com",
- "roles": [
- {
- "id": "crn:v1:icp:private:iam::::role:ClusterAdministrator"
- }
- ]
- },
- {
- "userId": "daniel",
- "userBaseDN": "uid=daniel,ou=Users,dc=ynap,dc=com",
- "roles": [
- {
- "id": "crn:v1:icp:private:iam::::role:ClusterAdministrator"
- }
- ]
- }
- ],
- "usergroups": [
- {
- "name": "wcs",
- "userGroupDN": "cn=wcx,cn=application,ou=groups,dc=ynap,dc=com",
- "roles": [
- {
- "id": "crn:v1:icp:private:iam::::role:Operator"
- }
- ]
- }
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement