# LDAP API Commandsuser='admin'password='admin'endpoint=''curl -k -H

1. # LDAP API Commands
2.  
3. user='admin'
4. password='admin'
5. endpoint=''
6.  
7. curl -k -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=password&username=admin&password=admin&scope=openid" https://<url>:8443/idprovider/v1/auth/identitytoken
8.  
9. Retrieve using Python
10.  
11. ACCESS_TOKEN=$(curl -k -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=password&username=$user&password=$password&scope=openid" "https://$endpoint:8443/idprovider/v1/auth/identitytoken" | python -c "import sys, json; print(json.load(sys.stdin)['access_token'])")
12.  
13. template
14.  
15. curl -k -X POST --header "Authorization: bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' -d '{"LDAP_ID": "Corp", "LDAP_URL": "ldap://corp.abc.com:389", "LDAP_BASEDN": "o=ibm.com", "LDAP_BINDDN": "", "LDAP_BINDPASSWORD": "", "LDAP_TYPE": "IBM Tivoli Directory Server", "LDAP_USERFILTER": "(&(emailAddress=%v)(objectclass=ePerson))", "LDAP_GROUPFILTER": "(&(cn=%v)(objectclass=groupOfUniqueNames))", "LDAP_USERIDMAP": "*:emailAddress","LDAP_GROUPIDMAP":"*:cn", "LDAP_GROUPMEMBERIDMAP": "groupOfUniqueNames:uniqueMember"}' 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/directory/ldap/onboardDirectory'
16.  
17.  
18. actual
19.  
20. ldap_ip=''
21. icp_ip=''
22. base_dn=''
23. bind_dn=''
24. base64_pw=''
25.  
26. curl -k -X POST --header "Authorization: bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' -d '{"LDAP_ID": "LABAD", "LDAP_URL": "ldap://${ldap_ip}:389", "LDAP_BASEDN": "${base_dn}", "LDAP_BINDDN": "${bind_dn}", "LDAP_BINDPASSWORD": "${base64_pw}", "LDAP_TYPE": "Microsoft Active Directory", "LDAP_USERFILTER": "(&(sAMAccountName=%v)(objectclass=person))", "LDAP_GROUPFILTER": "(&(cn=%v)(objectcategory=group))", "LDAP_USERIDMAP": "user:sAMAccountName","LDAP_GROUPIDMAP":"*:cn", "LDAP_GROUPMEMBERIDMAP": "memberof:member"}' 'https://${icp_ip}:8443/idmgmt/identity/api/v1/directory/ldap/onboardDirectory'
27.  
28. Create team
29.  
30. curl -k -X POST --header 'Content-Type: application/json' --header "Authorization: bearer $ACCESS_TOKEN" -d '{"teamId":"cluster-administrators","name":"Cluster Administrators"}' https://<url>:8443/idmgmt/identity/api/v1/teams
31.  
32. Add users to team
33.  
34. curl -k -X PUT --header "Authorization: Bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"teamId":"test-team","name":"Test Team","users":[{"userId":"testuser","userBaseDN":"uid=testuser,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}],"usergroups":[{"name":"security","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}]}' "https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/test-team"
35.  
36. Pretty
37.  
38. {
39.   "teamId": "cluster-administrators",
40.   "name": "Cluster Administrators",
41.   "users": [
42.     {
43.       "userId": "matteo",
44.       "userBaseDN": "uid=matteo,ou=Users,dc=ynap,dc=com",
45.       "roles": [
46.         {
47.           "id": "crn:v1:icp:private:iam::::role:ClusterAdministrator"
48.         }
49.       ]
50.     },
51.     {
52.       "userId": "daniel",
53.       "userBaseDN": "uid=daniel,ou=Users,dc=ynap,dc=com",
54.       "roles": [
55.         {
56.           "id": "crn:v1:icp:private:iam::::role:ClusterAdministrator"
57.         }
58.       ]
59.     }
60.   ],
61.   "usergroups": [
62.     {
63.       "name": "wcs",
64.       "userGroupDN": "cn=wcx,cn=application,ou=groups,dc=ynap,dc=com",
65.       "roles": [
66.         {
67.           "id": "crn:v1:icp:private:iam::::role:Operator"
68.         }
69.       ]
70.     }
71.   ]
72. }