URL structure

1 https://access-service.xy-company.com/api/v1/ldapconnections/{ldapConnectionId}

where {ldapConnectionId} is the ID of a LDAP connection.

Supported methods and overview

GET - retrieves information about an existing LDAP connection (specified by ldapConnectionId).
PUT - modifies the fields of an existing LDAP connection (specified by ldapConnectionId) and also allows this LDAP connection to be disabled or re-enabled.

Note: The GET method takes no parameters.

Detailed description

This API endpoint serves a number of purposes:

Retrieves information about an existing LDAP connection (specified by ldapConnectionId). An LDAP connection's ID can be obtained by calling the GET method of the <access-service>/api/v1/ldapconnections API endpoint, which retrieves a list of field information for all LDAP connections configured on the Cocoon Data Platform.
Tip: All information returned in the response from a GET method call to this API endpoint is also returned in the response from the GET method call to the <access-service>/api/v1/ldapconnections endpoint. Therefore, there is no need to call the GET method on this API endpoint if you already have the required information from calling <access-service>/api/v1/ldapconnections.
Modifies the fields of an existing LDAP connection (specified by ldapConnectionId). Also allows this LDAP connection to be disabled or re-enabled.

Supported roles

This API endpoint supports the following Cocoon Data user roles (as described in the SafeShare Administrator's Guide):

SafeShare administrator

The Cocoon Data Platform's resources available to a Cocoon Data user meeting the criteria above is determined by the access token submitted in the header of requests to this endpoint.

Required headers

The appropriate access token as the Bearer token:

Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0NjcwMTY2NjYsInVzZXJfbmFtZSI6ImFsZXgub...

The following header is required if the body of the request has a JSON object:

Content-Type: application/json

Optional parameters

The following optional parameters can be sent in the body of the PUT request, each as individual members of a JSON object:

serverUrl - .
serverTimeout - .
managerDN - .
managerPassword - .
baseDN - .
syncFilter - .
authFilter - .
domain - .
accountNameField - .
emailField - .
userPrincipalNameField - .
fullnameField - .
statusField - .
statusDisabledValue - .
enable - A boolean value determining whether to enable (true) or disable (false) this LDAP connection.
Example (request - altering the server timeout value and ensuring that the LDAP connection remains enabled):
{

"serverTimeout": 30000,

"enable": true

}

Returns

If the request succeeded, then an HTTP response status 200 OK is returned.

For successful requests only, a JSON-formatted response containing the following members is also returned:

id - .
serverUrl - .
serverTimeout - .
baseDN - .
authFilter - .
managerDN - .
managerPassword - .
syncFilter - .
domain - .
enabled - .
accountNameField - .
emailField - .
userPrincipalNameField - .
fullnameField - .
statusField - .
statusDisabledValue - .
Example (response):
{

"id": "1000000",

"serverUrl": "ldap://ldap.xy-company.com",

"serverTimeout": 30000,

"baseDN": "ou=users,dc=xy-company,dc=com",

"authFilter": "userPrincipalName={0}",

"managerDN": "cn=server sync,cn=users,dc=xy-company,dc=com",

"managerPassword": "password",

"syncFilter": "(&(memberOf=ou=users,dc=xy-company,dc=com)(userPrincipalName=*@xy-company.com))",

"domain": "XY-COMPANY",

"enabled": true,

"emailField": "mail",

"userPrincipalNameField": "userPrincipalName",

"statusField": "userAccountControl",

"statusDisabledValue": "2",

"accountNameField": "sAMAccountName",

"fullnameField": "name",

"modifiedAt": "2016-10-27T01:27:42.429Z",

"createdAt": "2016-10-27T00:39:55.604Z"

}