Loading TOC...

POST /manage/v2/external-security

Summary

This resource address creates a new external-security configuration in the security database.

For more information on external security, see External Authentication (LDAP and Kerberos) in the Understanding and Using Security Guide.

URL Parameters
format The format of the posted data. Can be either html, json, or xml (default). This value overrides the Accept header if both are present.
Request Headers
Accept The expected MIME type of the request body. If the format? parameter is present, it takes precedence over the Accept header.
Content-type The MIME type of the data in the request body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or text/html.
Response Headers
Content-type The MIME type of the data in the response body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or text/html.
Location If the request causes a restart, a Location header is included in the reponse. The header contains a path with which to construct a URL to usable to test when the restart has completed.

Response

Upon success, MarkLogic Server returns status code 201 (Created). If the external-security configuration already exists or if the payload is malformed, a status code of 400 (Bad Request) is returned. A status code of 401 (Unauthorized) is returned if the user does not have the necessary privileges.

Required Privileges

This operation requires the security and manage-admin roles.

Usage Notes

The structure of the data in the request body is as follows. The name, authentication, and authorization properties are required. If either the authentication or authorization is ldap, then all of the ldap-* properties are also required.

external-security-name

External security name (unique)

description

An object's description.

authentication

Authentication

cache-timeout

The login cache timeout, in seconds.

authorization

An authorization scheme.

ldap-server-uri

URI of the ldap server. Required if authentication or authorization is ldap.

ldap-base

starting point for search. Required if authentication or authorization is ldap.

ldap-attribute

ldap attribute for user lookup. Required if authentication or authorization is ldap.

ldap-default-user

ldap user used by MarkLogic server. Required if authentication is kerberos and authorization is ldap or bind method is simple.

ldap-password

password of the default ldap user. Required if authentication is kerberos and authorization is ldap or bind method is simple.

ldap-bind-method

ldap bind method.

Example


cat ExternalConfig.json
==>
{
  "external-security-name": "LDAP-security",
  "description": "Some description",
  "authentication": "ldap",
  "cache-timeout": "300",
  "authorization": "ldap",
  "ldap-server-uri": "LDAP uri",
  "ldap-base": "LDAP base for user lookup",
  "ldap-attribute": "LDAP attribute for user lookup",
  "ldap-default-user": "default",
  "ldap-password": "password",
  "ldap-bind-method": "simple"
}

curl -X POST  --anyauth -u admin:admin -H "Content-Type:application/json" \
-d @ExternalConfig.json http://localhost:8002/manage/v2/external-security

==>  Creates an LDAP external security configuration, named "LDAP-security," 
     in the Security database. 
 
    

Comments

    Powered by MarkLogic Server 7.0-4.1 and rundmc | Terms of Use | Privacy Policy