API Reference

Endpoints

AdministrativeOperations

adminConfig

GET /admin/config

Display and modify runtime configurable parameters

Description

The setting of logging level/state and setting time/size limit for search operation results should be possible during runtime via simple https calls. To be able to do such changes also from a simple web browser’s URI line without the need of any special tool, GET operation with API key authorisation will be used. If only the 'secret' parameter is provided, the current configuration will be returned.

Example query strings:
?logstate=1&loglevel=1&secret=configured_api_key_string
?timelimit=120&secret=configured_api_key_string

Parameters
Query Parameters
Name Description Required Pattern

secret

ApiKey authorization string

X

logstate

Set logging state: 0 (off) 1 (on)

-

loglevel

Set logging level: 0 (errors only) 3 (most verbose)

-

timelimit

Set default time limit for search operation

-

sizelimit

Set default size limit for search operation

-
Return Type

String

Content Type

  • text/plain

Responses
Table 1. HTTP Response Codes
Code Message Datatype

200

New setting accepted by the server.

String

400

Logging configuration failed - bad request parameters

String

401

Logging configuration failed - Unauthorized

String

authTableDump

GET /admin/auth/dumptable

Dump complete authorization token table into log file

Description

Only for debug purposes it is possible to dump current state of authorization token table into a log file for further investigation. To request token table dump from a simple web browser’s URI line without the need of any special tool, GET operation with API key authorisation will be used.

Example query string: ?secret=configured_api_key_string

Parameters
Query Parameters
Name Description Required Pattern

secret

api_key_authorization string

X
Return Type

String

Content Type

  • text/plain

Responses
Table 2. HTTP Response Codes
Code Message Datatype

200

Authorization (token) table dumped into a log file.

String

405

Authorization (token) table dump not allowed, missing secret.

String

401

Authorization table dump failed - Unauthorized

String

500

Error creating/writing auth table to log file.

String

Authentication

bind

POST /bind

Bind operation.

Description

For details, check RFC 4511 - 4.2. BIND operation can be called without authorization header in which case a NEW BIND will be established. If an existing BIND needs to be changed (\"re-bind\" or \"elevated bind\"), the BIND request MUST contain the authorization header of the current BIND session. In this case a NEW token will be sent, the OLD token is NOT valid any more. Even when the supplied credentials are wrong, the previous BIND connection will be closed.

Parameters
Body Parameter
Name Description Required Pattern

BindRequest

The request body of the bind operation. Password can be supplied in two forms (simple text or BASE64 encoded). For details on both, please click on the schema button below. Two different types of bind is supported. Simple and anonymous bind. For details of the request structure, please check the request schema below. BindRequest

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

BindResponse

Content Type

  • application/json

Responses
Table 3. HTTP Response Codes
Code Message Datatype

200

Successful bind.

BindResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

unbind

POST /unbind

Unbind operation.

Description

For details, check RFC 4511 - 4.3.

Parameters
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

-

Content Type

  • application/json

Responses
Table 4. HTTP Response Codes
Code Message Datatype

200

Successful unbind (with valid/expired/not found token).

<<>>

401

Authentication problem.

ErrorResponse

EntryOperations

createEntry

POST /entry/{distinguishedName}

Add operation.

Description

For details, check RFC 4511 - 4.7.

Parameters
Path Parameters
Name Description Required Pattern

distinguishedName

Distinguished name of the entry.

X
Body Parameter
Name Description Required Pattern

AddRequest

AddRequest

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

CommonResponse

Content Type

  • application/json

Responses
Table 5. HTTP Response Codes
Code Message Datatype

200

Successful add.

CommonResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

deleteEntry

DELETE /entry/{distinguishedName}

Delete operation.

Description

For details, check RFC 4511 - 4.8.

Parameters
Path Parameters
Name Description Required Pattern

distinguishedName

Distinguished name of the entry.

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

CommonResponse

Content Type

  • application/json

Responses
Table 6. HTTP Response Codes
Code Message Datatype

200

Successful deletion.

CommonResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

404

No entry exists with the specified DN.

ErrorResponse

modifyEntry

PATCH /entry/{distinguishedName}

Modify operation.

Description

For details, check RFC 4511 - 4.6.

Parameters
Path Parameters
Name Description Required Pattern

distinguishedName

Distinguished name of the entry.

X
Body Parameter
Name Description Required Pattern

ModifyRequest

ModifyRequest

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

CommonResponse

Content Type

  • application/json

Responses
Table 7. HTTP Response Codes
Code Message Datatype

200

Successful modification.

CommonResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

404

No entry exists with the specified DN.

ErrorResponse

readEntry

GET /entry/{distinguishedName}

Performs a base-level LDAP search operation for the given DN.

Description

The URI length is limited to 2048 bytes. The number of attributes in the query-string is limited to 64. If no attributes are given, all user attributes are retrieved. If the limit is exceeded, please use the search endpoint (via POST). The request must contain a valid AccessToken from a previous BIND in the Authorization header.

Example:
/entry/cn=admin,o=my-company?attribute=sn&attribute=mail
Retrieves the values for the attributes 'sn' and 'mail' from the entry 'cn=admin,o=pqr'.

Parameters
Path Parameters
Name Description Required Pattern

distinguishedName

Distinguished name of the entry.

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Query Parameters
Name Description Required Pattern

attribute

The list of requested attributes. If not specified, than all user attributes will be returned. String

-
Return Type

SearchResponse

Content Type

  • application/json

Responses
Table 8. HTTP Response Codes
Code Message Datatype

200

Successful search.

SearchResponse

206

Successful, but incomplete search.

SearchResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

404

No entry exists with the specified DN.

ErrorResponse

OtherOperations

compare

POST /compare/{distinguishedName}

Compare operation.

Description

For details, check RFC 4511 - 4.10.

Parameters
Path Parameters
Name Description Required Pattern

distinguishedName

Distinguished name of the entry.

X
Body Parameter
Name Description Required Pattern

CompareRequest

CompareRequest

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

CommonResponse

Content Type

  • application/json

Responses
Table 9. HTTP Response Codes
Code Message Datatype

200

Successful DN modification.

CommonResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

404

No entry exists with the specified DN.

ErrorResponse

extendedOperation

POST /extop

Extended operation.

Description

For details, check RFC 4511 - 4.12.

Parameters
Body Parameter
Name Description Required Pattern

ExtendedOperationRequest

ExtendedOperationRequest

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

ExtendedOperationResponse

Content Type

  • application/json

Responses
Table 10. HTTP Response Codes
Code Message Datatype

200

Successful extended operation execution.

ExtendedOperationResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

modifyDn

POST /moddn/{distinguishedName}

Moddn operation.

Description

For details, check RFC 4511 - 4.9.

Parameters
Path Parameters
Name Description Required Pattern

distinguishedName

Distinguished name of the entry.

X
Body Parameter
Name Description Required Pattern

ModdnRequest

ModdnRequest

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

CommonResponse

Content Type

  • application/json

Responses
Table 11. HTTP Response Codes
Code Message Datatype

200

Successful DN modification.

CommonResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

404

No entry exists with the specified DN.

ErrorResponse

search

POST /search

Search operation.

Description

Endpoint for a full featured search request in the DIT. For details, check RFC 4511 - 4.5.

Parameters
Body Parameter
Name Description Required Pattern

SearchRequest

SearchRequest

X
Header Parameters
Name Description Required Pattern

Authorization

Authorization token returned by the accessToken field of a successful bind response.

X
Return Type

SearchResponse

Content Type

  • application/json

Responses
Table 12. HTTP Response Codes
Code Message Datatype

200

Successful search.

SearchResponse

206

Successful, but incomplete search.

SearchResponse

400

Invalid request.

ErrorResponse

401

Authentication problem.

ErrorResponse

403

Insufficient access rights.

ErrorResponse

Models

AddRequest

LDAP add request. For details, check RFC 4511 - 4.7.

Field Name Required Type Description Format

attributes

X

Map of AttributeValue

controls

ControlRequests

AnonymousBindRequest

Field Name Required Type Description Format

authType

X

String

Enum: anonymous

AttributeValue

Field Name Required Type Description Format

type

String

Enum: base64, plain

value

String

AttributeValueOneOfInner

Field Name Required Type Description Format

type

String

Enum: base64, plain

value

String

BindRequest

Field Name Required Type Description Format

authType

X

String

Enum: anonymous, simple

user

X

String

A string with distinguished name syntax.

password

X

SimpleBindRequestPassword

BindResponse

Returned object after a successful bind operation.

Field Name Required Type Description Format

accessToken

X

String

Custom, SHA512 based token for authentication.

CommonResponse

Field Name Required Type Description Format

resultCode

String

The LDAP error code. For details, check RFC 4511 - 4.1.9.

int32

diagnosticMessage

String

The LDAP error message. For details, check RFC 4511 - 4.1.9.

httpError

String

An error string returned if an error occured in the HTTP part and not returned by LDAP.

controls

ControlResponses

CompareRequest

LDAP compare request. For details, check RFC 4511 - 4.10.

Field Name Required Type Description Format

attribute

X

CompareRequestAttribute

controls

ControlRequests

CompareRequestAttribute

Field Name Required Type Description Format

attributeDesc

X

String

LDAP name of the compared attribute type.

assertionValue

X

AttributeValue

ControlRequest

Field Name Required Type Description Format

controlType

String

Name or OID of the control.

criticality

String

controlValue

List of ServerSideSortingControlRequestControlValueInner

ControlRequests

Array of LDAP controls.

Field Name Required Type Description Format

ControlResponse

Field Name Required Type Description Format

controlType

String

Name or OID of the control.

criticality

String

controlValue

ServerSideSortingControlResponseControlValue

ControlResponses

Array of LDAP controls.

Field Name Required Type Description Format

ErrorResponse

Field Name Required Type Description Format

resultCode

String

The LDAP error code. For details, check RFC 4511 - 4.1.9.

int32

diagnosticMessage

String

The LDAP error message. For details, check RFC 4511 - 4.1.9.

httpError

String

An error string returned if an error occured in the HTTP part and not returned by LDAP.

ExtendedOperationRequest

LDAP extended operation request. For details, check RFC 4511 - 4.12.

Field Name Required Type Description Format

requestName

X

String

Object identifier of the extended operation.

requestValue

ExtendedOperationRequestRequestValue

controls

ControlRequests

ExtendedOperationRequestRequestValue

Field Name Required Type Description Format

type

String

Enum: base64, plain

value

String

ExtendedOperationResponse

LDAP extended operation response. For details, check RFC 4511 - 4.12.

Field Name Required Type Description Format

resultCode

String

The LDAP error code. For details, check RFC 4511 - 4.1.9.

int32

diagnosticMessage

String

The LDAP error message. For details, check RFC 4511 - 4.1.9.

httpError

String

An error string returned if an error occured in the HTTP part and not returned by LDAP.

controls

ControlResponses

responseName

String

Object identifier of the extended operation.

responseValue

ExtendedOperationResponseAllOfResponseValue

ExtendedOperationResponseAllOfResponseValue

Field Name Required Type Description Format

type

String

Enum: base64, plain

value

String

GenericControl

LDAP control. For details, check RFC 4511 - 4.1.11.

Field Name Required Type Description Format

controlType

String

Name or OID of the control.

criticality

String

controlValue

ValueWithSpecificType

ModdnRequest

LDAP moddn request. For details, check RFC 4511 - 4.9.

Field Name Required Type Description Format

newrdn

X

String

A string with relative distinguished name syntax.

deleteoldrdn

X

String

newSuperior

String

A string with distinguished name syntax.

controls

ControlRequests

ModifyRequest

LDAP modify request. For details, check RFC 4511 - 4.6.

Field Name Required Type Description Format

changes

X

Map of ModifyRequestChangesValue

controls

ControlRequests

ModifyRequestChangesValue

Field Name Required Type Description Format

add

AttributeValue

delete

AttributeValue

replace

AttributeValue

PagedResultControlRequest

Paged result LDAP control request. If controlType is set to PagedResultControlRequest, than a special control handling will take place where the ASN1 control value will be constructed automatically from the special structure defined in the controlValue. For details, check RFC 2696.

Field Name Required Type Description Format

controlType

String

Name or OID of the control.

criticality

String

controlValue

PagedResultControlRequestControlValue

PagedResultControlRequestControlValue

Field Name Required Type Description Format

pageSize

X

String

cookie

ValueWithSpecificType

PagedResultControlResponse

Paged result LDAP control response. For details, check RFC 2696.

Field Name Required Type Description Format

controlType

String

Name or OID of the control.

criticality

String

controlValue

PagedResultControlRequestControlValue

SearchRequest

LDAP search request. For details, check RFC 4511 - 4.5.1.

Field Name Required Type Description Format

baseObject

X

String

Base object of the LDAP search request. For details, check RFC 4511 - 4.5.1.1.

scope

X

String

Scope of the LDAP search request. For details, check RFC 4511 - 4.5.1.2.

Enum: base, one, sub

derefAliases

String

Deref aliases parameter of the LDAP search request. For details, check RFC 4511 - 4.5.1.3.

Enum: never, always, inSearching, findingBaseObj

sizeLimit

String

Size limit parameter of the LDAP search request. For details, check RFC 4511 - 4.5.1.4.

timeLimit

String

Time limit parameter of the LDAP search request. For details, check RFC 4511 - 4.5.1.5.

typesOnly

String

Types only parameter of the LDAP search request. For details, check RFC 4511 - 4.5.1.6.

filter

String

Filter string in LDAP filter format RFC 4515.

attributes

List of String

Array of the LDAP name of the requested attributes. For details, check RFC 4511 - 4.5.1.8.

controls

ControlRequests

SearchResponse

Returned object after a successful search operation.

Field Name Required Type Description Format

resultCode

X

String

The LDAP error code. For details, check RFC 4511 - 4.1.9.

int32

diagnosticMessage

String

The LDAP error message. For details, check RFC 4511 - 4.1.9.

httpError

String

An error string returned if an error occurred in the HTTP part and not returned by LDAP.

controls

ControlResponses

result

X

Map of AttributeValue

Entries returned by the search.

ServerSideSortingControlRequest

Server side sorting LDAP control request. If controlType is set to ServerSideSortingControlRequest, than a special control handling will take place where the ASN1 control value will be constructed automatically from the special structure defined in the controlValue. For details, check RFC 2891.

Field Name Required Type Description Format

controlType

String

Name or OID of the control.

criticality

String

controlValue

List of ServerSideSortingControlRequestControlValueInner

ServerSideSortingControlRequestControlValueInner

Field Name Required Type Description Format

attributeType

X

String

orderingRule

String

reverseOrder

String

ServerSideSortingControlResponse

Server side sorting LDAP control response. For details, check RFC 2891.

Field Name Required Type Description Format

controlType

String

Name or OID of the control.

criticality

String

controlValue

ServerSideSortingControlResponseControlValue

ServerSideSortingControlResponseControlValue

Field Name Required Type Description Format

sortResult

X

String

attributeType

String

SimpleBindRequest

Field Name Required Type Description Format

authType

X

String

Enum: simple

user

X

String

A string with distinguished name syntax.

password

X

SimpleBindRequestPassword

SimpleBindRequestPassword

Password of the user. Can be defined as a plain string or as a base64 string. For details, please check the BindRequest schema.

Field Name Required Type Description Format

type

String

Enum: base64, plain

value

String

String

UTF-8 string.

ValueWithSpecificType

A custom data type defined for representing different types of values. Mostly used for specifying that the result is a binary value encoded in base64.

Field Name Required Type Description Format

type

String

Enum: base64, plain

value

String