Adding a REST API user

Add a REST API user to enable that user to access the API if authentication is enabled.

About this task

Enable REST API authentication by setting the require-api-authentication property of the Metrics HTTP Servlet Extension Configuration object as follows:

$ bin/dsconfig set-http-servlet-extension-prop \
  --extension-name "{pingdatamet}  Server REST API Servlet" \
  --set require-api-authentication:true

Perform the following steps to add a REST API user:

Steps

Create a file name api-user1.ldif containing one or more user entries with no privileges.

Example:

dn: cn=app-user1,cn=api-users
  changeType: add
  objectClass: inetOrgPerson
  objectClass: person
  objectClass: top
  cn: app-user1
  uid: app-user1
  sn: User1
  userpassword: api1
  ds-pwp-password-policy-dn: cn=Default Password Policy,cn=Password
  Policies,cn=config

The password is in clear text. It will be encrypted next.

As a privileged user that can add API users, load the entry using the following ldapmodify command.
```
$ bin/ldapmodify --filename api-user1.ldif
```
Authenticate using one of the following options:

Choose from:
- Authenticate using the full DN of the user added (cn=app-user1, cn=api-users).
- Authenticate using the UID (app-user1).
The user name to DN map is governed by the identity-mapper setting of the Metrics REST HTTP Servlet Extension configuration object.

Enable Velocity Template authentication with the following command.

$ bin/dsconfig set-http-servlet-extension-prop \
  --extension-name Velocity \
  --set require-authentication:true

PingDirectory

Adding a REST API user

About this task

Steps

Example:

Choose from: