PingDirectory

Adding a REST API user

Add a REST API user to enable that user to access the API if authentication is enabled.

About this task

Enable REST API authentication by setting the require-api-authentication property of the Metrics HTTP Servlet Extension Configuration object as follows:

$ bin/dsconfig set-http-servlet-extension-prop \
  --extension-name "{pingdatamet}  Server REST API Servlet" \
  --set require-api-authentication:true

Perform the following steps to add a REST API user:

Steps

  1. Create a file name api-user1.ldif containing one or more user entries with no privileges.

    Example:

    dn: cn=app-user1,cn=api-users
      changeType: add
      objectClass: inetOrgPerson
      objectClass: person
      objectClass: top
      cn: app-user1
      uid: app-user1
      sn: User1
      userpassword: api1
      ds-pwp-password-policy-dn: cn=Default Password Policy,cn=Password
      Policies,cn=config

    The password is in clear text. It will be encrypted next.

  2. As a privileged user that can add API users, load the entry using the following ldapmodify command.

    $ bin/ldapmodify --filename api-user1.ldif
  3. Authenticate using one of the following options:

    Choose from:

    • Authenticate using the full DN of the user added (cn=app-user1, cn=api-users).

    • Authenticate using the UID (app-user1).

    The user name to DN map is governed by the identity-mapper setting of the Metrics REST HTTP Servlet Extension configuration object.

  4. Enable Velocity Template authentication with the following command.

    $ bin/dsconfig set-http-servlet-extension-prop \
      --extension-name Velocity \
      --set require-authentication:true