Adding a REST API user
Add a REST API user to enable that user to access the API if authentication is enabled.
About this task
Enable REST API authentication by setting the require-api-authentication
property of the Metrics HTTP Servlet Extension Configuration object as follows:
$ bin/dsconfig set-http-servlet-extension-prop \
--extension-name "{pingdatamet} Server REST API Servlet" \
--set require-api-authentication:true
Perform the following steps to add a REST API user:
Steps
-
Create a file name
api-user1.ldif
containing one or more user entries with no privileges.Example:
dn: cn=app-user1,cn=api-users changeType: add objectClass: inetOrgPerson objectClass: person objectClass: top cn: app-user1 uid: app-user1 sn: User1 userpassword: api1 ds-pwp-password-policy-dn: cn=Default Password Policy,cn=Password Policies,cn=config
The password is in clear text. It will be encrypted next.
-
As a privileged user that can add API users, load the entry using the following
ldapmodify
command.$ bin/ldapmodify --filename api-user1.ldif
-
Authenticate using one of the following options:
Choose from:
-
Authenticate using the full DN of the user added (
cn=app-user1, cn=api-users
). -
Authenticate using the UID (
app-user1
).
The user name to DN map is governed by the
identity-mapper
setting of the Metrics REST HTTP Servlet Extension configuration object. -
-
Enable Velocity Template authentication with the following command.
$ bin/dsconfig set-http-servlet-extension-prop \ --extension-name Velocity \ --set require-authentication:true