When the administrative API is protected by LDAP authentication, the API calls must be authenticated by valid LDAP credentials over HTTP Basic authentication; otherwise, the administrative API returns an error message.
The LDAP authentication setup, including role assignment, is available through <pf_install>/pingfederate/bin/ldap.properties. The roles assigned to the LDAP accounts affect the results of the API calls.
Note:
When you configure LDAP authentication, PingFederate does not lock out accounts based upon the number of failed sign-on attempts. The LDAP server is responsible for preventing access and is enforced according to its password lockout settings.