Project

General

Profile

Feature #26230

api param/calls for missing fields

Added by Vaibhav Chauhan over 3 years ago. Updated over 3 years ago.

Status:
Closed: Behaves correctly
Priority:
No priority
Assignee:
Timur Bakeyev
Category:
Middleware
Target version:
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Description

http://api.freenas.org/resources/directoryservice/idmap.html

how do we get options for Winbind NSS Info and SASL wrapping ? Are options fixed or dynamic.

If we want to update or create Active Directory we use http://api.freenas.org/resources/directoryservice.html?highlight=active%20dire#put--api-v1.0-directoryservice-activedirectory- for it, however there are some fields missing such as
IDMAP
Winbind NSS
ASL wrapping



Related issues

Related to FreeNAS - Feature #24275: Active Directory UIResolved2017-05-31
Related to FreeNAS - Feature #24127: Update AD and LDAP endpoints in APIResolved2017-05-23

History

#1 Updated by Vaibhav Chauhan over 3 years ago

#2 Updated by Dru Lavigne over 3 years ago

  • Status changed from Untriaged to Unscreened

#3 Updated by Vaibhav Chauhan over 3 years ago

a little digging around in Django Models gave me following information

ad_ldap_sasl_wrapping and ad_nss_info

#4 Updated by Vaibhav Chauhan over 3 years ago

updating the ticket with relevant information

John Hixson, [Oct 16, 2017, 4:01:58 PM (10/16/17, 4:02:19 PM)]:
@vb8188 so, the AD NSS and SASL info is part of the AD model. Kerberos info is all in its own models.

Timur Bakeyev, [Oct 16, 2017, 4:05:35 PM]:
John so, that should be retrived directly form the model then?

John Hixson, [Oct 16, 2017, 4:06:34 PM (10/16/17, 4:06:53 PM)]:
@timur_bakeyev I don't know the context of your question ;-) AD NSS & SASL info is part of the AD model, that is what was asked in the ticket, so that is what I am making VB aware of ;-)

Vaibhav Chauhan, [Oct 16, 2017, 4:32:39 PM]:
John oh so ad_ssl and ad_nss_info are the fields I am looking for ?

Timur Bakeyev, [Oct 16, 2017, 4:34:38 PM]:
"This parameter specifies whether to use SSL/TLS, e.g. on/off/start_tls" 

ad_nss_info "This parameter is designed to control how Winbind retrieves Name Service Information to construct a user's home directory and login" 

You possibly need ad_ldap_sasl_wrapping

Vaibhav Chauhan, [Oct 16, 2017, 4:36:55 PM]:
oops yeah you are right ad_ldap_sasl_wrapping

John Hixson, [Oct 16, 2017, 4:37:00 PM]:
@vb8188 the ticket asks about sasl, not ssl

Vaibhav Chauhan, [Oct 16, 2017, 4:37:42 PM]:
John yup my mistake, I see it now that I need ad_ldap_sasl_wrapping

Timur Bakeyev, [Oct 16, 2017, 4:40:01 PM (10/16/17, 4:41:01 PM)]:
For KerberosRealm you possibly looking for '/api/v1.0/directoryservice/kerberosrealm/'

And '/api/v1.0/directoryservice/kerberoskeytab/'

And '/api/v1.0/directoryservice/kerberossettings/' :)

Vaibhav Chauhan, [Oct 16, 2017, 4:42:28 PM]:
oh wow that's cool

Timur Bakeyev, [Oct 16, 2017, 4:42:55 PM]:
That's the only ones you needed?

#5 Updated by Timur Bakeyev over 3 years ago

Basically, that's what /api/v1.0/directoryservice/activedirectory/ gives to you:

{
  "ad_allow_dns_updates": false,
  "ad_allow_trusted_doms": false,
  "ad_bindname": "Administrator",
  "ad_bindpw": "p@$$w0rd",
  "ad_dcname": "win2016-server.ad.freenas",
  "ad_disable_freenas_cache": false,
  "ad_dns_timeout": 60,
  "ad_domainname": "ad.freenas",
  "ad_enable": false,
  "ad_enable_monitor": false,
  "ad_gcname": null,
  "ad_groupdn": "",
  "ad_idmap_backend": "script",
  "ad_ldap_sasl_wrapping": "plain",
  "ad_monitor_frequency": 60,
  "ad_nss_info": null,
  "ad_recover_retry": 10,
  "ad_site": "",
  "ad_ssl": "off",
  "ad_timeout": 60,
  "ad_unix_extensions": false,
  "ad_use_default_domain": false,
  "ad_userdn": "",
  "ad_verbose_logging": true,
  "id": 1
}

A bit incomplete, see linked ticket.

#6 Updated by Timur Bakeyev over 3 years ago

  • Tracker changed from Bug to Feature
  • Status changed from Unscreened to 15

#7 Updated by Timur Bakeyev over 3 years ago

  • Related to Feature #24127: Update AD and LDAP endpoints in API added

#8 Updated by Timur Bakeyev over 3 years ago

Hi, Vaibhav!

Do you have all the necessary information now?

#9 Updated by Dru Lavigne over 3 years ago

  • Status changed from 15 to Closed: Behaves correctly
  • Target version changed from Master - FreeNAS Nightlies to N/A

VB: please reopen if the suggested end point is not sufficient.

Also available in: Atom PDF