While Oracle Privileged Account Manager can be consumed through several client interfaces, its fundamental access mechanism or layer is encapsulated in its RESTful interfaces.
All interactions with Oracle Privileged Account Manager's server that are being used by external parties, such as a non-Oracle Privileged Account Manager server, are exposed through RESTful interfaces. All externally visible Oracle Privileged Account Manager resources are modeled by URIs, while standard HTTP operations are mapped to relevant Oracle Privileged Account Manager operations on those resources.
This appendix describes Oracle Privileged Account Manager's RESTful interface. The specific APIs that are exposed through this interface are documented in the following sections:
Note:
You can also use Oracle Privileged Account Manager's web-based Console or command line tool to perform tasks described in this appendix.
Refer to Chapter 5, "Configuring and Managing Oracle Privileged Account Manager" or Appendix A, "Working with the Command Line Tool" for more information.
The APIs described in this section include:
Use this API to retrieve a list of the attributes that are associated with all of the target types.
You can use the list of supported target types, along with these attributes, to create the JSON object required to add a target. Refer to Section B.1.2, "Add a Target" for more information.
Note:
You must have a JSON browser extension, such as Firefox JSONview, to create the JSON object.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/attributes/{locale} |
|---|---|
|
Method |
|
|
Returns on Success |
Status code 200 and the JSON representation of target types, along with the attributes associated with them. |
https://opam_server_host:opam_ssl_port/opam/target/attributes/en
Example B-1 JSON Output of Supported Target Types with Attributes
{
"TargetAttributes":[
{
"TargetType":"ldap",
"DisplayName":"ldap",
"BasicAttributes":[
{
"name":"targetName",
"type":"string",
"description":"",
"label":"Target Name",
"mask":"false",
"array":"false",
"required":"true"
},
{
"name":"description",
"type":"string",
"description":"",
"label":"Description",
"mask":"false",
"array":"false",
"required":"false"
},
{
"name":"organization",
"type":"string",
"description":"",
"label":"Organization",
"mask":"false",
"array":"false",
"required":"false"
},
{
"name":"domain",
"type":"string",
"description":"",
"label":"Domain",
"mask":"false",
"array":"false",
"required":"true"
},
{
"name":"host",
"type":"string",
"description":"",
"label":"Host",
"mask":"false",
"array":"false",
"required":"true"
},
{
"name":"port",
"type":"int",
"description":"TCP/IP port number used to communicate with the LDAP server.",
"label":"TCP Port",
"default":"",
"mask":"false",
"array":"false",
"required":"true"
},
{
"name":"ssl",
"type":"boolean",
"description":"Select the check box to connect to the LDAP server using SSL.",
"label":"SSL",
"default":"false",
"mask":"false",
"array":"false",
"required":"true"
},
{
"name":"principal",
"type":"string",
"description":"The distinguished name with which to authenticate
to the LDAP server.",
"label":"Principal",
"default":"",
"mask":"false",
"array":"false",
"required":"true"
},
{
"name":"credentials",
"type":"string",
"description":"Password for the principal.",
"label":"Password",
"default":"",
"mask":"true",
"array":"false",
"required":"true"
},
{
"name":"baseContexts",
"type":"string",
"description":"One or more starting points in the LDAP tree that will be used
when searching the tree. Searches are performed when discovering users from
the LDAP server or when looking for the groups of which a user is a member.",
"label":"Base Contexts",
"default":[
],
"mask":"false",
"array":"true",
"required":"true"
},
{
"name":"accountNameAttribute",
"type":"string",
"description":"Attribute which holds the account's user name.",
"label":"Account User Name Attribute",
"default":"uid",
"mask":"false",
"array":"false",
"required":"true"
}
],
"AdvancedAttributes":[
{
"name":"uidAttribute",
"type":"string",
"description":"The name of the LDAP attribute which is mapped
to the Uid attribute.",
"label":"Uid Attribute",
"default":"uid",
"mask":"false",
"array":"false",
"required":"false"
},
{
"name":"accountSearchFilter",
"type":"string",
"description":"An optional LDAP filter to control which accounts are returned
from the LDAP resource. If no filter is specified, only accounts that include
all specified object classes are returned.",
"label":"LDAP Filter for Retrieving Accounts",
"default":"(uid=*)",
"mask":"false",
"array":"false",
"required":"false"
},
{
"name":"passwordAttribute",
"type":"string",
"description":"The name of the LDAP attribute which holds the password.
When changing an user's password, the new password is set to this attribute.",
"label":"Password Attribute",
"default":"userpassword",
"mask":"false",
"array":"false",
"required":"false"
},
{
"name":"accountObjectClasses",
"type":"string",
"description":"The object class or classes that will be used when
creating new user objects in the LDAP tree. When entering more than one
object class, each entry should be on its own line; do not use commas or
semi-colons to separate multiple object classes. Some object classes
may require that you specify all object classes in the class hierarchy.",
"label":"Account Object Classes",
"default":[
"top",
"person",
"organizationalPerson",
"inetOrgPerson"
],
"mask":"false",
"array":"true",
"required":"false"
}
]
}
]
}
Where:
TargetAttributes is an array of objects, where each object represents a target type.
TargetType is the target type.
DisplayName is how the target type name should display.
BasicAttributes is an array of objects, where each object represents basic attributes for the target type.
AdvancedAttributes is an array of objects, where each object represents advanced attributes for the target type.
name is the attribute name to use when constructing the target JSON to create a target.
type is the attribute type. Acceptable values include string, int, boolean, or lov (list of values).
description is a helpful description of the attribute.
label is how the attribute name should display.
default is a default value for the attribute.
Specify a single value if the array parameter is false or specify an array of values if array is true.
mask hides sensitive values, such as credentials.
Specify true to hide attributes.
Specify false if hiding attributes is not necessary.
array indicates whether the attribute is single-valued or an array of multiple values.
Specify true if the attribute is an array of multiple values.
Specify false if the attribute is single-valued.
required indicates whether the attribute are mandatory or optional.
Specify true for mandatory attributes.
Specify false for optional attributes.
Note:
First, you must obtain a list of attributes for the target type as described in Section B.1.1, "Get Target Attributes." You use these attributes to create the JSON object sent in the body.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target |
|---|---|
|
Method |
|
|
Body |
JSON representation of target for addition/test |
|
Returns on Success |
Status code 201 Created and Location |
Example B-2 Sample JSON Representation of Target for Addition
{
"target":{
"targetType":"ldap",
"targetName":"hhsharma-ldap2",
"host":"opam_server_host",
"domain":"berkeley",
"description":"Ldap target",
"organization":"ST-US",
"credentials":"welcome",
"uidAttribute":"uid",
"port":"9876",
"passwordAttribute":"userpassword",
"principal":"cn=orcladmin",
"accountSearchFilter":"(uid=*)",
"baseContexts":[
"cn=Users,c=US"
],
"ssl":"false",
"accountObjectClasses":[
"top",
"person",
"organizationalPerson",
"inetOrgPerson"
],
"accountNameAttribute":"uid"
}
}
https://opam_server_host:opam_ssl_port/opam/target
/9bbcbbb087174ad1900ea691a2573b61 as the Location.
Where:
target is the target JSON object.
targetName is the name of the target.
targetType is the target type.
All of the other attributes are dynamic and they correspond to the attributes in Section B.1.1, "Get Target Attributes."
Use this API to verify a target.
Note:
First, you must obtain a list of attributes for the target type. Refer to Section B.1.1, "Get Target Attributes," to create the JSON object to be sent in the body.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/test |
|---|---|
|
Method |
|
|
Body |
JSON representation of target for addition/test |
|
Returns on Success |
Status code 200 |
Example B-3 Sample JSON Representation of Target for Addition/Verification
{
"target":{
"targetType":"ldap",
"targetName":"hhsharma-ldap2",
"host":"opam_server_host",
"domain":"berkeley",
"description":"Ldap target",
"organization":"ST-US",
"credentials":"welcome",
"uidAttribute":"uid",
"port":"9876",
"passwordAttribute":"userpassword",
"principal":"cn=orcladmin",
"accountSearchFilter":"(uid=*)",
"baseContexts":[
"cn=Users,c=US"
],
"ssl":"false",
"accountObjectClasses":[
"top",
"person",
"organizationalPerson",
"inetOrgPerson"
],
"accountNameAttribute":"uid"
}
}
Where:
target is the target JSON object.
targetName is the name of the target.
targetType is the target type.
All of the other attributes are dynamic and they correspond to the attributes in Section B.1.1, "Get Target Attributes."
Use this API to retrieve a target.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/{targetUID} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of target |
Example B-4 Sample JSON Representation of Target
{
"target":{
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"targetType":"ldap",
"targetName":"hhsharma-ldap",
"host":"opam_server_host",
"domain":"berkeley",
"description":"Ldap target",
"organization":"ST-US",
"credentials":"welcome",
"uidAttribute":"uid",
"port":"9876",
"passwordAttribute":"userpassword",
"principal":"cn=orcladmin",
"accountSearchFilter":"(uid=*)",
"baseContexts":[
"cn=Users,c=US"
],
"ssl":"false",
"accountObjectClasses":[
"top",
"person",
"organizationalPerson",
"inetOrgPerson"
],
"accountNameAttribute":"uid",
"accounts":[
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/c11066278022489aad758aec69d9727d"
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/3740553e999a4f6aa8e8f9286d320cb4"
}
}
]
}
}
Where:
target is the target JSON object.
targetUID is the target's unique identifier.
targetName is the name of the target.
targetType is target type.
accounts is an array of accounts that are associated with the target.
account is the account JSON object containing the account's URI.
uri is the account's URI.
All of the other attributes are dynamic and they correspond to the attributes in Section B.1.1, "Get Target Attributes."
Use this API to update a target.
You can change all of the attributes, except targetType and targetUID, and you can change multiple attributes at a time.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/{targetUID} |
|---|---|
|
Method |
|
|
Body |
JSON representation of Target Modification |
|
Returns on Success |
Status code 201 |
Example B-5 Sample JSON Object to Modify Target
{
"modifications":[
{
"modification":{
"host":"opam_server_host:opam_ssl_port
}
},
{
"modification":{
"port":"6000"
}
}
]
}
Where:
targetUID is the target's unique identifier.
modifications is an array of modification JSON objects.
modification is a JSON object representing the modification of a single attribute.
For this API, you must update the host and port attributes on the target. Their value is updated to the value provided with them.
Use this API to delete a target.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/{targetUID} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 |
Use this API to search for a target using any of the following request parameters:
type
domain
org
name
hostname
All of these parameters are optional.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/search?param1=value1¶m2=value2 |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of Target Collection |
|
https://opam_server_host:opam_ssl_port/opam/target/search? |
Returns all targets |
|---|---|
|
https://opam_server_host:opam_ssl_port/opam/target/search?type=ldap&org=us |
Returns all targets whose type contains |
Example B-6 Sample JSON Representation of Target Collection
{
"Target Collection":[
{
"target":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/target\
/9bbcbbb087174ad1900ea691a2573b61",
"type":"ldap",
"name":"hhsharma-ldap",
"host":"opam_server_host",
"domain":"berkeley"
}
},
{
"target":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/target\
/ac246a162ce948c7b1cdcc17dfc92c15",
"type":"ldap",
"name":"hhsharma-ldap2",
"host":"opam_server_host:opam_ssl_port",
"domain":"berkeley"
}
}
]
}
Where:
Target Collection is an array of target JSON objects.
target is the target JSON object.
uri is the target resource URI.
type is the target type.
hostname is the target's host name.
name is the target name.
org is the target's organization.
domain is the target's domain.
Use this API to retrieve all of the accounts present on the target system.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/attributes/{locale} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 OK and JSON representation of account collection |
Example B-7 Sample JSON Representation of Account Collection
{
"AvailableAccounts":[
{
"accountName":"SCOTT",
"accountUid":"SCOTT"
},
{
"accountName":"BLAKE",
"accountUid":"BLAKE "
},
{
"accountName":"JONES",
"accountUid":"JONES"
}
]
}
Where:
AvailableAccounts is an array of the accounts present on the target system.
accountName is the account name.
accountUID is the account's unique identifier.
Use this API to retrieve all the accounts on the target that are registered with Oracle Privileged Account Manager.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/{targetUID}/accounts |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of URI collection of accounts |
Example B-8 Sample JSON Representation of URI Collection of Accounts
{
"URI Collection":[
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/3740553e999a4f6aa8e8f9286d320cb4",
"accountName":"sherlock"
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/c11066278022489aad758aec69d9727d",
"accountName":"himanshu"
}
}
]
}
Where:
URI Collection is an array of accounts on a target that are registered with Oracle Privileged Account Manager.
account is the account JSON object.
uri is the account's URI.
accountName is the account name.
Use this API to retrieve a list of all supported target types.
|
URI |
https://opam_server_host:opam_ssl_port/opam/target/types |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of supported target types |
Example B-9 Sample JSON Representation of Supported Target Types
{
"targettypes":[
"ldap",
"unix",
"database"
]
}
Where:
targettypes are the supported target types.
The APIs described in this section include:
Use this API to add an account to the target. This API does not create an account on the target system, but it registers the existing account with the OPAM target.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account |
|---|---|
|
Method |
|
|
Body |
JSON representation for account addition/verification |
|
Returns on Success |
Status code 201 and Location |
Example B-10 Sample JSON Representation of Account for Addition/Verification
{
"account":{
"accountName":"lucie",
"passwordpolicy":"passwordpolicy2",
"shared":"true",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61"
}
}
Where:
account is the account JSON object.
accountName is the name of the account.
passwordpolicy is the policy ID of the Password Policy applicable to the account. This parameter is optional. By default, this parameters uses the global Default Password Policy.
shared indicates the shared status of the account. This value is a Boolean and the default setting is false.
targetUID is the target's unique identifier.
Use this API to verify whether the account is present on the target system.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/test |
|---|---|
|
Method |
|
|
Body |
JSON representation for account addition/verification |
|
Returns on Success |
Status code 200 |
Example B-11 Sample JSON Representation of Account Addition/Verification
{
"account":{
"accountName":"lucie",
"passwordpolicy":"passwordpolicy2",
"shared":"true",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61"
}
}
Where:
account is the account JSON object.
accountName is the name of the account.
passwordpolicy is the policy ID of the Password Policy applicable to the account. This parameter is optional. By default, this parameters uses the global Default Password Policy.
shared indicates the shared status of the account. This value is a Boolean and the default setting is false.
targetUID is the target's unique identifier.
Use this API to retrieve an account.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of account |
Example B-12 Sample JSON Representation of Account
{
"account":{
"accountUID":"3f74a85e39e64432ba917a2e60fa15aa",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"accountName":"lucie",
"shared":true,
"status":"checkedIn",
"usagepolicy":"usagepolicy1",
"passwordpolicyname":"Default Password Policy",
"passwordpolicy":"passwordpolicy2",
"grantees":{
"users":[
"opamuser1"
],
"roles":[
"opamgroup1"
]
}
}
}
Where:
account is the account JSON object.
accountUID is the account's unique identifier.
accountName is the name of the account.
passwordpolicy is the policy ID of the Password Policy applicable to the account.
passwordpolicyname is the name of the applicable Password Policy.
shared indicates the shared status of the account. This value is a Boolean and the default setting is false.
targetUID is target's unique identifier.
status indicates whether the account has been checked in by anyone. Acceptable values are checkedIn and checkedOut.
grantees are grantees of the account.
users are users who have been granted the account. Each value is the user's login ID/UID.
roles are groups or roles that have been granted the account. Each value is a group name of the group.
Use this API to reset the password on the account.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/resetpassword |
|---|---|
|
Method |
|
|
Body |
JSON representation of the new password |
|
Returns on Success |
Status code 200 |
Where:
accountUID is the account's unique identifier.
Use this API to update an account. You can change multiple attributes at a time. Only usagepolicy and shared attributes can be updated.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID} |
|---|---|
|
Method |
|
|
Body |
JSON representation of account modifications |
|
Returns on Success |
Status code 200 |
Example B-14 Sample JSON Representation of Account Modifications
{
"modifications":[
{
"modification":{
"passwordpolicy":"passwordpolicy2"
}
},
{
"modification":{
"shared":"false"
}
}
}
}
Where:
accountUID is the account's unique identifier.
modifications are an array of modification JSON objects.
modification is a JSON object representing the modification of a single attribute.
Use this API to remove an account.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 |
Where:
accountUID is the account's unique identifier.
Use this API to grant a user or role access to an account. Multiple users and roles can be granted the access at a time.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID} |
|---|---|
|
Method |
|
|
Body |
JSON representation for adding grantees |
|
Returns on Success |
Status code 200 |
Example B-15 Sample JSON Representation for Adding Grantees
{
"modifications":[
{
"modification":{
"usagepolicy":"usagepolicy1",
"role":"opamgroup1",
"operation":"add"
}
},
{
"modification":{
"usagepolicy":"usagepolicy1",
"user":"opamuser1",
"operation":"add"
}
}
]
}
Where:
accountUID is the account's unique identifier.
modifications are an array of modification JSON objects.
modification is a JSON object representing the modification of a single attribute.
role indicates that a group has to be granted an access. This parameter value is the group name.
user indicates that a user has to be granted an access. This parameter value is the user login id.
usagepolicy indicates the Usage Policy identifier to be applied to the grant.
operation indicates the type of operation to be performed. Acceptable values include:
add indicates grant.
delete indicates revocation.
replace indicates replacement of usagepolicy with a new value.
Use this API to remove a user's access or a role's access to an account. You can revoke multiple user and role grants at a time.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID} |
|---|---|
|
Method |
|
|
Body |
JSON representation for removing grantees |
|
Returns on Success |
Status code 200 |
Example B-16 Sample JSON Representation for Removing Grantees
{
"modifications":[
{
"modification":{
"usagepolicy":"usagepolicy1",
"role":"opamgroup1",
"operation":"delete"
}
},
{
"modification":{
"usagepolicy":"usagepolicy1",
"user":"opamuser1",
"operation":"delete"
}
}
]
}
Where:
accountUID is the account's unique identifier.
modifications are an array of modification JSON objects.
modification is a JSON object representing a single modification.
role indicates that a group has to be granted an access. This parameter value is the group name.
user indicates that a user has to be granted an access. This parameter value is the user login id.
usagepolicy indicates the Usage Policy identifier to be applied to the grant.
operation indicates the type of operation to be performed. Acceptable values include:
add indicates a grant.
delete indicates a revocation.
replace indicates the replacement of the usagepolicy with a new value.
Use this API to retrieve all the grantees of an account. A grantee can be a user or a role.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/grantees |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of Grantees |
Example B-17 Sample JSON Representation of Grantees
{
"grantees":{
"users":[
"opamuser1"
],
"roles":[
"opamgroup1"
]
}
}
Where:
grantees are grantees of the account.
users are the users who have been granted the account. Each value is the user's login ID/UID.
roles are the groups or roles who have been granted the account. Each value is a group name.
Use this API to check out an account.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/checkout |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of account token |
Example B-18 Sample JSON Representation of Account Token
{
"accountToken":{
"accountName":"lucie",
"accountUID":"3f74a85e39e64432ba917a2e60fa15aa",
"accountPassword":"GJN8p2ol"
}
}
Where:
accountUID is the account's unique identifier.
accountName is the name of the account.
accountpassword is the account password.
Use this API to check in an account.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/checkin |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 |
Use this API to retrieve a list of all users who have currently checked out an account.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/whocheckedout |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of users who checked out the account. |
Example B-19 Sample JSON Representation of Users Who Checked Out the Account
{
"users":[
{
"user":{
"uid":"sec_admin",
"lastname":"sec_admin",
"dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain",
"expiryTime":1338765551,
"checkoutTime":1338333551,
"timezone":"America\/Los_Angeles"
}
}
]
}
Where:
uid is the user's unique identifier.
lastname is the user's last name.
dn is the distinguished name of the user.
expiryTime is the expiration time of the check out session. This parameter value is the UNIX time.
checkoutTime is the time at which the account was checked out. This parameter value is the UNIX time.
timezone indicates the time zone applicable to expiryTime and checkOutTime.
Use this API to retrieve and display the password associated with an account.
|
URI |
https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/showpassword |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of account token |
Example B-20 Sample JSON Representation of Account Token
{
"accountToken":{
"accountName":"lucie",
"accountUID":"3f74a85e39e64432ba917a2e60fa15aa",
"accountPassword":"GJN8p2ol"
}
}
Where:
accountUID is the account's unique identifier.
accountName is the name of the account.
accountPassword is the account password.
The APIs described in this section include:
Use this API to search accounts using one or more of the following search request parameters:
type
domain
org
name
accountname
All of these parameters are optional.
|
URI |
https://opam_server_host:opam_ssl_port/opam/ui/allaccounts/search?param1=val1¶m2=val2 |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of account collection |
Example B-21 Sample JSON Representation of Account Collection
{
"AccountCollection":[
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/3740553e999a4f6aa8e8f9286d320cb4",
"accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
"accountName":"sherlock",
"status":"checkedOut",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"domain":"berkeley",
"disabled":"false",
"grantees":{
"users":[
],
"roles":[
]
}
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/c11066278022489aad758aec69d9727d",
"accountUID":"c11066278022489aad758aec69d9727d",
"accountName":"himanshu",
"status":"checkedIn",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"domain":"berkeley",
"disabled":"true",
"grantees":{
"users":[
],
"roles":[
]
}
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/154034fc5b5548caad7721e198815709",
"accountUID":"154034fc5b5548caad7721e198815709",
"accountName":"lucie",
"status":"checkedIn",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"domain":"berkeley",
"disabled":"true",
"grantees":{
"users":[
],
"roles":[
]
}
}
}
],
"count":3
}
Where:
disabled indicates the user's grant access to the account.
If set to true, the user has grant access to the account.
If set to false, the user is an administrator who can view the account, but cannot check out the account.
For all other attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
Use this API to retrieve a list of all accounts that have been checked out by the logged in user.
|
URI |
https://opam_server_host:opam_ssl_port/ui/allaccounts/mycheckedout |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of account collection |
Example B-22 Sample JSON Representation of Account Collection
{
"AccountCollection":[
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/3740553e999a4f6aa8e8f9286d320cb4",
"accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
"accountName":"sherlock",
"status":"checkedOut",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"domain":"berkeley",
"policyname":"Default Usage Policy",
"policyid":"usagepolicy1",
"expiryTime":1338765551,
"timezone":"America\/Los_Angeles",
"grantees":{
"users":[
],
"roles":[
]
}
},
"count":1
}
]
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
The APIs described in this section include:
Use this API to retrieve a user.
|
URI |
https://opam_server_host:opam_ssl_port/opam/user/{uid} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of user |
Example B-23 Sample JSON Representation of User
{
"user":{
"uid":"opamuser1",
"lastname":"opamuser1",
"usertype":"End-User",
"opamrole":[
],
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain",
"accounts":[
{
"accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
"accountName":"sherlock",
"targetType":"ldap",
"targetName":"hhsharma-ldap",
"targetDomain":"berkeley"
},
{
"accountUID":"154034fc5b5548caad7721e198815709",
"accountName":"lucie",
"targetType":"ldap",
"targetName":"hhsharma-ldap",
"targetDomain":"berkeley"
}
]
}
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
Use this API to search for users. This API is a contains search, using one or more of the following parameters:
firstname
lastname
UID (unique identifier)
mail
|
URI |
https://opam_server_host:opam_ssl_port/opam/user/search/{searchKeyWord} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status 200 and JSON representation of users |
Example B-24 Sample JSON Representation of Users
{
"users":[
{
"user":{
"uid":"opamenduser1",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamenduser2",
"lastname":"opamenduser2",
"dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamuser1",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
}
]
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
Use this API to search for users. This API is a contains search, using one or more of the following parameters:
uid
lastname
firstname
All of these parameters are optional.
|
URI |
https://opam_server_host:opam_ssl_port/opam/user/advancedsearch?param1=val1¶m2=val2 |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status 200 and JSON representation of users |
Example B-25 Sample JSON Representation of Users
{
"users":[
{
"user":{
"uid":"OracleSystemUser",
"lastname":"OracleSystemUser",
"dn":"uid=OracleSystemUser,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"weblogic",
"lastname":"weblogic",
"dn":"uid=weblogic,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"app_config",
"lastname":"app_config",
"dn":"uid=app_config,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"sec_admin",
"lastname":"sec_admin",
"dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"user_manager",
"lastname":"user_manager",
"dn":"uid=user_manager,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"sec_auditor",
"lastname":"sec_auditor",
"dn":"uid=sec_auditor,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamenduser1",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamenduser2",
"lastname":"opamenduser2",
"dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamuser1",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
}
]
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
The APIs described in this section include:
Use this API to retrieve a group.
|
URI |
https://opam_server_host:opam_ssl_port/opam/group/{name} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of group |
Example B-26 Sample JSON Representation of Group
{
"group":{
"name":"opamgroup1",
"dn":"cn=opamgroup1,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
{
"uid":"opamenduser1",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
},
{
"uid":"opamuser1",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
],
"groups":[
{
"group":{
"name":"opamsubgroup1",
"dn":"cn=opamsubgroup1,ou=groups,ou=myrealm,dc=base_domain",
"description":""
}
},
{
"group":{
"name":"opamsubgroup2",
"dn":"cn=opamsubgroup2,ou=groups,ou=myrealm,dc=base_domain",
"description":""
}
}
],
"accounts":[
{
"accountUID":"c11066278022489aad758aec69d9727d",
"accountName":"himanshu",
"targetType":"ldap",
"targetName":"hhsharma-ldap",
"targetDomain":"berkeley"
}
]
}
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
Use this API to search for groups. This API is a contains search, using the group name parameter.
|
URI |
https://opam_server_host:opam_ssl_port/opam/group/search/{searchKeyWord} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status 200 and JSON representation of groups |
Example B-27 Sample JSON Representation of Groups
{
"groups":[
{
"group":{
"name":"opamgroup1",
"dn":"cn=opamgroup1,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
{
"uid":"opamenduser1",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
},
{
"uid":"opamuser1",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
]
}
},
{
"group":{
"name":"opamgroup2",
"dn":"cn=opamgroup2,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
{
"uid":"opamenduser1",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
},
{
"uid":"opamuser1",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
]
}
},
{
"group":{
"name":"opamsubgroup1",
"dn":"cn=opamsubgroup1,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
]
}
},
{
"group":{
"name":"opamsubgroup2",
"dn":"cn=opamsubgroup2,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
]
}
},
{
"group":{
"name":"OPAM_APPLICATION_CONFIGURATOR",
"dn":"cn=OPAM_APPLICATION_CONFIGURATOR,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_APPLICATION_CONFIGURATOR",
"users":[
{
"uid":"app_config",
"lastname":"app_config",
"dn":"uid=app_config,ou=people,ou=myrealm,dc=base_domain"
}
]
}
},
{
"group":{
"name":"OPAM_SECURITY_ADMIN",
"dn":"cn=OPAM_SECURITY_ADMIN,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_SECURITY_ADMIN",
"users":[
{
"uid":"sec_admin",
"lastname":"sec_admin",
"dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
}
]
}
},
{
"group":{
"name":"OPAM_SECURITY_AUDITOR",
"dn":"cn=OPAM_SECURITY_AUDITOR,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_SECURITY_AUDITOR",
"users":[
{
"uid":"sec_auditor",
"lastname":"sec_auditor",
"dn":"uid=sec_auditor,ou=people,ou=myrealm,dc=base_domain"
}
]
}
},
{
"group":{
"name":"OPAM_USER_MANAGER",
"dn":"cn=OPAM_USER_MANAGER,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_USER_MANAGER",
"users":[
{
"uid":"user_manager",
"lastname":"user_manager",
"dn":"uid=user_manager,ou=people,ou=myrealm,dc=base_domain"
}
]
}
}
]
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
Use this API to search for users whose request parameters could be groupname. All of the parameters are optional.
|
URI |
https://opam_server_host:opam_ssl_port/opam/group/advancedsearch?param1=val1¶m2=val2 |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status 200 and JSON representation of groups |
Example B-28 Sample JSON Representation of Groups
{
"groups":[
{
"group":{
"name":"AdminChannelUsers",
"dn":"cn=AdminChannelUsers,ou=groups,ou=myrealm,dc=base_domain",
"description":"AdminChannelUsers can access the admin channel.",
"users":[
],
"accounts":[
]
}
},
{
"group":{
"name":"Administrators",
"dn":"cn=Administrators,ou=groups,ou=myrealm,dc=base_domain",
"description":"Administrators can view and modify all resource attributes
and start and stop servers.",
"users":[
{
"uid":"weblogic",
"lastname":"weblogic",
"dn":"uid=weblogic,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"AppTesters",
"dn":"cn=AppTesters,ou=groups,ou=myrealm,dc=base_domain",
"description":"AppTesters group.",
"users":[
],
"accounts":[
]
}
},
{
"group":{
"name":"CrossDomainConnectors",
"dn":"cn=CrossDomainConnectors,ou=groups,ou=myrealm,dc=base_domain",
"description":"CrossDomainConnectors can make inter-domain calls from
foreign domains.",
"users":[
],
"accounts":[
]
}
},
{
"group":{
"name":"Deployers",
"dn":"cn=Deployers,ou=groups,ou=myrealm,dc=base_domain",
"description":"Deployers can view all resource attributes and deploy applications.",
"users":[
],
"accounts":[
]
}
},
{
"group":{
"name":"Monitors",
"dn":"cn=Monitors,ou=groups,ou=myrealm,dc=base_domain",
"description":"Monitors can view and modify all resource attributes
and perform operations not restricted by roles.",
"users":[
],
"accounts":[
]
}
},
{
"group":{
"name":"Operators",
"dn":"cn=Operators,ou=groups,ou=myrealm,dc=base_domain",
"description":"Operators can view and modify all resource attributes and
perform server lifecycle operations.",
"users":[
],
"accounts":[
]
}
},
{
"group":{
"name":"OracleSystemGroup",
"dn":"cn=OracleSystemGroup,ou=groups,ou=myrealm,dc=base_domain",
"description":"Oracle application software system group.",
"users":[
{
"uid":"OracleSystemUser",
"lastname":"OracleSystemUser",
"dn":"uid=OracleSystemUser,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"OPAM_APPLICATION_CONFIGURATOR",
"dn":"cn=OPAM_APPLICATION_CONFIGURATOR,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_APPLICATION_CONFIGURATOR",
"users":[
{
"uid":"app_config",
"lastname":"app_config",
"dn":"uid=app_config,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"OPAM_SECURITY_ADMIN",
"dn":"cn=OPAM_SECURITY_ADMIN,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_SECURITY_ADMIN",
"users":[
{
"uid":"sec_admin",
"lastname":"sec_admin",
"dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"OPAM_USER_MANAGER",
"dn":"cn=OPAM_USER_MANAGER,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_USER_MANAGER",
"users":[
{
"uid":"user_manager",
"lastname":"user_manager",
"dn":"uid=user_manager,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"OPAM_SECURITY_AUDITOR",
"dn":"cn=OPAM_SECURITY_AUDITOR,ou=groups,ou=myrealm,dc=base_domain",
"description":"OPAM_SECURITY_AUDITOR",
"users":[
{
"uid":"sec_auditor",
"lastname":"sec_auditor",
"dn":"uid=sec_auditor,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"opamgroup1",
"dn":"cn=opamgroup1,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
{
"uid":"opamenduser1",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
},
{
"uid":"opamuser1",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"opamgroup2",
"dn":"cn=opamgroup2,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
{
"uid":"opamenduser1",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
},
{
"uid":"opamuser1",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
],
"accounts":[
]
}
},
{
"group":{
"name":"opamsubgroup1",
"dn":"cn=opamsubgroup1,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
],
"accounts":[
]
}
},
{
"group":{
"name":"opamsubgroup2",
"dn":"cn=opamsubgroup2,ou=groups,ou=myrealm,dc=base_domain",
"description":"",
"users":[
],
"accounts":[
]
}
}
]
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."
The APIs described in this section include:
Use this API to create a Usage Policy.
|
URI |
https://opam_server_host:opam_ssl_port/opam/usagepolicy |
|---|---|
|
Method |
|
|
Body |
JSON representation for Usage Policy creation |
|
Returns on Success |
Status code 201 |
Example B-29 Sample JSON Representation for Usage Policy Creation
{
"usagepolicy":{
"policystatus":"active",
"policyname":"Default Usage Policy",
"description":"Default Usage Policy",
"dateorduration":"duration",
"expireddateminutesfromcheckout":7200,
"expireddate":"08\/08\/2088",
"expireddatehour":0,
"expireddateminutes":0,
"expireddateamorpm":"am",
"timezone":"America\/Los_Angeles",
"usagedates":[
{
"day":"saturday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"wednesday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"sunday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"friday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"tuesday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"thursday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"monday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
}
]
}
}
For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource." All parameters are optional, except policyname.
Use this API to retrieve a Usage Policy.
|
URI |
https://opam_server_host:opam_ssl_port/opam/usagepolicy/{policyid} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of Usage Policy |
Example B-30 Sample JSON Representation of Usage Policy
{
"usagepolicy":{
"policyid":"usagepolicy1",
"policystatus":"active",
"policyname":"Default Usage Policy",
"description":"Default Usage Policy",
"globaldefault":"y",
"dateorduration":"duration",
"expireddateminutesfromcheckout":7200,
"expireddate":"08\/08\/2088",
"expireddatehour":0,
"expireddateminutes":0,
"expireddateamorpm":"am",
"timezone":"America\/Los_Angeles",
"usagedates":[
{
"day":"saturday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"wednesday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"sunday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"friday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"tuesday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"thursday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"monday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
}
],
"accounts":[
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/c11066278022489aad758aec69d9727d",
"accountUID":"c11066278022489aad758aec69d9727d",
"accountName":"himanshu",
"status":"checkedIn",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"domain":"berkeley",
"grantees":{
"users":[
],
"roles":[
{
"role":{
"name":"Administrators",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"description":"Administrators can view and modify all resource
attributes and start and stop servers."
}
},
{
"role":{
"name":"opamgroup1",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"description":""
}
},
{
"role":{
"name":"opamgroup2",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"description":""
}
}
]
}
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/3740553e999a4f6aa8e8f9286d320cb4",
"accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
"accountName":"sherlock",
"status":"checkedOut",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"domain":"berkeley",
"grantees":{
"users":[
{
"user":{
"uid":"sec_admin",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"lastname":"sec_admin",
"dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamenduser1",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"firstname":"opamenduser1",
"lastname":"opamenduser1",
"dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamenduser2",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"lastname":"opamenduser2",
"dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamuser1",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
}
],
"roles":[
]
}
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\
/account\/154034fc5b5548caad7721e198815709",
"accountUID":"154034fc5b5548caad7721e198815709",
"accountName":"lucie",
"status":"checkedIn",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"targetUID":"9bbcbbb087174ad1900ea691a2573b61",
"domain":"berkeley",
"grantees":{
"users":[
{
"user":{
"uid":"opamuser1",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"lastname":"opamuser1",
"dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
}
},
{
"user":{
"uid":"opamenduser2",
"usagepolicy":"usagepolicy1",
"usagepolicyname":"Default Usage Policy",
"lastname":"opamenduser2",
"dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
}
}
],
"roles":[
]
}
}
}
]
}
}
Where:
usagepolicy is a usagepolicy JSON object.
policyid is the Usage Policy's unique identifier.
policystatus is set to active or disabled.
policyname is a name of the policy
description is a description of the policy.
globaldefault indicates whether the policy is the global default policy or not.
dateorduration indicates how the expiration time is calculated.
If set to date, then expireddate, expireddatehour, expireddateminutes, and expireddateamorpm are used.
If set to duration, then expireddateminutesfromcheckout is used.
Where:
expireddate is the date of expiration.
expireddatehour.hour are integer values between 0 and 12.
expireddateminutes.minutes are integer values between 0 and 60.
expireddateamorpm is a.m. or p.m.
expireddateminutesfromcheckout are minutes from checkout.
timezone is a time zone for the Usage Policy.
usagedates is an array, where each value represents the check out time for individual days.
day is a day of the week, where acceptable values are sunday, monday, tuesday, wednesday, thursday, friday, and saturday.
Use the following attributes to indicate a range from and to:
fromhour is an integer value between 0 and 12.
fromminutes is a n integer value between 0 and 60.
fromamorpm is a.m. or p.m.
tohour is a n integer value between 0 and 12.
tominutes is a n integer value between 0 and 60.
toamorpm is a.m. or p.m.
Use this API to update a Usage Policy. You can update all attributes, except policyid, and you can update multiple attributes at a time.
|
URI |
https://opam_server_host:opam_ssl_port/opam/usagepolicy/{policyid} |
|---|---|
|
Method |
|
|
Body |
JSON representation of Usage Policy modification |
|
Returns on Success |
Status code 200 |
Example B-31 Sample JSON Representation of Usage Policy Modification
{
"modifications":[
{
"modification":{
"usagedates":[
{
"day":"saturday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
},
{
"day":"wednesday",
"fromhour":"12",
"fromminutes":"0",
"fromamorpm":"am",
"tohour":"12",
"tominutes":"0",
"toamorpm":"am"
}
]
}
},
{
"modification":{
"expireddatehour":2
}
}
]
}
Where:
modifications are an array of modification JSON objects.
modification is a JSON object representing a single attribute.
You must update the usagedates and expireddatehour attributes on the target. Their value is updated to the value provided with them.
The APIs described in this section include:
Use this API to create a Password Policy.
|
URI |
https://opam_server_host:opam_ssl_port/opam/passwordpolicy |
|---|---|
|
Method |
|
|
Body |
JSON representation for Password Policy creation |
|
Returns on Success |
Status code 201 |
Example B-32 Sample JSON Representation for Password Policy Creation
{
"passwordpolicy":{
"policystatus":"active",
"policyname":"Default Password Policy",
"description":"Default Password Policy",
"passwordchangedurationunit":"days",
"passwordchangedurationvalue":30,
"changeoncheckin":"y",
"changeoncheckout":"y",
"passwordcharsmin":8,
"passwordcharsmax":8,
"passwordalphabeticmin":1,
"passwordnumericmin":1,
"passwordalphanumericmin":2,
"passworduniquemin":1,
"passworduppercasemin":1,
"passwordlowercasemin":1,
"passwordspecialmin":0,
"passwordspecialmax":0,
"passwordrepeatedmin":0,
"passwordrepeatedmax":1,
"startingchar":"n",
"isaccountnameallowed":"n",
"requiredchars":[
"a",
"h",
"j"
],
"allowedchars":[
"b",
"t",
"y",
"p",
"u",
"r",
"o",
"k",
"1",
"2",
"=",
"M",
"a",
"h",
"j"
],
"disalloweddchars":[
"7",
"8",
"l"
]
}
}
All attributes are optional, except policyname.
Use this API to retrieve a Password Policy.
|
URI |
https://opam_server_host:opam_ssl_port/opam/passwordpolicy/{policyid} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of Password Policy |
Example B-33 Sample JSON Representation of Password Policy
{
"passwordpolicy":{
"policyid":"passwordpolicy2",
"policystatus":"active",
"policyname":"Default Password Policy",
"description":"Default Password Policy",
"globaldefault":"y",
"passwordchangedurationunit":"days",
"passwordchangedurationvalue":30,
"changeoncheckin":"y",
"changeoncheckout":"y",
"passwordcharsmin":8,
"passwordcharsmax":8,
"passwordalphabeticmin":1,
"passwordnumericmin":1,
"passwordalphanumericmin":2,
"passworduniquemin":1,
"passworduppercasemin":1,
"passwordlowercasemin":1,
"passwordspecialmin":0,
"passwordspecialmax":0,
"passwordrepeatedmin":0,
"passwordrepeatedmax":1,
"startingchar":"n",
"isaccountnameallowed":"n",
"requiredchars":[
"a",
"h",
"j"
],
"allowedchars":[
"b",
"t",
"y",
"p",
"u",
"r",
"o",
"k",
"1",
"2",
"=",
"M",
"a",
"h",
"j"
],
"disalloweddchars":[
"7",
"8",
"l"
],
"accounts":[
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/3740553e999a4f6aa8e8f9286d320cb4",
"accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
"accountName":"sherlock",
"status":"checkedOut",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"domain":"berkeley",
"grantees":{
"users":[
],
"roles":[
]
}
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/c11066278022489aad758aec69d9727d",
"accountUID":"c11066278022489aad758aec69d9727d",
"accountName":"himanshu",
"status":"checkedIn",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"domain":"berkeley",
"grantees":{
"users":[
],
"roles":[
]
}
}
},
{
"account":{
"uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\
/154034fc5b5548caad7721e198815709",
"accountUID":"154034fc5b5548caad7721e198815709",
"accountName":"lucie",
"status":"checkedIn",
"targetName":"hhsharma-ldap",
"targetType":"ldap",
"domain":"berkeley",
"grantees":{
"users":[
],
"roles":[
]
}
}
}
]
}
}
Where:
passwordpolicy is a passwordpolicy JSON object.
policyid is the policy's unique identifier.
policystatus is the policy's status, where acceptable values are active or disabled.
policyname is the policy name
description is a description of the policy.
globaldefault indicates whether the policy is a global default or not.
dateorduration indicates how the expiration time is calculated.
If set to date, then expireddate, expireddatehour, expireddateminutes, and expireddateamorpm are used.
If set to duration, then expireddateminutesfromcheckout is used.
Where:
expireddate is the date of expiration.
expireddatehour.hour are integer values between 0 and 12.
expireddateminutes.minutes are integer values between 0 and 60.
expireddateamorpm is a.m. or p.m.
expireddateminutesfromcheckout are minutes from checkout.
timezone is a time zone for the Usage Policy.
usagedates is an array, where each value represents the check out time for individual days.
day is a day of the week, where acceptable values are sunday, monday, tuesday, wednesday, thursday, friday, and saturday.
For other attribute definitions, refer to Section B.2, "Account Resource."
Use this API to delete a Password Policy.
|
URI |
https://opam_server_host:opam_ssl_port/opam/passwordpolicy/{policyid} |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status 200 |
Use this API to update a Usage Policy. You can update all of the attributes, except policyid, and you can update multiple attributes at a time.
|
URI |
https://opam_server_host:opam_ssl_port/opam/passwordpolicy/{policyid} |
|---|---|
|
Method |
|
|
Body |
JSON representation for Password Policy modification |
|
Returns on Success |
Status code 201 |
Example B-34 Sample JSON Representation of Password Policy Modification
{
"modifications":[
{
"modification":{
"disalloweddchars":[
"4",
"6"
]
}
},
{
"modification":{
"passwordalphabeticmin":2
}
}
]
}
Where:
modifications is an array of modification JSON objects.
modification is a JSON object representing a single attribute.
You must update the disalloweddchars and passwordalphabeticmin attributes on the target. These attribute values are updated to the values provided with them.
The APIs described in this section include:
Use this API to search for the accounts. This API is a contains search, using one or more of the following parameters:
policystatus
policyname
accountname
All of the parameters are optional.
|
URI |
https://opam_server_host:opam_ssl_port/opam/policy/search?param1=val1¶m2=val2 |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of policies |
Example B-35 Sample JSON Representation of Policies
{
"usagepolicies":[
{
"policyname":"Default Usage Policy",
"policyid":"usagepolicy1",
"policystatus":"active",
"globaldefault":"y"
}
],
"passwordpolicies":[
{
"policyname":"Default Password Policy",
"policyid":"passwordpolicy2",
"policystatus":"active",
"globaldefault":"y"
}
]
}
Where:
usagepolicies are an array of Usage Policies.
passwordpolicies are an array of Password Policies.
policyname is the policy name.
policyid is the policy's unique identifier.
policystatus is the policy status, where acceptable values are active or disabled.
Use this API to get the Default Usage Policy and Default Password Policy.
|
URI |
https://opam_server_host:opam_ssl_port/opam/policy/default |
|---|---|
|
Method |
|
|
Body |
|
|
Returns on Success |
Status code 200 and JSON representation of policies |
Example B-36 Sample JSON Representation of Policies
{
"usagepolicies":[
{
"policyname":"Default Usage Policy",
"policyid":"usagepolicy1",
"policystatus":"active"
}
],
"passwordpolicies":[
{
"policyname":"Default Password Policy",
"policyid":"passwordpolicy2",
"policystatus":"active"
}
]
}
Where:
usagepolicies is an array of Usage Policies.
passwordpolicies is an array of Password Policies.
policyname is the policy name.
policyid is the policy's unique identifier.
policystatus is the policy status, where acceptable values are active or disabled.
This attribute only returns the default policies, Default Usage Policy and Default Password Policy.