Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager
11g Release 2 (11.1.2)

Part Number E27152-02
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

B Working with Oracle Privileged Account Manager's RESTful Interface

While Oracle Privileged Account Manager can be consumed through several client interfaces, its fundamental access mechanism or layer is encapsulated in its RESTful interfaces.

All interactions with Oracle Privileged Account Manager's server that are being used by external parties, such as a non-Oracle Privileged Account Manager server, are exposed through RESTful interfaces. All externally visible Oracle Privileged Account Manager resources are modeled by URIs, while standard HTTP operations are mapped to relevant Oracle Privileged Account Manager operations on those resources.

This appendix describes Oracle Privileged Account Manager's RESTful interface. The specific APIs that are exposed through this interface are documented in the following sections:

Note:

You can also use Oracle Privileged Account Manager's web-based Console or command line tool to perform tasks described in this appendix.

Refer to Chapter 5, "Configuring and Managing Oracle Privileged Account Manager" or Appendix A, "Working with the Command Line Tool" for more information.

B.1 Target Resource

The APIs described in this section include:

B.1.1 Get Target Attributes

Use this API to retrieve a list of the attributes that are associated with all of the target types.

You can use the list of supported target types, along with these attributes, to create the JSON object required to add a target. Refer to Section B.1.2, "Add a Target" for more information.

Note:

You must have a JSON browser extension, such as Firefox JSONview, to create the JSON object.

URI

https://opam_server_host:opam_ssl_port/opam/target/attributes/{locale}

Method

GET

Returns on Success

Status code 200 and the JSON representation of target types, along with the attributes associated with them.


Sample URI

https://opam_server_host:opam_ssl_port/opam/target/attributes/en

Example B-1 JSON Output of Supported Target Types with Attributes

{
   "TargetAttributes":[
      {
         "TargetType":"ldap",
         "DisplayName":"ldap",
         "BasicAttributes":[
            {
               "name":"targetName",
               "type":"string",
               "description":"",
               "label":"Target Name",
               "mask":"false",
               "array":"false",
               "required":"true"
            },
            {
               "name":"description",
               "type":"string",
               "description":"",
               "label":"Description",
               "mask":"false",
               "array":"false",
               "required":"false"
            },
            {
               "name":"organization",
               "type":"string",
               "description":"",
               "label":"Organization",
               "mask":"false",
               "array":"false",
               "required":"false"
            },
            {
               "name":"domain",
               "type":"string",
               "description":"",
               "label":"Domain",
               "mask":"false",
               "array":"false",
               "required":"true"
            },
            {
               "name":"host",
               "type":"string",
               "description":"",
               "label":"Host",
               "mask":"false",
               "array":"false",
               "required":"true"
            },
            {
               "name":"port",
               "type":"int",
               "description":"TCP/IP port number used to communicate with the LDAP server.",
               "label":"TCP Port",
               "default":"",
               "mask":"false",
               "array":"false",
               "required":"true"
            },
            {
               "name":"ssl",
               "type":"boolean",
               "description":"Select the check box to connect to the LDAP server using SSL.",
               "label":"SSL",
               "default":"false",
               "mask":"false",
               "array":"false",
               "required":"true"
            },
            {
               "name":"principal",
               "type":"string",
               "description":"The distinguished name with which to authenticate

                  to the LDAP server.",
               "label":"Principal",
               "default":"",
               "mask":"false",
               "array":"false",
               "required":"true"
            },
            {
               "name":"credentials",
               "type":"string",
               "description":"Password for the principal.",
               "label":"Password",
               "default":"",
               "mask":"true",
               "array":"false",
               "required":"true"
            },
            {
               "name":"baseContexts",
               "type":"string",
               "description":"One or more starting points in the LDAP tree that will be used 

                  when searching the tree. Searches are performed when discovering users from 

                  the LDAP server or when looking for the groups of which a user is a member.",
               "label":"Base Contexts",
               "default":[
 
               ],
               "mask":"false",
               "array":"true",
               "required":"true"
            },
            {
               "name":"accountNameAttribute",
               "type":"string",
               "description":"Attribute which holds the account's user name.",
               "label":"Account User Name Attribute",
               "default":"uid",
               "mask":"false",
               "array":"false",
               "required":"true"
            }
         ],
         "AdvancedAttributes":[
            {
               "name":"uidAttribute",
               "type":"string",
               "description":"The name of the LDAP attribute which is mapped

                  to the Uid attribute.",
               "label":"Uid Attribute",
               "default":"uid",
               "mask":"false",
               "array":"false",
               "required":"false"
            },
            {
               "name":"accountSearchFilter",
               "type":"string",
               "description":"An optional LDAP filter to control which accounts are returned 

                  from the LDAP resource. If no filter is specified, only accounts that include 

                  all specified object classes are returned.",
               "label":"LDAP Filter for Retrieving Accounts",
               "default":"(uid=*)",
               "mask":"false",
               "array":"false",
               "required":"false"
            },
            {
               "name":"passwordAttribute",
               "type":"string",
               "description":"The name of the LDAP attribute which holds the password. 

                  When changing an user's password, the new password is set to this attribute.",
               "label":"Password Attribute",
               "default":"userpassword",
               "mask":"false",
               "array":"false",
               "required":"false"
            },
            {
               "name":"accountObjectClasses",
               "type":"string",
               "description":"The object class or classes that will be used when 

                  creating new user objects in the LDAP tree. When entering more than one 

                  object class, each entry should be on its own line; do not use commas or

                  semi-colons to separate multiple object classes. Some object classes 

                  may require that you specify all object classes in the class hierarchy.",
               "label":"Account Object Classes",
               "default":[
                  "top",
                  "person",
                  "organizationalPerson",
                  "inetOrgPerson"
               ],
               "mask":"false",
               "array":"true",
               "required":"false"
            }
         ]
      }
   ]
}

Where:

  • TargetAttributes is an array of objects, where each object represents a target type.

  • TargetType is the target type.

  • DisplayName is how the target type name should display.

  • BasicAttributes is an array of objects, where each object represents basic attributes for the target type.

  • AdvancedAttributes is an array of objects, where each object represents advanced attributes for the target type.

  • name is the attribute name to use when constructing the target JSON to create a target.

  • type is the attribute type. Acceptable values include string, int, boolean, or lov (list of values).

  • description is a helpful description of the attribute.

  • label is how the attribute name should display.

  • default is a default value for the attribute.

    Specify a single value if the array parameter is false or specify an array of values if array is true.

  • mask hides sensitive values, such as credentials.

    • Specify true to hide attributes.

    • Specify false if hiding attributes is not necessary.

  • array indicates whether the attribute is single-valued or an array of multiple values.

    • Specify true if the attribute is an array of multiple values.

    • Specify false if the attribute is single-valued.

  • required indicates whether the attribute are mandatory or optional.

    • Specify true for mandatory attributes.

    • Specify false for optional attributes.

B.1.2 Add a Target

Use this API to add a target.

Note:

First, you must obtain a list of attributes for the target type as described in Section B.1.1, "Get Target Attributes." You use these attributes to create the JSON object sent in the body.

URI

https://opam_server_host:opam_ssl_port/opam/target

Method

POST

Body

JSON representation of target for addition/test

Returns on Success

Status code 201 Created and Location


Example B-2 Sample JSON Representation of Target for Addition

{
   "target":{
      "targetType":"ldap",
      "targetName":"hhsharma-ldap2",
      "host":"opam_server_host",
      "domain":"berkeley",
      "description":"Ldap target",
      "organization":"ST-US",
      "credentials":"welcome",
      "uidAttribute":"uid",
      "port":"9876",
      "passwordAttribute":"userpassword",
      "principal":"cn=orcladmin",
      "accountSearchFilter":"(uid=*)",
      "baseContexts":[
         "cn=Users,c=US"
      ],
      "ssl":"false",
      "accountObjectClasses":[
         "top",
         "person",
         "organizationalPerson",
         "inetOrgPerson"
      ],
      "accountNameAttribute":"uid"
   }
}

Sample Output

https://opam_server_host:opam_ssl_port/opam/target
/9bbcbbb087174ad1900ea691a2573b61 as the Location.

Where:

  • target is the target JSON object.

  • targetName is the name of the target.

  • targetType is the target type.

All of the other attributes are dynamic and they correspond to the attributes in Section B.1.1, "Get Target Attributes."

B.1.3 Verify a Target

Use this API to verify a target.

Note:

First, you must obtain a list of attributes for the target type. Refer to Section B.1.1, "Get Target Attributes," to create the JSON object to be sent in the body.

URI

https://opam_server_host:opam_ssl_port/opam/target/test

Method

PUT

Body

JSON representation of target for addition/test

Returns on Success

Status code 200


Example B-3 Sample JSON Representation of Target for Addition/Verification

{
   "target":{
      "targetType":"ldap",
      "targetName":"hhsharma-ldap2",
      "host":"opam_server_host",
      "domain":"berkeley",
      "description":"Ldap target",
      "organization":"ST-US",
      "credentials":"welcome",
      "uidAttribute":"uid",
      "port":"9876",
      "passwordAttribute":"userpassword",
      "principal":"cn=orcladmin",
      "accountSearchFilter":"(uid=*)",
      "baseContexts":[
         "cn=Users,c=US"
      ],
      "ssl":"false",
      "accountObjectClasses":[
         "top",
         "person",
         "organizationalPerson",
         "inetOrgPerson"
      ],
      "accountNameAttribute":"uid"
   }
}

Where:

  • target is the target JSON object.

  • targetName is the name of the target.

  • targetType is the target type.

All of the other attributes are dynamic and they correspond to the attributes in Section B.1.1, "Get Target Attributes."

B.1.4 Retrieve a Target

Use this API to retrieve a target.

URI

https://opam_server_host:opam_ssl_port/opam/target/{targetUID}

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of target


Example B-4 Sample JSON Representation of Target

{
   "target":{
      "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
      "targetType":"ldap",
      "targetName":"hhsharma-ldap",
      "host":"opam_server_host",
      "domain":"berkeley",
      "description":"Ldap target",
      "organization":"ST-US",
      "credentials":"welcome",
      "uidAttribute":"uid",
      "port":"9876",
      "passwordAttribute":"userpassword",
      "principal":"cn=orcladmin",
      "accountSearchFilter":"(uid=*)",
      "baseContexts":[
         "cn=Users,c=US"
      ],
      "ssl":"false",
      "accountObjectClasses":[
         "top",
         "person",
         "organizationalPerson",
         "inetOrgPerson"
      ],
      "accountNameAttribute":"uid",
      "accounts":[
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

                  /c11066278022489aad758aec69d9727d"
            }
         },
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

                  /3740553e999a4f6aa8e8f9286d320cb4"
            }
         }
      ]
   }
}

Where:

  • target is the target JSON object.

  • targetUID is the target's unique identifier.

  • targetName is the name of the target.

  • targetType is target type.

  • accounts is an array of accounts that are associated with the target.

  • account is the account JSON object containing the account's URI.

  • uri is the account's URI.

All of the other attributes are dynamic and they correspond to the attributes in Section B.1.1, "Get Target Attributes."

B.1.5 Update a Target

Use this API to update a target.

You can change all of the attributes, except targetType and targetUID, and you can change multiple attributes at a time.

URI

https://opam_server_host:opam_ssl_port/opam/target/{targetUID}

Method

PUT

Body

JSON representation of Target Modification

Returns on Success

Status code 201


Example B-5 Sample JSON Object to Modify Target

{
   "modifications":[
      {
         "modification":{
            "host":"opam_server_host:opam_ssl_port
         }
      },
      {
         "modification":{
            "port":"6000"
         }
      }
   ]
}

Where:

  • targetUID is the target's unique identifier.

  • modifications is an array of modification JSON objects.

  • modification is a JSON object representing the modification of a single attribute.

For this API, you must update the host and port attributes on the target. Their value is updated to the value provided with them.

B.1.6 Remove a Target

Use this API to delete a target.

URI

https://opam_server_host:opam_ssl_port/opam/target/{targetUID}

Method

DELETE

Body

 

Returns on Success

Status code 200


B.1.7 Search for Targets

Use this API to search for a target using any of the following request parameters:

  • type

  • domain

  • org

  • name

  • hostname

All of these parameters are optional.

URI

https://opam_server_host:opam_ssl_port/opam/target/search?param1=value1&param2=value2

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of Target Collection


Sample URIs:

https://opam_server_host:opam_ssl_port/opam/target/search?

Returns all targets

https://opam_server_host:opam_ssl_port/opam/target/search?type=ldap&org=us

Returns all targets whose type contains ldap and org contains us.


Example B-6 Sample JSON Representation of Target Collection

{
   "Target Collection":[
      {
         "target":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/target\

               /9bbcbbb087174ad1900ea691a2573b61",
            "type":"ldap",
            "name":"hhsharma-ldap",
            "host":"opam_server_host",
            "domain":"berkeley"
         }
      },
      {
         "target":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/target\

               /ac246a162ce948c7b1cdcc17dfc92c15",
            "type":"ldap",
            "name":"hhsharma-ldap2",
            "host":"opam_server_host:opam_ssl_port",
            "domain":"berkeley"
         }
      }
   ]
}

Where:

  • Target Collection is an array of target JSON objects.

  • target is the target JSON object.

  • uri is the target resource URI.

  • type is the target type.

  • hostname is the target's host name.

  • name is the target name.

  • org is the target's organization.

  • domain is the target's domain.

B.1.8 Get Available Accounts

Use this API to retrieve all of the accounts present on the target system.

URI

https://opam_server_host:opam_ssl_port/opam/target/attributes/{locale}

Method

GET

Body

 

Returns on Success

Status code 200 OK and JSON representation of account collection


Example B-7 Sample JSON Representation of Account Collection

{
   "AvailableAccounts":[
      {
         "accountName":"SCOTT",
         "accountUid":"SCOTT"
      },
      {
         "accountName":"BLAKE",
         "accountUid":"BLAKE "
      },
      {
         "accountName":"JONES",
         "accountUid":"JONES"
      }
   ]
}

Where:

  • AvailableAccounts is an array of the accounts present on the target system.

  • accountName is the account name.

  • accountUID is the account's unique identifier.

B.1.9 Retrieve Accounts Registered on a Target

Use this API to retrieve all the accounts on the target that are registered with Oracle Privileged Account Manager.

URI

https://opam_server_host:opam_ssl_port/opam/target/{targetUID}/accounts

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of URI collection of accounts


Example B-8 Sample JSON Representation of URI Collection of Accounts

{
   "URI Collection":[
      {
         "account":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

               /3740553e999a4f6aa8e8f9286d320cb4",
            "accountName":"sherlock"
         }
      },
      {
         "account":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

               /c11066278022489aad758aec69d9727d",
            "accountName":"himanshu"
         }
      }
   ]
}

Where:

  • URI Collection is an array of accounts on a target that are registered with Oracle Privileged Account Manager.

  • account is the account JSON object.

  • uri is the account's URI.

  • accountName is the account name.

B.1.10 Get Target Types

Use this API to retrieve a list of all supported target types.

URI

https://opam_server_host:opam_ssl_port/opam/target/types

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of supported target types


Example B-9 Sample JSON Representation of Supported Target Types

{
   "targettypes":[
      "ldap",
      "unix",
      "database"
   ]
}

Where:

  • targettypes are the supported target types.

B.2 Account Resource

The APIs described in this section include:

B.2.1 Add an Account to a Target

Use this API to add an account to the target. This API does not create an account on the target system, but it registers the existing account with the OPAM target.

URI

https://opam_server_host:opam_ssl_port/opam/account

Method

POST

Body

JSON representation for account addition/verification

Returns on Success

Status code 201 and Location


Example B-10 Sample JSON Representation of Account for Addition/Verification

{
   "account":{
      "accountName":"lucie",
      "passwordpolicy":"passwordpolicy2",
      "shared":"true",
      "targetUID":"9bbcbbb087174ad1900ea691a2573b61"
   }
}

Where:

  • account is the account JSON object.

  • accountName is the name of the account.

  • passwordpolicy is the policy ID of the Password Policy applicable to the account. This parameter is optional. By default, this parameters uses the global Default Password Policy.

  • shared indicates the shared status of the account. This value is a Boolean and the default setting is false.

  • targetUID is the target's unique identifier.

B.2.2 Verify an Account

Use this API to verify whether the account is present on the target system.

URI

https://opam_server_host:opam_ssl_port/opam/account/test

Method

PUT

Body

JSON representation for account addition/verification

Returns on Success

Status code 200


Example B-11 Sample JSON Representation of Account Addition/Verification

{
   "account":{
      "accountName":"lucie",
      "passwordpolicy":"passwordpolicy2",
      "shared":"true",
      "targetUID":"9bbcbbb087174ad1900ea691a2573b61"
   }
}

Where:

  • account is the account JSON object.

  • accountName is the name of the account.

  • passwordpolicy is the policy ID of the Password Policy applicable to the account. This parameter is optional. By default, this parameters uses the global Default Password Policy.

  • shared indicates the shared status of the account. This value is a Boolean and the default setting is false.

  • targetUID is the target's unique identifier.

B.2.3 Retrieve an Account

Use this API to retrieve an account.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of account


Example B-12 Sample JSON Representation of Account

{
   "account":{
      "accountUID":"3f74a85e39e64432ba917a2e60fa15aa",
      "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
      "accountName":"lucie",
      "shared":true,
      "status":"checkedIn",
      "usagepolicy":"usagepolicy1",
      "passwordpolicyname":"Default Password Policy",
      "passwordpolicy":"passwordpolicy2",
      "grantees":{
         "users":[
            "opamuser1"
         ],
         "roles":[
            "opamgroup1"
         ]
      }
   }
}

Where:

  • account is the account JSON object.

  • accountUID is the account's unique identifier.

  • accountName is the name of the account.

  • passwordpolicy is the policy ID of the Password Policy applicable to the account.

  • passwordpolicyname is the name of the applicable Password Policy.

  • shared indicates the shared status of the account. This value is a Boolean and the default setting is false.

  • targetUID is target's unique identifier.

  • status indicates whether the account has been checked in by anyone. Acceptable values are checkedIn and checkedOut.

  • grantees are grantees of the account.

  • users are users who have been granted the account. Each value is the user's login ID/UID.

  • roles are groups or roles that have been granted the account. Each value is a group name of the group.

B.2.4 Reset Password

Use this API to reset the password on the account.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/resetpassword

Method

PUT

Body

JSON representation of the new password

Returns on Success

Status code 200


Example B-13 Sample JSON Representation of the New Password

{
   "password":"welcome1"
}

Where:

  • accountUID is the account's unique identifier.

B.2.5 Update an Account

Use this API to update an account. You can change multiple attributes at a time. Only usagepolicy and shared attributes can be updated.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}

Method

PUT

Body

JSON representation of account modifications

Returns on Success

Status code 200


Example B-14 Sample JSON Representation of Account Modifications

{
   "modifications":[
      {
         "modification":{
            "passwordpolicy":"passwordpolicy2"
         }
      },
      {
         "modification":{
            "shared":"false"
         }
      }
   }
}

Where:

  • accountUID is the account's unique identifier.

  • modifications are an array of modification JSON objects.

  • modification is a JSON object representing the modification of a single attribute.

B.2.6 Remove an Account

Use this API to remove an account.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID

Method

DELETE

Body

 

Returns on Success

Status code 200


Where:

  • accountUID is the account's unique identifier.

B.2.7 Grant a User/Role Access to an Account

Use this API to grant a user or role access to an account. Multiple users and roles can be granted the access at a time.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}

Method

PUT

Body

JSON representation for adding grantees

Returns on Success

Status code 200


Example B-15 Sample JSON Representation for Adding Grantees

{
   "modifications":[
      {
         "modification":{
            "usagepolicy":"usagepolicy1",
            "role":"opamgroup1",
            "operation":"add"
         }
      },
      {
         "modification":{
            "usagepolicy":"usagepolicy1",
            "user":"opamuser1",
            "operation":"add"
         }
      }
   ]
}

Where:

  • accountUID is the account's unique identifier.

  • modifications are an array of modification JSON objects.

  • modification is a JSON object representing the modification of a single attribute.

  • role indicates that a group has to be granted an access. This parameter value is the group name.

  • user indicates that a user has to be granted an access. This parameter value is the user login id.

  • usagepolicy indicates the Usage Policy identifier to be applied to the grant.

  • operation indicates the type of operation to be performed. Acceptable values include:

    • add indicates grant.

    • delete indicates revocation.

    • replace indicates replacement of usagepolicy with a new value.

B.2.8 Remove a User's/Role's Access to an Account

Use this API to remove a user's access or a role's access to an account. You can revoke multiple user and role grants at a time.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}

Method

PUT

Body

JSON representation for removing grantees

Returns on Success

Status code 200


Example B-16 Sample JSON Representation for Removing Grantees

{
   "modifications":[
      {
         "modification":{
            "usagepolicy":"usagepolicy1",
            "role":"opamgroup1",
            "operation":"delete"
         }
      },
      {
         "modification":{
            "usagepolicy":"usagepolicy1",
            "user":"opamuser1",
            "operation":"delete"
         }
      }
   ]
}

Where:

  • accountUID is the account's unique identifier.

  • modifications are an array of modification JSON objects.

  • modification is a JSON object representing a single modification.

  • role indicates that a group has to be granted an access. This parameter value is the group name.

  • user indicates that a user has to be granted an access. This parameter value is the user login id.

  • usagepolicy indicates the Usage Policy identifier to be applied to the grant.

  • operation indicates the type of operation to be performed. Acceptable values include:

    • add indicates a grant.

    • delete indicates a revocation.

    • replace indicates the replacement of the usagepolicy with a new value.

B.2.9 Retrieve Grantees on an Account

Use this API to retrieve all the grantees of an account. A grantee can be a user or a role.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/grantees

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of Grantees


Example B-17 Sample JSON Representation of Grantees

{
   "grantees":{
      "users":[
         "opamuser1"
      ],
      "roles":[
         "opamgroup1"
      ]
   }
}

Where:

  • grantees are grantees of the account.

  • users are the users who have been granted the account. Each value is the user's login ID/UID.

  • roles are the groups or roles who have been granted the account. Each value is a group name.

B.2.10 Check Out an Account

Use this API to check out an account.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/checkout

Method

PUT

Body

 

Returns on Success

Status code 200 and JSON representation of account token


Example B-18 Sample JSON Representation of Account Token

{
   "accountToken":{
      "accountName":"lucie",
      "accountUID":"3f74a85e39e64432ba917a2e60fa15aa",
      "accountPassword":"GJN8p2ol"
   }
}

Where:

  • accountUID is the account's unique identifier.

  • accountName is the name of the account.

  • accountpassword is the account password.

B.2.11 Check In an Account

Use this API to check in an account.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/checkin

Method

PUT

Body

 

Returns on Success

Status code 200


B.2.12 Retrieve Users Who Checked Out an Account

Use this API to retrieve a list of all users who have currently checked out an account.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/whocheckedout

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of users who checked out the account.


Example B-19 Sample JSON Representation of Users Who Checked Out the Account

{
   "users":[
      {
         "user":{
            "uid":"sec_admin",
            "lastname":"sec_admin",
            "dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain",
            "expiryTime":1338765551,
            "checkoutTime":1338333551,
            "timezone":"America\/Los_Angeles"
         }
      }
   ]
}

Where:

  • uid is the user's unique identifier.

  • lastname is the user's last name.

  • dn is the distinguished name of the user.

  • expiryTime is the expiration time of the check out session. This parameter value is the UNIX time.

  • checkoutTime is the time at which the account was checked out. This parameter value is the UNIX time.

  • timezone indicates the time zone applicable to expiryTime and checkOutTime.

B.2.13 Show Password

Use this API to retrieve and display the password associated with an account.

URI

https://opam_server_host:opam_ssl_port/opam/account/{accountUID}/showpassword

Method

PUT

Body

 

Returns on Success

Status code 200 and JSON representation of account token


Example B-20 Sample JSON Representation of Account Token

{
   "accountToken":{
      "accountName":"lucie",
      "accountUID":"3f74a85e39e64432ba917a2e60fa15aa",
      "accountPassword":"GJN8p2ol"
   }
}

Where:

  • accountUID is the account's unique identifier.

  • accountName is the name of the account.

  • accountPassword is the account password.

B.3 UI Resource

The APIs described in this section include:

B.3.1 Search Accounts

Use this API to search accounts using one or more of the following search request parameters:

  • type

  • domain

  • org

  • name

  • accountname

All of these parameters are optional.

URI

https://opam_server_host:opam_ssl_port/opam/ui/allaccounts/search?param1=val1&param2=val2

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of account collection


Example B-21 Sample JSON Representation of Account Collection

{
   "AccountCollection":[
      {
         "account":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

               /3740553e999a4f6aa8e8f9286d320cb4",
            "accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
            "accountName":"sherlock",
            "status":"checkedOut",
            "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
            "targetName":"hhsharma-ldap",
            "targetType":"ldap",
            "domain":"berkeley",
            "disabled":"false",
            "grantees":{
               "users":[
 
               ],
               "roles":[
 
               ]
            }
         }
      },
      {
         "account":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

               /c11066278022489aad758aec69d9727d",
            "accountUID":"c11066278022489aad758aec69d9727d",
            "accountName":"himanshu",
            "status":"checkedIn",
            "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
            "targetName":"hhsharma-ldap",
            "targetType":"ldap",
            "domain":"berkeley",
            "disabled":"true",
            "grantees":{
               "users":[
 
               ],
               "roles":[
 
               ]
            }
         }
      },
      {
         "account":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

               /154034fc5b5548caad7721e198815709",
            "accountUID":"154034fc5b5548caad7721e198815709",
            "accountName":"lucie",
            "status":"checkedIn",
            "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
            "targetName":"hhsharma-ldap",
            "targetType":"ldap",
            "domain":"berkeley",
            "disabled":"true",
            "grantees":{
               "users":[
 
               ],
               "roles":[
 
               ]
            }
         }
      }
   ],
   "count":3
}

Where:

  • disabled indicates the user's grant access to the account.

    • If set to true, the user has grant access to the account.

    • If set to false, the user is an administrator who can view the account, but cannot check out the account.

For all other attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.3.2 Get All Checked Out Accounts

Use this API to retrieve a list of all accounts that have been checked out by the logged in user.

URI

https://opam_server_host:opam_ssl_port/ui/allaccounts/mycheckedout

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of account collection


Example B-22 Sample JSON Representation of Account Collection

{
   "AccountCollection":[
      {
         "account":{
            "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

               /3740553e999a4f6aa8e8f9286d320cb4",
            "accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
            "accountName":"sherlock",
            "status":"checkedOut",
            "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
            "targetName":"hhsharma-ldap",
            "targetType":"ldap",
            "domain":"berkeley",
            "policyname":"Default Usage Policy",
            "policyid":"usagepolicy1",
            "expiryTime":1338765551,
            "timezone":"America\/Los_Angeles",
            "grantees":{
               "users":[
 
               ],
               "roles":[
 
               ]
            }
         },
         "count":1
      }
   ]
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.4 User Resource

The APIs described in this section include:

B.4.1 Get a User

Use this API to retrieve a user.

URI

https://opam_server_host:opam_ssl_port/opam/user/{uid}

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of user


Example B-23 Sample JSON Representation of User

{
   "user":{
      "uid":"opamuser1",
      "lastname":"opamuser1",
      "usertype":"End-User",
      "opamrole":[
 
      ],
      "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain",
      "accounts":[
         {
            "accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
            "accountName":"sherlock",
            "targetType":"ldap",
            "targetName":"hhsharma-ldap",
            "targetDomain":"berkeley"
         },
         {
            "accountUID":"154034fc5b5548caad7721e198815709",
            "accountName":"lucie",
            "targetType":"ldap",
            "targetName":"hhsharma-ldap",
            "targetDomain":"berkeley"
         }
      ]
   }
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.4.2 Search Users

Use this API to search for users. This API is a contains search, using one or more of the following parameters:

  • firstname

  • lastname

  • UID (unique identifier)

  • mail

URI

https://opam_server_host:opam_ssl_port/opam/user/search/{searchKeyWord}

Method

GET

Body

 

Returns on Success

Status 200 and JSON representation of users


Example B-24 Sample JSON Representation of Users

{
   "users":[
      {
         "user":{
            "uid":"opamenduser1",
            "firstname":"opamenduser1",
            "lastname":"opamenduser1",
            "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"opamenduser2",
            "lastname":"opamenduser2",
            "dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"opamuser1",
            "lastname":"opamuser1",
            "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
         }
      }
   ]
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.4.3 Advanced Search for Users

Use this API to search for users. This API is a contains search, using one or more of the following parameters:

  • uid

  • lastname

  • firstname

All of these parameters are optional.

URI

https://opam_server_host:opam_ssl_port/opam/user/advancedsearch?param1=val1&param2=val2

Method

GET

Body

 

Returns on Success

Status 200 and JSON representation of users


Example B-25 Sample JSON Representation of Users

{
   "users":[
      {
         "user":{
            "uid":"OracleSystemUser",
            "lastname":"OracleSystemUser",
            "dn":"uid=OracleSystemUser,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"weblogic",
            "lastname":"weblogic",
            "dn":"uid=weblogic,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"app_config",
            "lastname":"app_config",
            "dn":"uid=app_config,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"sec_admin",
            "lastname":"sec_admin",
            "dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"user_manager",
            "lastname":"user_manager",
            "dn":"uid=user_manager,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"sec_auditor",
            "lastname":"sec_auditor",
            "dn":"uid=sec_auditor,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"opamenduser1",
            "firstname":"opamenduser1",
            "lastname":"opamenduser1",
            "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"opamenduser2",
            "lastname":"opamenduser2",
            "dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
         }
      },
      {
         "user":{
            "uid":"opamuser1",
            "lastname":"opamuser1",
            "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
         }
      }
   ]
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.5 Group Resource

The APIs described in this section include:

B.5.1 Get Group

Use this API to retrieve a group.

URI

https://opam_server_host:opam_ssl_port/opam/group/{name}

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of group


Example B-26 Sample JSON Representation of Group

{
   "group":{
      "name":"opamgroup1",
      "dn":"cn=opamgroup1,ou=groups,ou=myrealm,dc=base_domain",
      "description":"",
      "users":[
         {
            "uid":"opamenduser1",
            "firstname":"opamenduser1",
            "lastname":"opamenduser1",
            "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
         },
         {
            "uid":"opamuser1",
            "lastname":"opamuser1",
            "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
         }
      ],
      "groups":[
         {
            "group":{
               "name":"opamsubgroup1",
               "dn":"cn=opamsubgroup1,ou=groups,ou=myrealm,dc=base_domain",
               "description":""
            }
         },
         {
            "group":{
               "name":"opamsubgroup2",
               "dn":"cn=opamsubgroup2,ou=groups,ou=myrealm,dc=base_domain",
               "description":""
            }
         }
      ],
      "accounts":[
         {
            "accountUID":"c11066278022489aad758aec69d9727d",
            "accountName":"himanshu",
            "targetType":"ldap",
            "targetName":"hhsharma-ldap",
            "targetDomain":"berkeley"
         }
      ]
   }
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.5.2 Search Groups

Use this API to search for groups. This API is a contains search, using the group name parameter.

URI

https://opam_server_host:opam_ssl_port/opam/group/search/{searchKeyWord}

Method

GET

Body

 

Returns on Success

Status 200 and JSON representation of groups


Example B-27 Sample JSON Representation of Groups

{
   "groups":[
      {
         "group":{
            "name":"opamgroup1",
            "dn":"cn=opamgroup1,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
               {
                  "uid":"opamenduser1",
                  "firstname":"opamenduser1",
                  "lastname":"opamenduser1",
                  "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
               },
               {
                  "uid":"opamuser1",
                  "lastname":"opamuser1",
                  "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
               }
            ]
         }
      },
      {
         "group":{
            "name":"opamgroup2",
            "dn":"cn=opamgroup2,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
               {
                  "uid":"opamenduser1",
                  "firstname":"opamenduser1",
                  "lastname":"opamenduser1",
                  "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
               },
               {
                  "uid":"opamuser1",
                  "lastname":"opamuser1",
                  "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
               }
            ]
         }
      },
      {
         "group":{
            "name":"opamsubgroup1",
            "dn":"cn=opamsubgroup1,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
 
            ]
         }
      },
      {
         "group":{
            "name":"opamsubgroup2",
            "dn":"cn=opamsubgroup2,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
 
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_APPLICATION_CONFIGURATOR",
            "dn":"cn=OPAM_APPLICATION_CONFIGURATOR,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_APPLICATION_CONFIGURATOR",
            "users":[
               {
                  "uid":"app_config",
                  "lastname":"app_config",
                  "dn":"uid=app_config,ou=people,ou=myrealm,dc=base_domain"
               }
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_SECURITY_ADMIN",
            "dn":"cn=OPAM_SECURITY_ADMIN,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_SECURITY_ADMIN",
            "users":[
               {
                  "uid":"sec_admin",
                  "lastname":"sec_admin",
                  "dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
               }
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_SECURITY_AUDITOR",
            "dn":"cn=OPAM_SECURITY_AUDITOR,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_SECURITY_AUDITOR",
            "users":[
               {
                  "uid":"sec_auditor",
                  "lastname":"sec_auditor",
                  "dn":"uid=sec_auditor,ou=people,ou=myrealm,dc=base_domain"
               }
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_USER_MANAGER",
            "dn":"cn=OPAM_USER_MANAGER,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_USER_MANAGER",
            "users":[
               {
                  "uid":"user_manager",
                  "lastname":"user_manager",
                  "dn":"uid=user_manager,ou=people,ou=myrealm,dc=base_domain"
               }
            ]
         }
      }
   ]
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.5.3 Advanced Search for Groups

Use this API to search for users whose request parameters could be groupname. All of the parameters are optional.

URI

https://opam_server_host:opam_ssl_port/opam/group/advancedsearch?param1=val1&param2=val2

Method

GET

Body

 

Returns on Success

Status 200 and JSON representation of groups


Example B-28 Sample JSON Representation of Groups

{
   "groups":[
      {
         "group":{
            "name":"AdminChannelUsers",
            "dn":"cn=AdminChannelUsers,ou=groups,ou=myrealm,dc=base_domain",
            "description":"AdminChannelUsers can access the admin channel.",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"Administrators",
            "dn":"cn=Administrators,ou=groups,ou=myrealm,dc=base_domain",
            "description":"Administrators can view and modify all resource attributes 

               and start and stop servers.",
            "users":[
               {
                  "uid":"weblogic",
                  "lastname":"weblogic",
                  "dn":"uid=weblogic,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"AppTesters",
            "dn":"cn=AppTesters,ou=groups,ou=myrealm,dc=base_domain",
            "description":"AppTesters group.",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"CrossDomainConnectors",
            "dn":"cn=CrossDomainConnectors,ou=groups,ou=myrealm,dc=base_domain",
            "description":"CrossDomainConnectors can make inter-domain calls from 

               foreign domains.",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"Deployers",
            "dn":"cn=Deployers,ou=groups,ou=myrealm,dc=base_domain",
            "description":"Deployers can view all resource attributes and deploy applications.",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"Monitors",
            "dn":"cn=Monitors,ou=groups,ou=myrealm,dc=base_domain",
            "description":"Monitors can view and modify all resource attributes 

               and perform operations not restricted by roles.",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"Operators",
            "dn":"cn=Operators,ou=groups,ou=myrealm,dc=base_domain",
            "description":"Operators can view and modify all resource attributes and 

               perform server lifecycle operations.",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"OracleSystemGroup",
            "dn":"cn=OracleSystemGroup,ou=groups,ou=myrealm,dc=base_domain",
            "description":"Oracle application software system group.",
            "users":[
               {
                  "uid":"OracleSystemUser",
                  "lastname":"OracleSystemUser",
                  "dn":"uid=OracleSystemUser,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_APPLICATION_CONFIGURATOR",
            "dn":"cn=OPAM_APPLICATION_CONFIGURATOR,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_APPLICATION_CONFIGURATOR",
            "users":[
               {
                  "uid":"app_config",
                  "lastname":"app_config",
                  "dn":"uid=app_config,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_SECURITY_ADMIN",
            "dn":"cn=OPAM_SECURITY_ADMIN,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_SECURITY_ADMIN",
            "users":[
               {
                  "uid":"sec_admin",
                  "lastname":"sec_admin",
                  "dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_USER_MANAGER",
            "dn":"cn=OPAM_USER_MANAGER,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_USER_MANAGER",
            "users":[
               {
                  "uid":"user_manager",
                  "lastname":"user_manager",
                  "dn":"uid=user_manager,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"OPAM_SECURITY_AUDITOR",
            "dn":"cn=OPAM_SECURITY_AUDITOR,ou=groups,ou=myrealm,dc=base_domain",
            "description":"OPAM_SECURITY_AUDITOR",
            "users":[
               {
                  "uid":"sec_auditor",
                  "lastname":"sec_auditor",
                  "dn":"uid=sec_auditor,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"opamgroup1",
            "dn":"cn=opamgroup1,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
               {
                  "uid":"opamenduser1",
                  "firstname":"opamenduser1",
                  "lastname":"opamenduser1",
                  "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
               },
               {
                  "uid":"opamuser1",
                  "lastname":"opamuser1",
                  "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"opamgroup2",
            "dn":"cn=opamgroup2,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
               {
                  "uid":"opamenduser1",
                  "firstname":"opamenduser1",
                  "lastname":"opamenduser1",
                  "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
               },
               {
                  "uid":"opamuser1",
                  "lastname":"opamuser1",
                  "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
               }
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"opamsubgroup1",
            "dn":"cn=opamsubgroup1,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      },
      {
         "group":{
            "name":"opamsubgroup2",
            "dn":"cn=opamsubgroup2,ou=groups,ou=myrealm,dc=base_domain",
            "description":"",
            "users":[
 
            ],
            "accounts":[
 
            ]
         }
      }
   ]
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource."

B.6 Usage Policy Resource

The APIs described in this section include:

B.6.1 Create a Usage Policy

Use this API to create a Usage Policy.

URI

https://opam_server_host:opam_ssl_port/opam/usagepolicy

Method

POST

Body

JSON representation for Usage Policy creation

Returns on Success

Status code 201


Example B-29 Sample JSON Representation for Usage Policy Creation

{
   "usagepolicy":{
      "policystatus":"active",
      "policyname":"Default Usage Policy",
      "description":"Default Usage Policy",
      "dateorduration":"duration",
      "expireddateminutesfromcheckout":7200,
      "expireddate":"08\/08\/2088",
      "expireddatehour":0,
      "expireddateminutes":0,
      "expireddateamorpm":"am",
      "timezone":"America\/Los_Angeles",
      "usagedates":[
         {
            "day":"saturday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"wednesday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"sunday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"friday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"tuesday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"thursday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"monday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         }
      ]
   }
}

For attribute definitions, refer to Section B.1, "Target Resource" and Section B.2, "Account Resource." All parameters are optional, except policyname.

B.6.2 Retrieve a Usage Policy

Use this API to retrieve a Usage Policy.

URI

https://opam_server_host:opam_ssl_port/opam/usagepolicy/{policyid}

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of Usage Policy


Example B-30 Sample JSON Representation of Usage Policy

{
   "usagepolicy":{
      "policyid":"usagepolicy1",
      "policystatus":"active",
      "policyname":"Default Usage Policy",
      "description":"Default Usage Policy",
      "globaldefault":"y",
      "dateorduration":"duration",
      "expireddateminutesfromcheckout":7200,
      "expireddate":"08\/08\/2088",
      "expireddatehour":0,
      "expireddateminutes":0,
      "expireddateamorpm":"am",
      "timezone":"America\/Los_Angeles",
      "usagedates":[
         {
            "day":"saturday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"wednesday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"sunday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"friday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"tuesday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"thursday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         },
         {
            "day":"monday",
            "fromhour":"12",
            "fromminutes":"0",
            "fromamorpm":"am",
            "tohour":"12",
            "tominutes":"0",
            "toamorpm":"am"
         }
      ],
      "accounts":[
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

                  /c11066278022489aad758aec69d9727d",
               "accountUID":"c11066278022489aad758aec69d9727d",
               "accountName":"himanshu",
               "status":"checkedIn",
               "targetName":"hhsharma-ldap",
               "targetType":"ldap",
               "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
               "domain":"berkeley",
               "grantees":{
                  "users":[
 
                  ],
                  "roles":[
                     {
                        "role":{
                           "name":"Administrators",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "description":"Administrators can view and modify all resource

                               attributes and start and stop servers."
                        }
                     },
                     {
                        "role":{
                           "name":"opamgroup1",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "description":""
                        }
                     },
                     {
                        "role":{
                           "name":"opamgroup2",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "description":""
                        }
                     }
                  ]
               }
            }
         },
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

                  /3740553e999a4f6aa8e8f9286d320cb4",
               "accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
               "accountName":"sherlock",
               "status":"checkedOut",
               "targetName":"hhsharma-ldap",
               "targetType":"ldap",
               "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
               "domain":"berkeley",
               "grantees":{
                  "users":[
                     {
                        "user":{
                           "uid":"sec_admin",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "lastname":"sec_admin",
                           "dn":"uid=sec_admin,ou=people,ou=myrealm,dc=base_domain"
                        }
                     },
                     {
                        "user":{
                           "uid":"opamenduser1",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "firstname":"opamenduser1",
                           "lastname":"opamenduser1",
                           "dn":"uid=opamenduser1,ou=people,ou=myrealm,dc=base_domain"
                        }
                     },
                     {
                        "user":{
                           "uid":"opamenduser2",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "lastname":"opamenduser2",
                           "dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
                        }
                     },
                     {
                        "user":{
                           "uid":"opamuser1",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "lastname":"opamuser1",
                           "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
                        }
                     }
                  ],
                  "roles":[
 
                  ]
               }
            }
         },
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\

                  /account\/154034fc5b5548caad7721e198815709",
               "accountUID":"154034fc5b5548caad7721e198815709",
               "accountName":"lucie",
               "status":"checkedIn",
               "targetName":"hhsharma-ldap",
               "targetType":"ldap",
               "targetUID":"9bbcbbb087174ad1900ea691a2573b61",
               "domain":"berkeley",
               "grantees":{
                  "users":[
                     {
                        "user":{
                           "uid":"opamuser1",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "lastname":"opamuser1",
                           "dn":"uid=opamuser1,ou=people,ou=myrealm,dc=base_domain"
                        }
                     },
                     {
                        "user":{
                           "uid":"opamenduser2",
                           "usagepolicy":"usagepolicy1",
                           "usagepolicyname":"Default Usage Policy",
                           "lastname":"opamenduser2",
                           "dn":"uid=opamenduser2,ou=people,ou=myrealm,dc=base_domain"
                        }
                     }
                  ],
                  "roles":[
 
                  ]
               }
            }
         }
      ]
   }
}

Where:

  • usagepolicy is a usagepolicy JSON object.

  • policyid is the Usage Policy's unique identifier.

  • policystatus is set to active or disabled.

  • policyname is a name of the policy

  • description is a description of the policy.

  • globaldefault indicates whether the policy is the global default policy or not.

  • dateorduration indicates how the expiration time is calculated.

    • If set to date, then expireddate, expireddatehour, expireddateminutes, and expireddateamorpm are used.

    • If set to duration, then expireddateminutesfromcheckout is used.

    Where:

    • expireddate is the date of expiration.

    • expireddatehour.hour are integer values between 0 and 12.

    • expireddateminutes.minutes are integer values between 0 and 60.

    • expireddateamorpm is a.m. or p.m.

    • expireddateminutesfromcheckout are minutes from checkout.

  • timezone is a time zone for the Usage Policy.

  • usagedates is an array, where each value represents the check out time for individual days.

  • day is a day of the week, where acceptable values are sunday, monday, tuesday, wednesday, thursday, friday, and saturday.

Use the following attributes to indicate a range from and to:

  • fromhour is an integer value between 0 and 12.

  • fromminutes is a n integer value between 0 and 60.

  • fromamorpm is a.m. or p.m.

  • tohour is a n integer value between 0 and 12.

  • tominutes is a n integer value between 0 and 60.

  • toamorpm is a.m. or p.m.

B.6.3 Update a Usage Policy

Use this API to update a Usage Policy. You can update all attributes, except policyid, and you can update multiple attributes at a time.

URI

https://opam_server_host:opam_ssl_port/opam/usagepolicy/{policyid}

Method

PUT

Body

JSON representation of Usage Policy modification

Returns on Success

Status code 200


Example B-31 Sample JSON Representation of Usage Policy Modification

{
   "modifications":[
      {
         "modification":{
            "usagedates":[
               {
                  "day":"saturday",
                  "fromhour":"12",
                  "fromminutes":"0",
                  "fromamorpm":"am",
                  "tohour":"12",
                  "tominutes":"0",
                  "toamorpm":"am"
               },
               {
                  "day":"wednesday",
                  "fromhour":"12",
                  "fromminutes":"0",
                  "fromamorpm":"am",
                  "tohour":"12",
                  "tominutes":"0",
                  "toamorpm":"am"
               }
            ]
         }
      },
      {
         "modification":{
            "expireddatehour":2
         }
      }
   ]
}

Where:

  • modifications are an array of modification JSON objects.

  • modification is a JSON object representing a single attribute.

You must update the usagedates and expireddatehour attributes on the target. Their value is updated to the value provided with them.

B.6.4 Delete a Usage Policy

Use this API to delete a Usage Policy.

URI

https://opam_server_host:opam_ssl_port/opam/usagepolicy/{policyid}

Method

DELETE

Body

 

Returns on Success

Status 200


B.7 Password Policy Resource

The APIs described in this section include:

B.7.1 Create a Password Policy

Use this API to create a Password Policy.

URI

https://opam_server_host:opam_ssl_port/opam/passwordpolicy

Method

POST

Body

JSON representation for Password Policy creation

Returns on Success

Status code 201


Example B-32 Sample JSON Representation for Password Policy Creation

{
   "passwordpolicy":{
      "policystatus":"active",
      "policyname":"Default Password Policy",
      "description":"Default Password Policy",
      "passwordchangedurationunit":"days",
      "passwordchangedurationvalue":30,
      "changeoncheckin":"y",
      "changeoncheckout":"y",
      "passwordcharsmin":8,
      "passwordcharsmax":8,
      "passwordalphabeticmin":1,
      "passwordnumericmin":1,
      "passwordalphanumericmin":2,
      "passworduniquemin":1,
      "passworduppercasemin":1,
      "passwordlowercasemin":1,
      "passwordspecialmin":0,
      "passwordspecialmax":0,
      "passwordrepeatedmin":0,
      "passwordrepeatedmax":1,
      "startingchar":"n",
      "isaccountnameallowed":"n",
      "requiredchars":[
         "a",
         "h",
         "j"
      ],
      "allowedchars":[
         "b",
         "t",
         "y",
         "p",
         "u",
         "r",
         "o",
         "k",
         "1",
         "2",
         "=",
         "M",
         "a",
         "h",
         "j"
      ],
      "disalloweddchars":[
         "7",
         "8",
         "l"
      ]
   }
}

All attributes are optional, except policyname.

B.7.2 Retrieve a Password Policy

Use this API to retrieve a Password Policy.

URI

https://opam_server_host:opam_ssl_port/opam/passwordpolicy/{policyid}

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of Password Policy


Example B-33 Sample JSON Representation of Password Policy

{
   "passwordpolicy":{
      "policyid":"passwordpolicy2",
      "policystatus":"active",
      "policyname":"Default Password Policy",
      "description":"Default Password Policy",
      "globaldefault":"y",
      "passwordchangedurationunit":"days",
      "passwordchangedurationvalue":30,
      "changeoncheckin":"y",
      "changeoncheckout":"y",
      "passwordcharsmin":8,
      "passwordcharsmax":8,
      "passwordalphabeticmin":1,
      "passwordnumericmin":1,
      "passwordalphanumericmin":2,
      "passworduniquemin":1,
      "passworduppercasemin":1,
      "passwordlowercasemin":1,
      "passwordspecialmin":0,
      "passwordspecialmax":0,
      "passwordrepeatedmin":0,
      "passwordrepeatedmax":1,
      "startingchar":"n",
      "isaccountnameallowed":"n",
      "requiredchars":[
         "a",
         "h",
         "j"
      ],
      "allowedchars":[
         "b",
         "t",
         "y",
         "p",
         "u",
         "r",
         "o",
         "k",
         "1",
         "2",
         "=",
         "M",
         "a",
         "h",
         "j"
      ],
      "disalloweddchars":[
         "7",
         "8",
         "l"
      ],
      "accounts":[
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

                  /3740553e999a4f6aa8e8f9286d320cb4",
               "accountUID":"3740553e999a4f6aa8e8f9286d320cb4",
               "accountName":"sherlock",
               "status":"checkedOut",
               "targetName":"hhsharma-ldap",
               "targetType":"ldap",
               "domain":"berkeley",
               "grantees":{
                  "users":[
 
                  ],
                  "roles":[
 
                  ]
               }
            }
         },
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

                  /c11066278022489aad758aec69d9727d",
               "accountUID":"c11066278022489aad758aec69d9727d",
               "accountName":"himanshu",
               "status":"checkedIn",
               "targetName":"hhsharma-ldap",
               "targetType":"ldap",
               "domain":"berkeley",
               "grantees":{
                  "users":[
 
                  ],
                  "roles":[
 
                  ]
               }
            }
         },
         {
            "account":{
               "uri":"https:\/\/opam_server_host:opam_ssl_port\/opam\/account\

                  /154034fc5b5548caad7721e198815709",
               "accountUID":"154034fc5b5548caad7721e198815709",
               "accountName":"lucie",
               "status":"checkedIn",
               "targetName":"hhsharma-ldap",
               "targetType":"ldap",
               "domain":"berkeley",
               "grantees":{
                  "users":[
 
                  ],
                  "roles":[
 
                  ]
               }
            }
         }
      ]
   }
}

Where:

  • passwordpolicy is a passwordpolicy JSON object.

  • policyid is the policy's unique identifier.

  • policystatus is the policy's status, where acceptable values are active or disabled.

  • policyname is the policy name

  • description is a description of the policy.

  • globaldefault indicates whether the policy is a global default or not.

  • dateorduration indicates how the expiration time is calculated.

    • If set to date, then expireddate, expireddatehour, expireddateminutes, and expireddateamorpm are used.

    • If set to duration, then expireddateminutesfromcheckout is used.

    Where:

    • expireddate is the date of expiration.

    • expireddatehour.hour are integer values between 0 and 12.

    • expireddateminutes.minutes are integer values between 0 and 60.

    • expireddateamorpm is a.m. or p.m.

    • expireddateminutesfromcheckout are minutes from checkout.

  • timezone is a time zone for the Usage Policy.

  • usagedates is an array, where each value represents the check out time for individual days.

  • day is a day of the week, where acceptable values are sunday, monday, tuesday, wednesday, thursday, friday, and saturday.

For other attribute definitions, refer to Section B.2, "Account Resource."

B.7.3 Delete a Password Policy

Use this API to delete a Password Policy.

URI

https://opam_server_host:opam_ssl_port/opam/passwordpolicy/{policyid}

Method

DELETE

Body

 

Returns on Success

Status 200


B.7.4 Update a Password Policy

Use this API to update a Usage Policy. You can update all of the attributes, except policyid, and you can update multiple attributes at a time.

URI

https://opam_server_host:opam_ssl_port/opam/passwordpolicy/{policyid}

Method

PUT

Body

JSON representation for Password Policy modification

Returns on Success

Status code 201


Example B-34 Sample JSON Representation of Password Policy Modification

{
   "modifications":[
      {
         "modification":{
            "disalloweddchars":[
               "4",
               "6"
            ]
         }
      },
      {
         "modification":{
            "passwordalphabeticmin":2
         }
      }
   ]
}

Where:

  • modifications is an array of modification JSON objects.

  • modification is a JSON object representing a single attribute.

You must update the disalloweddchars and passwordalphabeticmin attributes on the target. These attribute values are updated to the values provided with them.

B.8 Policy Resource

The APIs described in this section include:

B.8.1 Search for Policies

Use this API to search for the accounts. This API is a contains search, using one or more of the following parameters:

  • policystatus

  • policyname

  • accountname

All of the parameters are optional.

URI

https://opam_server_host:opam_ssl_port/opam/policy/search?param1=val1&param2=val2

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of policies


Example B-35 Sample JSON Representation of Policies

{
   "usagepolicies":[
      {
         "policyname":"Default Usage Policy",
         "policyid":"usagepolicy1",
         "policystatus":"active",
         "globaldefault":"y"
      }
   ],
   "passwordpolicies":[
      {
         "policyname":"Default Password Policy",
         "policyid":"passwordpolicy2",
         "policystatus":"active",
         "globaldefault":"y"
      }
   ]
}

Where:

  • usagepolicies are an array of Usage Policies.

  • passwordpolicies are an array of Password Policies.

  • policyname is the policy name.

  • policyid is the policy's unique identifier.

  • policystatus is the policy status, where acceptable values are active or disabled.

B.8.2 Get Default Policies

Use this API to get the Default Usage Policy and Default Password Policy.

URI

https://opam_server_host:opam_ssl_port/opam/policy/default

Method

GET

Body

 

Returns on Success

Status code 200 and JSON representation of policies


Example B-36 Sample JSON Representation of Policies

{
   "usagepolicies":[
      {
         "policyname":"Default Usage Policy",
         "policyid":"usagepolicy1",
         "policystatus":"active"
      }
   ],
   "passwordpolicies":[
      {
         "policyname":"Default Password Policy",
         "policyid":"passwordpolicy2",
         "policystatus":"active"
      }
   ]
}

Where:

  • usagepolicies is an array of Usage Policies.

  • passwordpolicies is an array of Password Policies.

  • policyname is the policy name.

  • policyid is the policy's unique identifier.

  • policystatus is the policy status, where acceptable values are active or disabled.

This attribute only returns the default policies, Default Usage Policy and Default Password Policy.