System Administration > Settings > User Management

Associated URIs:

API Description API Path

List LDAP identity sources


Return a list of all configured LDAP identity sources.
GET /api/v1/aaa/ldap-identity-sources

Probe an LDAP identity source


Verify that the configuration of an LDAP identity source is correct before actually creating the source.
POST /api/v1/aaa/ldap-identity-sources?action=probe_identity_source

Fetch the server certificate of an LDAP server


Attempt to connect to an LDAP server and retrieve the server certificate it presents.
POST /api/v1/aaa/ldap-identity-sources?action=fetch_certificate

Test an LDAP server


Attempt to connect to an LDAP server and ensure that the server can be contacted using the given URL and authentication credentials.
POST /api/v1/aaa/ldap-identity-sources?action=probe_ldap_server

Delete an LDAP identity source


Delete an LDAP identity source. Users defined in that source will no longer be able to access NSX.
DELETE /api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>

Read a single LDAP identity source


Return details about one LDAP identity source
GET /api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>

Test the configuration of an existing LDAP identity source


Attempt to connect to an existing LDAP identity source and report any errors encountered.
POST /api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>?action=probe

Update an existing LDAP identity source


Update the configuration of an existing LDAP identity source. You may wish to verify the new configuration using the POST /aaa/ldap-identity-sources?action=probe API before changing the configuration.
PUT /api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>

Search the LDAP identity source


Search the LDAP identity source for users and groups that match the given filter_value. In most cases, the LDAP source performs a case-insensitive search.
POST /api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>/search

Create registration access token


The privileges of the registration token will be the same as the caller.
POST /api/v1/aaa/registration-token

Delete registration access token


DELETE /api/v1/aaa/registration-token/<token>

Get registration access token


GET /api/v1/aaa/registration-token/<token>

Get all users and groups with their roles


GET /api/v1/aaa/role-bindings

Assign roles to User or Group


When assigning a user role, specify the user name with the same
case as it appears in vIDM to access the NSX-T user interface.
For example, if vIDM has the user name User1@example.com then
the name attribute in the API call must be be User1@example.com
and cannot be user1@example.com.
POST /api/v1/aaa/role-bindings

Delete all stale role assignments


POST /api/v1/aaa/role-bindings?action=delete_stale_bindings

Delete user/group's roles assignment


DELETE /api/v1/aaa/role-bindings/<binding-id>

Get user/group's role information


GET /api/v1/aaa/role-bindings/<binding-id>

Update User or Group's roles


PUT /api/v1/aaa/role-bindings/<binding-id>

Get information about all roles


GET /api/v1/aaa/roles

Get information about all roles with features and their permissions


GET /api/v1/aaa/roles-with-feature-permissions

Get role information


GET /api/v1/aaa/roles/<role>

Get information about logged-in user. The permissions parameter of the NsxRole has been deprecated.


GET /api/v1/aaa/user-info

Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API.


GET /api/v1/aaa/vidm/groups

Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API.


POST /api/v1/aaa/vidm/search

Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API.


GET /api/v1/aaa/vidm/users