Truststore Maintenance for Organizations
You can use the VMware Cloud Director API to upload and manage SSL certificates, keystores, and Kerberos keytabs for your organization's LDAP service. You can also use the VMware Cloud Director API to configure SSPI, the Microsoft Security Support Provider Interface, for use with Active Directory.
The OrgLdapSettings element includes links that enable an organization administrator to maintain certificates and truststores for the organization's LDAP service.
<AdminOrg ... > ... <OrgLdapSettings ... > ... <Link rel="certificate:update" type="application/vnd.vmware.admin.certificateUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate"/> <Link rel="certificate:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapCertificate"/> <Link rel="keystore:update" type="application/vnd.vmware.admin.keystoreUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapKeyStore"/> <Link rel="keystore:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapKeyStore"/> <Link rel="keytab:update" type="application/vnd.vmware.admin.sspiKeytabUpdateParams+xml" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapSspiKeytab"/> <Link rel="keytab:reset" href="https://vcloud.example.com/api/admin/org/26/settings/ldap/action/resetLdapSspiKeytab"/> ... </OrgLdapSettings> </AdminOrg>
All of these links implement similar operations. They either upload a new certificate, keytab, or keystore, or reset or remove an existing one. VMware Cloud Director imposes limits on upload sizes.
Upload Type | Maximum Size in Megabytes |
---|---|
LDAP certificate | 2 |
LDAP keystore | 2 |
LDAP SSPI keytab | 2 |
Prerequisites
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
Procedure
Example: Upload an SSL Certificate for an Organization LDAP Service
This example uploads an SSL certificate whose size is 892 bytes. The first step obtains an upload URL by POSTing a CertificateUpdateParams element to the organization's settings/ldap/action/updateLdapCertificate URL.
POST: https://vcloud.example.com/api/admin/org/26/settings/ldap/action/updateLdapCertificate Content-type: application/vnd.vmware.admin.certificateUpdateParams+xml ... <?xml version="1.0" encoding="UTF-8"?> <CertificateUpdateParams fileSize="892" xmlns="http://www.vmware.com/vcloud/v1.5"> </CertificateUpdateParams>
The response contains an uploadLocation parameter whose value is a URL to which you can upload the certificate.
<CertificateUploadSocket xmlns="http://www.vmware.com/vcloud/v1.5" uploadLocation="https://vcloud.example.com/transfer/53bc1/ldapCertificate"> <Task ... status="running" operation="Updating LDAP certificate Organization (7)" ... </Task> </CertificateUploadSocket>
To upload the certificate, make a PUT request to the uploadLocation URL and supply the certificate in the request body.
PUT https://vcloud.example.com/transfer/53bc1/ldapCertificate Content-length: 892 ...serialized contents of certificate... EOF
200 OK