API Description | API Path |
---|---|
List LDAP identity sourcesReturn a list of all configured LDAP identity sources. |
GET /policy/api/v1/aaa/ldap-identity-sources
|
Test an LDAP serverAttempt to connect to an LDAP server and ensure that the server can be contacted using the given URL and authentication credentials. |
POST /policy/api/v1/aaa/ldap-identity-sources?action=probe_ldap_server
|
Probe an LDAP identity sourceVerify that the configuration of an LDAP identity source is correct before actually creating the source. |
POST /policy/api/v1/aaa/ldap-identity-sources?action=probe_identity_source
|
Fetch the server certificate of an LDAP serverAttempt to connect to an LDAP server and retrieve the server certificate it presents. |
POST /policy/api/v1/aaa/ldap-identity-sources?action=fetch_certificate
|
Delete an LDAP identity sourceDelete an LDAP identity source. Users defined in that source will no longer be able to access NSX. |
DELETE /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>
|
Read a single LDAP identity sourceReturn details about one LDAP identity source |
GET /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>
|
Test the configuration of an existing LDAP identity sourceAttempt to connect to an existing LDAP identity source and report any errors encountered. |
POST /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>?action=probe
|
Update an existing LDAP identity sourceUpdate the configuration of an existing LDAP identity source. You may wish to verify the new configuration using the POST /aaa/ldap-identity-sources?action=probe API before changing the configuration. |
PUT /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>
|
Search the LDAP identity sourceSearch the LDAP identity source for users and groups that match the given filter_value. In most cases, the LDAP source performs a case-insensitive search. |
POST /policy/api/v1/aaa/ldap-identity-sources/<ldap-identity-source-id>/search
|
Create registration access tokenThe privileges of the registration token will be the same as the caller. |
POST /api/v1/aaa/registration-token
|
Delete registration access token |
DELETE /api/v1/aaa/registration-token/<token>
|
Get registration access token |
GET /api/v1/aaa/registration-token/<token>
|
Get all users and groups with their roles |
GET /api/v1/aaa/role-bindings
|
Delete all stale role assignments |
POST /api/v1/aaa/role-bindings?action=delete_stale_bindings
|
Assign roles to User or GroupWhen assigning a user role, specify the user name with the same case as it appears in vIDM to access the NSX-T user interface. For example, if vIDM has the user name User1@example.com then the name attribute in the API call must be be User1@example.com and cannot be user1@example.com. |
POST /api/v1/aaa/role-bindings
|
Delete user/group's roles assignment |
DELETE /api/v1/aaa/role-bindings/<binding-id>
|
Get user/group's role information |
GET /api/v1/aaa/role-bindings/<binding-id>
|
Update User or Group's roles |
PUT /api/v1/aaa/role-bindings/<binding-id>
|
Get information about all roles |
GET /api/v1/aaa/roles
|
Get information about all roles with features and their permissions |
GET /api/v1/aaa/roles-with-feature-permissions
|
Get role information |
GET /api/v1/aaa/roles/<role>
|
Get the name and role information of the user.This API will return the name and role information of the user invoking this API request. This API is available for all NSX users no matter their authentication method (Local account, VIDM, LDAP etc). The permissions parameter of the NsxRole has been deprecated. |
GET /api/v1/aaa/user-info
|
Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API. |
GET /api/v1/aaa/vidm/groups
|
Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API. |
POST /api/v1/aaa/vidm/search
|
Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API. |
GET /api/v1/aaa/vidm/users
|
Read AAA provider vIDM properties |
GET /api/v1/node/aaa/providers/vidm
GET /api/v1/transport-nodes/<transport-node-id>/node/aaa/providers/vidm GET /api/v1/cluster/<cluster-node-id>/node/aaa/providers/vidm |
Update AAA provider vIDM properties |
PUT /api/v1/node/aaa/providers/vidm
PUT /api/v1/transport-nodes/<transport-node-id>/node/aaa/providers/vidm PUT /api/v1/cluster/<cluster-node-id>/node/aaa/providers/vidm |
Read AAA provider vIDM status |
GET /api/v1/node/aaa/providers/vidm/status
GET /api/v1/transport-nodes/<transport-node-id>/node/aaa/providers/vidm/status GET /api/v1/cluster/<cluster-node-id>/node/aaa/providers/vidm/status |
Return the list of OpenID Connect end-points. |
GET /api/v1/trust-management/oidc-uris
|
Update a OpenID Connect end-point's thumbprintUpdate a OpenID Connect end-point's thumbprint used to connect to the oidc_uri through SSL |
POST /api/v1/trust-management/oidc-uris?action=update_thumbprint
|
Add an OpenID Connect end-point.This request also fetches the issuer and jwks_uri meta-data from the OIDC end-point and stores it. |
POST /api/v1/trust-management/oidc-uris
|
Get an OpenID Connect end-point.When ?refresh=true is added to the request, the meta-data is newly fetched from the OIDC end-point. |
GET /api/v1/trust-management/oidc-uris/<id>
|
Return the list of principal identitiesReturns the list of principals registered with a certificate. |
GET /api/v1/trust-management/principal-identities
|
Register a name-certificate combination.Associates a principal's name with a certificate that is used to authenticate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. Deprecated, use POST /trust-management/principal-identities/with-certificate instead. |
POST /api/v1/trust-management/principal-identities
(Deprecated)
|
Update a principal identity's certificateUpdate a principal identity's certificate |
POST /api/v1/trust-management/principal-identities?action=update_certificate
|
Delete a principal identityDelete a principal identity. It does not delete the certificate. |
DELETE /api/v1/trust-management/principal-identities/<principal-identity-id>
|
Get a principal identityGet a stored principal identity |
GET /api/v1/trust-management/principal-identities/<principal-identity-id>
|
Register a name-certificate combination.Create a principal identity with a new, unused, certificate. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. |
POST /api/v1/trust-management/principal-identities/with-certificate
|
Return the list of token-based principal identities. | These don't have certificate or role information. |
GET /api/v1/trust-management/token-principal-identities
|
Register a token-based principal identity.Register a principal identity that is going to be authenticated through a token. The combination name and node_id needs to be unique across token-based and certificate-based principal identities. |
POST /api/v1/trust-management/token-principal-identities
|
Delete a token-based principal identityDelete a token-based principal identity. |
DELETE /api/v1/trust-management/token-principal-identities/<principal-identity-id>
|
Get a token-based principal identityGet a stored token-based principal identity |
GET /api/v1/trust-management/token-principal-identities/<principal-identity-id>
|