HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- Modifying LDAP group name with redfish API
ProLiant Servers (ML,DL,SL)
1825803
Members
2585
Online
109687
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2023 08:13 AM - last edited on 10-04-2023 01:10 AM by support_s
09-21-2023 08:13 AM - last edited on 10-04-2023 01:10 AM by support_s
I need to modify a RemoteGroup name in about 1000 iLOs. I tried:
SERVER=my-fqdn.org
TMPF=$(mktemp)
NEWDN="CN=something,OU=another,OU=more,DC=my,DC=org"
OLDDN="CN=somethingelse,OU=another,OU=more,DC=my,DC=org"
ACTV=$(python3 -c "import urllib.parse, sys; print urllib.parse.quote(sys.argv[1])"'serverName' = '${SERVER}'\"")
UUID=$(curl --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --silent \
--request GET ${OneView}/rest/server-hardware?filter=${ACTV} | jq -r '.members[] | .uuid'})
read iLOSSO iLOAuth <<< $(curl --silent --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" \
--request GET ${OneView}/rest/server-hardware/${UUID}/remoteConsoleUrl | \
jq -r '.remoteConsoleUrl ' | sed -e 's|hplocons|https|' -e 's|addr=||' \
-e 's|^\(.*\)&sessionkey=\(.*\)$|\1 \2|')
DATA=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping')
echo ${DATA} | jq -r '.[] | select(.RemoteGroup="'${OLDDN}'") | .RemoteGroup = "'${NEWDN}'"' | jq --slurp '.' > ${TMPF}
DATA=$(echo '{"LDAP":{"RemoteRoleing": '$(cat ${TMPF})'}}' | jq -r '.')
curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService | jq -r '.'which does not work. If I drop the pipe to jq and add a --include, I see:
HTTP/1.1 415 Unsupported Media Type
Content-Length: 0
Date: today
OData-Version: 4.0
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=blockDoes anyone know what I am doing incorrectly?
Solved! Go to Solution.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2023 11:05 PM
09-21-2023 11:05 PM
Re: Modifying LDAP group name with redfish API
Hi bradawk1,
I believe, this post will help you. For more deep dive, you can refer this website. .
Regards,
Shiva_JR
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-22-2023 03:09 AM
09-22-2023 03:09 AM
Re: Modifying LDAP group name with redfish API
The post is about changing privileges. I'm just trying to change the RemoteGroup name. The JSON I am uploading looks like:
{
"LDAP": {
"RemoteRoleMapping": [
{
"LocalRole": "dirgroup22e442334af4ed71",
"RemoteGroup": "CN=something_being_changed,OU=UNIXgroups,DC=my,=DC=org"
},
{
"LocalRole": "dirgroup8492ef9ab31cf23445",
"RemoteGroup": "CN=something_not_changing,OU=UNIXgroups,DC=my,=DC=org"
},
{
"LocalRole": "dirgroup45e23a7c72b99ef2923",
"RemoteGroup": "CN=somethingelse,OU=UNIXgroups,DC=my,=DC=org"
}
]
}
}That is what I saw in the Redfish API Reference. Redfish API LDAP groups However, it is not working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2023 04:20 AM
10-10-2023 04:20 AM
Re: Modifying LDAP group name with redfish API
I decided the best method was to delete the old group mapping and just create a new one. Since the role assigned to the old group is correct, I saved that role and attempted to re-use it:
SERVER=my-fqdn.org
NEWDN="CN=something,OU=another,OU=more,DC=my,DC=org"
OLDDN="CN=somethingelse,OU=another,OU=more,DC=my,DC=org"
ACTV=$(python3 -c "import urllib.parse, sys; print urllib.parse.quote(sys.argv[1])"'serverName' = '${SERVER}'\"")
UUID=$(curl --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --silent \
--request GET ${OneView}/rest/server-hardware?filter=${ACTV} | jq -r '.members[] | .uuid'})
read iLOSSO iLOAuth <<< $(curl --silent --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" \
--request GET ${OneView}/rest/server-hardware/${UUID}/remoteConsoleUrl | \
jq -r '.remoteConsoleUrl ' | sed -e 's|hplocons|https|' -e 's|addr=||' \
-e 's|^\(.*\)&sessionkey=\(.*\)$|\1 \2|')
DATA=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping')
# Save the old DN role:
LOCALROL=$(echo ${DATA} | jq -r .[] | select(.RemoteGroup == "'${OLDDN}'") | .LocalRole')
# Remove the old group:
DATA=$(echo ${DATA} | jq '. | del(.[] | select(.RemoteGroup == "'${OLDDN}'"))')
# And wrap the array in the proper context:
DATA='{"LDAP": { "RemoteRoleMapping":'${DATA}'}}'
# Upload to iLO
curl --include --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService
# Should get back a JSON:
{
"error": {
"code": iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageId": "Base.1.4.Success"
}
]
}
}
# Pull down the current list:
DATA=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping')
# Add in the new DN:
DATA=$(echo ${DATA} | jq '. += [{"Localrole": "'${LOCALROL}'","RemoteGroup": "'${NEWDN}'"}]')
# Again, wrap it correctly:
DATA='{"LDAP": { "RemoteRoleMapping":'${DATA}'}}'
# Upload to iLO
curl --include --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountServiceHowever, I get back:
{
"error": {
"code": iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageArgs": [
"oldrole"
],
"MessageId": "iLO.2.15.PropertyValueBadParam"
}
]
}
]Any ideas on how to save the old role?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2023 06:15 AM
10-10-2023 06:15 AM
Re: Modifying LDAP group name with redfish API
Apparently the old role gets deleted. So, I'm creating with standard role, ReadOnly. Then want to modify that. Creating is working, but modifying the role is not. I get back:
HTTP/1.1 405 Method Not Allowed
Doing:
SERVER=my-fqdn.org
NEWDN="CN=something,OU=another,OU=more,DC=my,DC=org"
OLDDN="CN=somethingelse,OU=another,OU=more,DC=my,DC=org"
ACTV=$(python3 -c "import urllib.parse, sys; print urllib.parse.quote(sys.argv[1])"'serverName' = '${SERVER}'\"")
UUID=$(curl --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --silent \
--request GET ${OneView}/rest/server-hardware?filter=${ACTV} | jq -r '.members[] | .uuid'})
read iLOSSO iLOAuth <<< $(curl --silent --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" \
--request GET ${OneView}/rest/server-hardware/${UUID}/remoteConsoleUrl | \
jq -r '.remoteConsoleUrl ' | sed -e 's|hplocons|https|' -e 's|addr=||' \
-e 's|^\(.*\)&sessionkey=\(.*\)$|\1 \2|')
DATA=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping')
# Remove the old group:
DATA=$(echo ${DATA} | jq '. | del(.[] | select(.RemoteGroup == "'${OLDDN}'"))')
# And wrap the array in the proper context:
DATA='{"LDAP": { "RemoteRoleMapping":'${DATA}'}}'
# Upload to iLO
curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService
# Should get back a JSON:
{
"error": {
"code": iLO.0.10.ExtendedInfo",
"message": "See @Message.ExtendedInfo for more information.",
"@Message.ExtendedInfo": [
{
"MessageId": "Base.1.4.Success"
}
]
}
}
# Pull down the current list:
DATA=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping')
# Add in the new DN (have to set the role to a pre-defined role, then modify):
DATA=$(echo ${DATA} | jq '. += [{"Localrole": "ReadOnly","RemoteGroup": "'${NEWDN}'"}]')
# Again, wrap it correctly:
DATA='{"LDAP": { "RemoteRoleMapping":'${DATA}'}}'
# Upload to iLO
curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService | jq -r '.'
# Should get back another success JSON.
# Now, retrieve the newly assigned role id:
NEWROL=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping | .[] | select(.RemoteGroup == "'${NEWDN}'") | .LocalRole')
# Now create a JSON with the added privileges:
DATA='{ "OemPrivileges": [ "RemoteConsolePriv","VirtualPowerAndResetPriv"]}'
curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService/Roles/${NEWROL} | jq -r '.'- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2023 05:33 AM
10-11-2023 05:33 AM
SolutionNot sure what I did wrong on the last step yesterday, but repeated today and it works fine:
SERVER=my-fqdn.org
NEWDN="CN=something,OU=another,OU=more,DC=my,DC=org"
OLDDN="CN=somethingelse,OU=another,OU=more,DC=my,DC=org"
ACTV=$(python3 -c "import urllib.parse, sys; print urllib.parse.quote(sys.argv[1])"'serverName' = '${SERVER}'\"")
UUID=$(curl --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" --silent \
--request GET ${OneView}/rest/server-hardware?filter=${ACTV} | jq -r '.members[] | .uuid'})
read iLOSSO iLOAuth <<< $(curl --silent --insecure --header "X-API-Version: ${currentVersion}" --header "auth: ${sessionID}" \
--request GET ${OneView}/rest/server-hardware/${UUID}/remoteConsoleUrl | \
jq -r '.remoteConsoleUrl ' | sed -e 's|hplocons|https|' -e 's|addr=||' \
-e 's|^\(.*\)&sessionkey=\(.*\)$|\1 \2|')
DATA=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping')
# Remove the old group:
DATA=$(echo ${DATA} | jq '. | del(.[] | select(.RemoteGroup == "'${OLDDN}'"))')
# And wrap the array in the proper context:
DATA='{"LDAP": { "RemoteRoleMapping":'${DATA}'}}'
# Upload to iLO
curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService
# Pull down the current list:
DATA=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping')
# Add in the new DN (have to set the role to a pre-defined role, then modify):
DATA=$(echo ${DATA} | jq '. += [{"Localrole": "ReadOnly","RemoteGroup": "'${NEWDN}'"}]')
# Again, wrap it correctly:
DATA='{"LDAP": { "RemoteRoleMapping":'${DATA}'}}'
# Upload to iLO
curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService | jq -r '.'
# Should get back another success JSON.
# Now, retrieve the newly assigned role id:
NEWROL=$(curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --request GET ${iLOSSO}/redfish/v1/AccountService | jq -r '.LDAP.RemoteRoleMapping | .[] | select(.RemoteGroup == "'${NEWDN}'") | .LocalRole')
# Now create a JSON with the added privileges:
DATA='{ "OemPrivileges": [ "RemoteConsolePriv","VirtualPowerAndResetPriv"]}'
curl --insecure --silent --header "X-Auth-Token: ${iLOAuth}" --header "accept: application/json" --data "${DATA}" --request PATCH ${iLOSSO}/redfish/v1/AccountService/Roles/${NEWROL} | jq -r '.'Ran it in a for loop and two racks of servers and it worked great!
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP