Tenable Security Center API: LDAP

/ldap

Methods

GET

Gets the list of LDAPS.

Fields Parameter

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name 
**description
**searchString

Session user role "1" (Administrator)

host
port
encryption
dn
dnsField
lowercase
timeLimit
password
username
attrEmail
attrName
attrPhone
attrUsername

ldapUserProvisioning

ldapUserSync
createdTime
modifiedTime
organizations

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont = field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response

Expand

{
	"type" : "regular",
	"response" : [
		{
			"id" : "1",
			"name" : "Test Name",
			"description" : "Test Description",
			"searchString" : "SearchString"
		},
		{
			"id" : "2",
			"name" : "testName",
			"description" : "testDescription",
			"searchString" : "SearchString"
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1500911088
}

POST

Adds an LDAP.

Note: This endpoint is restricted to users of role 1 (Admin)

Request Parameters

Expand

{
	"name" : <string>,
	"description" : <string> DEFAULT "",
	"host" : <string> (valid IP or hostname),
	"port" : <string> <valid port),
	"encryption" : <string> "ldaps" | "none" | "tls",
	"dn" : <string>,
	"dnsField" : <string> DEFAULT "dNSHostName",
	"lowercase" : <string> "false" | "true" DEFAULT "false",
	"timeLimit" : <string> DEFAULT "3600",
	"password" : <string> DEFAULT "",
	"username" : <string> DEFAULT "",
	"attrEmail" : <string> DEFAULT "",
	"attrName" : <string> DEFAULT "",
	"attrPhone" : <string> DEFAULT "",
	"attrUsername" : <string> DEFAULT "",
	"searchString" : <string> DEFAULT "",
	"ldapUserProvisioning : <string> "false" | "true" DEFAULT "false",
	"ldapUserSync" : <string> "false" | "true" DEFAULT "false",
	"organizations" : [
		{
			"id" : <string>
		},...
	] DEFAULT []
}

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"id" : "6",
		"name" : "Test Add LDAP",
		"description" : "Test Description",
		"host" : "127.0.0.1",
		"port" : "80",
		"encryption" : "none",
		"dn" : "Test DN",
		"dnsField" : "Test DNS",
		"lowercase" : "false",
		"timeLimit" : "3600",
		"password" : "SET",
		"username" : "username",
		"attrEmail" : "AttrEmail",
		"attrName" : "AttrName",
		"attrPhone" : "AttrPhone",
		"attrUsername" : "AttrUsername",
		"ldapUserProvisioning" : "false",
		"ldapUserSync" : "false",
		"searchString" : "SearchString",
		"createdTime" : "1500911435",
		"modifiedTime" : "1500911435",
		"organizations" : [
			{
				"id" : "1",
				"name" : "org1",
				"description" : "",
        		"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1500911573
}

/ldap/{id}

Methods

GET

Gets the LDAP associated with {id}.

Fields Parameter .

Expand

The fields parameter should be specified along the query string, and it takes the syntax

    ?fields=<field>,...

Allowed Fields

*id
**name
**description
**searchString

Session user role "1" (Administrator)

host
port
encryption
dn
dnsField
lowercase
timeLimit
password
username
attrEmail
attrName
attrPhone
attrUsername

ldapUserProvisioning

ldapUserSync
createdTime
modifiedTime
organizations

Legend

* = always comes back

** = comes back if fields list not specified on GET all

redFont = field is a JSON object ( e.g. "repository" :{ "id" : <id>, "name" : <name> } )

Request Parameters

None

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"id" : "1",
		"name" : "Test Name",
		"description" : "Test Description",
		"host" : "127.0.0.1",
		"port" : "80",
		"encryption" : "none",
		"dn" : "Test DN",
		"dnsField" : "Test DNS",
		"lowercase" : "false",
		"timeLimit" : "3600",
		"password" : "SET",
		"username" : "username",
		"attrEmail" : "AttrEmail",
		"attrName" : "AttrName",
		"attrPhone" : "AttrPhone",
		"attrUsername" : "AttrUsername",
		"ldapUserProvisioning" : "false",
		"ldapUserSync" : "false",
		"searchString" : "SearchString",
		"createdTime" : "1500911435",
		"modifiedTime" : "1500911435",
		"organizations" : [
			{
				"id" : "1",
				"name" : "org1",
				"description" : "",
        		"uuid" : "4F7DD1CD-EB1B-40D7-BCE1-2DB3E31F6F4C"
			}
		]
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1500911088
}

PATCH

Edits the LDAP associated with {id} , changing only the passed in fields.

Note: This endpoint is restricted to users of role 1 (Admin)

Request Parameters

(All fields are optional)

See /ldap::POST for parameters.

Example Response

See /ldap/{id}::GET

DELETE

Deletes the LDAP associated with {id} .

Note: This endpoint is restricted to users of role 1 (Admin)

Request Parameters

None

Example Response

Expand

{
	"type" : "regular",
	"response" : "",
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1408723358
}

/ldap/{id}/query

POST

Retrieves users for the LDAP associated with {id}, depending on access and permissions.

Request Parameters

Expand

{
	"match" : <string> DEFAULT "<string:attrUsername>=*" (attrUsername derived from LDAP)
}

Example Response

Expand

{
	"type" : "regular",
	"response" : [
		{
			"name" : "John Doe",
			"email" : "",
			"phone" : "",
			"username" : "JohnDoe"
		},
		{
			"name" : "Jane Doe",
			"email" : "",
			"phone" : "",
			"username" : "Jane Doe"
		}
	],
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1503416024
}

/ldap/test

Methods

POST

Tests the LDAP settings

Note: This endpoint is restricted to users of role 1 (Admin)

Request Parameters

Expand

{
	"host" : <string> (valid IP or hostname),
	"port" : <string> <valid port),
	"encryption" : <string> "ldaps" | "none" | "tls",
	"dn" : <string>,
	"dnsField" : <string> DEFAULT "dNSHostName",
	"lowercase" : <string> "false" | "true" DEFAULT "false",
	"timeLimit" : <string> DEFAULT "3600",
	"password" : <string> DEFAULT "",
	"username" : <string> DEFAULT "",
	"attrEmail" : <string> DEFAULT "",
	"attrName" : <string> DEFAULT "",
	"attrPhone" : <string> DEFAULT "",
	"attrUsername" : <string> DEFAULT "",
	"searchString" : <string> DEFAULT ""
}

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"status" : false,
		"message" : "Verification failed."
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410210283}

/ldap/{id}/test

Methods

POST

Tests the LDAP settings associated with {id}

Note: This endpoint is restricted to users of role 1 (Admin)

Request Parameters

(All fields are optional)

See /ldap/test::POST for parameters.

Example Response

Expand

{
	"type" : "regular",
	"response" : {
		"status" : false,
		"message" : "Verification failed."
	},
	"error_code" : 0,
	"error_msg" : "",
	"warnings" : [],
	"timestamp" : 1410210283}