Importing and applying a certificate for an LDAP connection by using REST Administration APIs

System administrators can import a certificate to use with an LDAP connection by using REST Administration APIs.

You can import a certificate for an LDAP connection by using a REST Administration API, or by using the Amlen WebUI. When you use the Amlen WebUI, importing the certificate is part of configuring an LDAP connection. For more information about using the Amlen WebUI to import the certificate, see Configuring an LDAP server by using the Amlen WebUI.

After the certificate is applied, it is automatically renamed to ldap.pem.

  1. Import the certificate to Eclipse Amlen by using the Eclipse Amlen REST API PUT method with the following Eclipse Amlen file URI:

    curl -X PUT -T <FilePath and FileName> http://<admin-endpoint:port>/ima/v1/file/<FileName>

  2. Apply the certificate to the LDAP connection by using the Eclipse Amlen REST API POST method.
    1. Use the following Eclipse Amlen configuration URI:

      http://<admin-endpoint-IP:Port>/ima/v1/configuration/

    2. Provide LDAP object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown. 
      
{    
  "LDAP": {
    "Certificate": "string",
    "Verify": true|false,
    "Overwrite": true|false 
   }
}
      Where:
      Certificate:
      Specifies the name of the certificate that was imported in step 1.
      Verify: true|false
      Specifies whether the LDAP connection is tested with the configuration change without committing the configuration change.
      The default value is false which means that the configuration change is committed without first testing the LDAP connection.
      Overwrite: true|false
      Optional.
      Specifies whether any existing LDAP connection certificate is overwritten.
      The default value is false.

      New LDAP settings will be used the next time a client or connection is authenticated or authorized.

  3. Test the LDAP connection by ensuring that Verify is set to true.

The following example shows importing a file called ldap.pem from the local machine to a staging directory and applying the LDAP certificate on a server: 

curl -X PUT -T /certificates/ldap.pem http://127.0.0.1:9089/ima/v1/file/ldap.pem
An example response to the PUT method:

       {        
         "Version": "v1",
         "Code": "CWLNA6011",
         "Message": "The requested configuration change has completed successfully."
       }
The following example applies the certificate to the LDAP connection by using cURL:

curl -X POST \
   -H 'Content-Type: application/json'  \
   -d  '{
          "LDAP": {   
           "Certificate": "ldap.pem",
           "Overwrite": true          
        }
      }
      '  \
http://127.0.0.1:9089/ima/v1/configuration/
The following shows an example response to the POST method.

{        
  "Version": "v1",
  "Code": "CWLNA6011",
  "Message": "The requested configuration change has completed successfully."
}
After you import and apply the LDAP certificate, you can configure the LDAP connection. For more information about configuring the LDAP connection by using REST Administration APIs, see Configuring an LDAP connection by using REST Administration APIs.