Managing Settings
Most of the settings configurable in the API relate to LDAP authentication of users. Settings support two operations, GET (view settings) and POST (update settings). When settings are updated, they are sanity checked individually and as a whole. All or no settings will be updated for a request.
Viewing settings
Request
curl --user admin:admin http://test.cfengine.com/api/settings
Response
{
"meta": {
"page": 1,
"count": 1,
"total": 1,
"timestamp": 1350992335
},
"data": [
{
"rbacEnabled": true,
"ldapEnabled": false,
"ldapActiveDirectoryDomain": "ad.cfengine.com",
"ldapBaseDN": "DC=ad,DC=cfengine,DC=com",
"ldapEncryption": "plain",
"ldapHost": "ldap-server.cfengine.com",
"ldapLoginAttribute": "sAMAccountName",
"ldapMode": "activeDirectory",
"ldapPassword": "password",
"ldapPort": 389,
"ldapPortSSL": 636,
"ldapUsername": "test",
"ldapUsersDirectory": "CN=Users",
"blueHostHorizon": 900,
"logLevel": "error"
}
]
}
Example: Configuring LDAP
The setting ldapEnabled
turns external authentication on or off. When turned
on, the API will check to see that the other LDAP related settings make sense,
and attempt to authenticate using the configured credentials. If it is not
successful in doing this, no settings will be changed. The API will notify you
with a return code an a message describing the error.
Request
curl --user admin:admin http://test.cfengine.com/api/settings -X POST -d
{
"ldapEnabled": true,
"ldapActiveDirectoryDomain": "ad.cfengine.com",
"ldapBaseDN": "DC=ad,DC=example,DC=com",
"ldapEncryption": "ssl",
"ldapHost": "ldap-server.cfengine.com",
"ldapLoginAttribute": "sAMAccountName",
"ldapMode": "standard",
"ldapPassword": "password",
"ldapUsername": "test",
"ldapUsersDirectory": "ou",
}
Response
204 No Content
Example: Configuring Active Directory
Active Directory is configured in much the same way as OpenLDAP, but the
additional field ldapActiveDirectoryDomain
is required. ldapMode
is also
changed from standard
to activeDirectory
.
Request
curl --user admin:admin http://test.cfengine.com/api/settings -X POST -d
{
"ldapEnabled": true,
"ldapBaseDN": "DC=example,DC=com",
"ldapEncryption": "plain",
"ldapHost": "ad-server.cfengine.com",
"ldapLoginAttribute": "uid",
"ldapMode": "activeDirectory",
"ldapPassword": "password",
"ldapUsername": "test",
"ldapUsersDirectory": "CN=Users",
}
Response
204 No Content
Example: Changing The Log Level
The API uses standard Unix syslog to log a number of events. Additionally, log
events are sent to stderr
, which means they may also end up in your Apache
log. Log events are filtered based on the log level in settings. Suppose you
wanted to have greater visibility into the processing done at the backend. The
standard log level is error
. Changing it to info
is done as follows.
Request
curl --user admin:admin http://test.cfengine.com/api/settings -X POST -d
{
"logLevel": "info"
}
Response
204 No Content