Identity API

Replicated currently supports integration with LDAP. Identity API provides authentication and syncing with LDAP sever.

📘

Identity API Endpoint

The Identity API is part of the Integration API. To discover the Integration API base endpoint, query the REPLICATED_INTEGRATIONAPI environment variable from inside your container.

LDAP Authentication

/identity/v1/login

Authenticates the user and returns the corresponding entry properties.

Request payload

NameTypeDescription
usernameStringAs defined by the ldap_username_field setting
passwordStringCleartext passowrd

Response Status code

StatusDescription
200User authenticated successfully
401Invalid username or password

In case 200 is returned, the body of the response will contain LDAP properties for the authenticated user entry. The password attribute will be omitted from the result.

Response body

NameTypeDescription
DNStringLDAP DN for the user's entry
UsernameStringUsername
AttributesArrayAn array of available LDAP attributes for the user's entry, including any custom attributes for the user.
GroupsArrayArray of groups that the user belongs to. Each group contains group's DN and a list of its LDAP attributes.

Example

Note that the response JSON has been prettified for easier reading.

{
	"DN": "cn=Test User,ou=users,dc=replicated,dc=com",
	"Username": "testuser",
	"Groups": [{
		"DN": "cn=replicated,ou=groups,dc=replicated,dc=com",
		"ID": "501",
		"Name": "replicated",
		"Attributes": {
			"cn": ["replicated"],
			"gidnumber": ["501"],
			"memberuid": ["testuser", "testuser2", "testuser3", "testuser4"],
			"objectclass": ["posixGroup", "top"]
		}
	}],
	"Attributes": {
		"cn": ["Test User"],
		"gidnumber": ["500"],
		"givenname": ["Test"],
		"homedirectory": ["/home/users/testuser"],
		"objectclass": ["inetOrgPerson", "posixAccount", "top"],
		"sn": ["User"],
		"uid": ["testuser"],
		"uidnumber": ["1005"]
	}
}

/identity/v1/user/:username

Returns properties for the specified user.

Response Status code

200User authenticated successfully
401Invalid username or password (for LDAP search user)
404Requested user is not found

In case 200 is returned, the body of the response is the same as that of the /identity/v1/login call.

/identity/v1/user/:username/exists

Checks if the supplied username exists on the server and returns true or false.

In case 200 is returned, the body of the response will be true if the user exists or false otherwise.

StatusDescription
200Check completed successfully
401Invalid username or password

Examples

$ curl -k -i $REPLICATED_INTEGRATIONAPI/identity/v1/user/jdoe/exists
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Date: Wed, 14 Oct 2015 19:00:30 GMT
Content-Length: 4

true
$ curl -k -i $REPLICATED_INTEGRATIONAPI/identity/v1/user/badusername/exists
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Date: Wed, 14 Oct 2015 19:00:30 GMT
Content-Length: 5

false