AccountLockoutCounterResetAfter
|
Integer
|
Yes
|
The interval of time in seconds between the last failed login attempt and reset of the lockout threshold counter. This value must be less than or equal to AccountLockoutDuration. Reset sets the counter to zero.
|
AccountLockoutDuration
|
Integer
|
Yes
|
The time in seconds an account is locked out. The value must be greater than or equal to the value of the AccountLockoutCounterResetAfter property. If set to 0, no lockout occurs.
|
AccountLockoutThreshold
|
Integer
|
Yes
|
The number of failed login attempts allowed before a user account is locked for a specified duration. A value of 0 means it is never locked.
|
Accounts
|
String
|
Yes
|
A link to a collection of Manager Accounts.
|
ActiveDirectory
|
Object
|
Yes
|
The first ActiveDirectory external account provider this AccountService supports.
|
ActiveDirectory.Authentication
|
Object
|
Yes
|
Contains the authentication information for the external service.
|
ActiveDirectory.Authentication.KerberosKeytab
|
String
|
No
|
This property is used with a PATCH to write a base64 encoded version of the Kerberos keytab for the account. This property is null on a GET.
|
ActiveDirectory.RemoteRoleMapping
|
Array
|
Yes
|
The mapping rules to convert the external account providers account information to the local Redfish Role.
|
ActiveDirectory.RemoteRoleMapping.RemoteGroup
|
String
|
No
|
The name of the remote group, or the remote role in the case of a Redfish Service, that maps to the local Redfish Role to which this entity links.
|
ActiveDirectory.RemoteRoleMapping.LocalRole
|
String
|
No
|
The name of the local Redfish Role to which to map the remote user or group.
|
AdditionalExternalAccountProviders
|
Object
|
Yes
|
The additional external account providers this AccountService is using.
|
AuthFailureLoggingThreshold
|
Integer
|
Yes
|
The number of authorization failures allowed before the failure attempt is logged to the manager log.
|
LDAP
|
String
|
Yes
|
The first LDAP external account provider that AccountService supports.
|
LDAP.LDAPService
|
Object
|
Yes
|
The settings required to parse a generic LDAP service.
|
LDAP.LDAPService.BaseDistinguishedNames
|
String
|
No
|
The base distinguished names to use to search an external LDAP service.
|
LDAP.LDAPService.GroupNameAttribute
|
String
|
No
|
The attribute name that contains the LDAP group name entry.
|
LDAP.LDAPService.UsernameAttribute
|
String
|
No
|
The attribute name that contains the LDAP user name entry.
|
LDAP.RemoteRoleMapping
|
Array
|
Yes
|
The mapping rules to convert the external account providers account information to the local Redfish Role.
|
LDAP.RemoteRoleMapping.LocalRole
|
String
|
No
|
The name of the local Redfish Role to which to map the remote user or group.
|
LDAP.RemoteRoleMapping.RemoteGroup
|
String
|
No
|
The name of the remote group, or the remote role in the case of a Redfish Service, that maps to the local Redfish Role to which this entity links.
|
LDAP.ServiceAddresses
|
String
|
No
|
The addresses of the user account providers to which this external account provider links. The format of this field depends on the type of external account provider.
|
LDAP.ServiceEnabled
|
Boolean
|
No
|
An indication of whether the Account Service is enabled. If `true`, it is enabled. If `false`, it is disabled and users cannot be created, deleted, or modified, and new sessions cannot be started. However, established sessions may still continue to run. Any service, such as the Session Service, that attempts to access the disabled Account Service fails. However, this does not affect HTTP Basic Authentication connections.
|
LocalAccountAuth
|
String
|
Yes
|
Controls when this service will use the accounts defined withing this AccountService as part of authentication.
|
MaxPasswordLength
|
Integer
|
Yes
|
The maximum password length for this service.
|
MinPasswordLength
|
Integer
|
Yes
|
The minimum password length for this service.
|
PrivilegeMap
|
|
Yes
|
A reference to the Privilege mapping that defines the privileges needed to perform a requested operation on a URI associated with this service.
|
Roles
|
String
|
Yes
|
A link to a collection of Roles.
|
NOTE DMTF implementation for Redfish does not display all the assigned roles for a user. To view all the privileges, see the Users section in iDRAC GUI under iDRAC Settings.
|
ServiceEnabled
|
Boolean
|
Yes
|
Indicates whether this service is enabled. If set to false, the AccountService is disabled. This means no users can be created, deleted or modified. Any service attempting to access the AccountService resource (for example, the Session Service) will fail. New sessions cannot be started when the service is disabled. However, established sessions may still continue operating. This does not affect Basic AUTH connections.
|
Status
|
String
|
Yes
|
This property describes the status and health of the resource and its children.
|