Skip to main content

iDRAC9 Redfish API Guide Firmware version: 4.20.20.20

PDF

AccountService

Description

The AccountService schema contains properties for managing user accounts. The properties are common to all user accounts, such as password requirements, and control features such as account lockout. The schema also contains links to the collections of Manager Accounts and Roles.

Old URL

/redfish/v1/Managers/<Manager-Id>/AccountService

NOTE This URI was updated as per Open API compliance. The old URI may get deprecated in the upcoming release.

New URL

/redfish/v1/AccountService

Supported HTTP Method and Privileges


HTTP Method	Required Privilege
GET	Login
PATCH	ConfigureManager, Login

Table 1. Supported properties for AccountService
Property	Type	Read Only	Description
AccountLockoutCounterResetAfter	Integer	Yes	The interval of time in seconds between the last failed login attempt and reset of the lockout threshold counter. This value must be less than or equal to AccountLockoutDuration. Reset sets the counter to zero.
AccountLockoutDuration	Integer	Yes	The time in seconds an account is locked out. The value must be greater than or equal to the value of the AccountLockoutCounterResetAfter property. If set to 0, no lockout occurs.
AccountLockoutThreshold	Integer	Yes	The number of failed login attempts allowed before a user account is locked for a specified duration. A value of 0 means it is never locked.
Accounts	String	Yes	A link to a collection of Manager Accounts.
ActiveDirectory	Object	Yes	The first ActiveDirectory external account provider this AccountService supports.
ActiveDirectory.Authentication	Object	Yes	Contains the authentication information for the external service.
ActiveDirectory.Authentication.KerberosKeytab	String	No	This property is used with a PATCH to write a base64 encoded version of the Kerberos keytab for the account. This property is null on a GET.
ActiveDirectory.RemoteRoleMapping	Array	Yes	The mapping rules to convert the external account providers account information to the local Redfish Role.
ActiveDirectory.RemoteRoleMapping.RemoteGroup	String	No	The name of the remote group, or the remote role in the case of a Redfish Service, that maps to the local Redfish Role to which this entity links.
ActiveDirectory.RemoteRoleMapping.LocalRole	String	No	The name of the local Redfish Role to which to map the remote user or group.
AdditionalExternalAccountProviders	Object	Yes	The additional external account providers this AccountService is using.
AuthFailureLoggingThreshold	Integer	Yes	The number of authorization failures allowed before the failure attempt is logged to the manager log.
LDAP	String	Yes	The first LDAP external account provider that AccountService supports.
LDAP.LDAPService	Object	Yes	The settings required to parse a generic LDAP service.
LDAP.LDAPService.BaseDistinguishedNames	String	No	The base distinguished names to use to search an external LDAP service.
LDAP.LDAPService.GroupNameAttribute	String	No	The attribute name that contains the LDAP group name entry.
LDAP.LDAPService.UsernameAttribute	String	No	The attribute name that contains the LDAP user name entry.
LDAP.RemoteRoleMapping	Array	Yes	The mapping rules to convert the external account providers account information to the local Redfish Role.
LDAP.RemoteRoleMapping.LocalRole	String	No	The name of the local Redfish Role to which to map the remote user or group.
LDAP.RemoteRoleMapping.RemoteGroup	String	No	The name of the remote group, or the remote role in the case of a Redfish Service, that maps to the local Redfish Role to which this entity links.
LDAP.ServiceAddresses	String	No	The addresses of the user account providers to which this external account provider links. The format of this field depends on the type of external account provider.
LDAP.ServiceEnabled	Boolean	No	An indication of whether the Account Service is enabled. If `true`, it is enabled. If `false`, it is disabled and users cannot be created, deleted, or modified, and new sessions cannot be started. However, established sessions may still continue to run. Any service, such as the Session Service, that attempts to access the disabled Account Service fails. However, this does not affect HTTP Basic Authentication connections.
LocalAccountAuth	String	Yes	Controls when this service will use the accounts defined withing this AccountService as part of authentication.
MaxPasswordLength	Integer	Yes	The maximum password length for this service.
MinPasswordLength	Integer	Yes	The minimum password length for this service.
PrivilegeMap		Yes	A reference to the Privilege mapping that defines the privileges needed to perform a requested operation on a URI associated with this service.
Roles	String	Yes	A link to a collection of Roles.
NOTE DMTF implementation for Redfish does not display all the assigned roles for a user. To view all the privileges, see the Users section in iDRAC GUI under iDRAC Settings.
ServiceEnabled	Boolean	Yes	Indicates whether this service is enabled. If set to false, the AccountService is disabled. This means no users can be created, deleted or modified. Any service attempting to access the AccountService resource (for example, the Session Service) will fail. New sessions cannot be started when the service is disabled. However, established sessions may still continue operating. This does not affect Basic AUTH connections.
Status	String	Yes	This property describes the status and health of the resource and its children.

Supported Status Codes


HTTP Status Code	Extended Information	Error Code
200
401	Base.1.2.AccessDenied
404	Base.1.2.ResourceMissingAtURI	SYS403
405		SYS402
500	Base.1.2.InternalError	SYS446
503