1description: >
2    Implement to update LDAP mandatory properties. Any service implementing
3    User.Ldap.Config interface on one or more objects must implement
4    Object.Enable interface on the object.
5
6properties:
7    - name: LDAPServerURI
8      type: string
9      description: >
10          Specifies the LDAP URI of the server to connect to.
11      errors:
12          - xyz.openbmc_project.Common.Error.InternalFailure
13          - xyz.openbmc_project.Common.Error.InvalidArgument
14          - xyz.openbmc_project.Common.Error.NoCACertificate
15    - name: LDAPBindDN
16      type: string
17      description: >
18          Specifies the distinguished name with which to bind to the directory
19          server for lookups.
20      errors:
21          - xyz.openbmc_project.Common.Error.InternalFailure
22          - xyz.openbmc_project.Common.Error.InvalidArgument
23    - name: LDAPBindDNPassword
24      type: string
25      description: >
26          Specifies the credentials with which to bind,Implementation should
27          consider changing the permissions of the underlying file to only grant
28          access to the root user. This property value should not be reflected
29          on the D-bus object itself. Implementation can use the given value and
30          update the service implementing the LDAP client.This is just to
31          facilitate the support for changing the bin dn password if needed.
32          Currently this property is over D-bus, There are security concerns for
33          the same, but once we find better way to update the ldap password we
34          would fix it.
35    - name: LDAPBaseDN
36      type: string
37      description: >
38          Specifies the base distinguished name to use as search base.
39      errors:
40          - xyz.openbmc_project.Common.Error.InternalFailure
41          - xyz.openbmc_project.Common.Error.InvalidArgument
42    - name: LDAPSearchScope
43      type: enum[self.SearchScope]
44      description: >
45          Specifies the search scope:subtree, one level or base object.
46      default: sub
47      errors:
48          - xyz.openbmc_project.Common.Error.InternalFailure
49    - name: LDAPType
50      type: enum[self.Type]
51      description: >
52          Specifies the the configured server is ActiveDirectory(AD) or
53          OpenLdap. It's just an indication for the LDAP stack running on the
54          BMC, in case the app is implemented in such a way that it has to react
55          differently for AD vs openldap. This property is readonly, Once the
56          D-Bus object gets created then this property should not be modifiable.
57      errors:
58          - xyz.openbmc_project.Common.Error.InternalFailure
59          - xyz.openbmc_project.Common.Error.NotAllowed
60    - name: GroupNameAttribute
61      type: string
62      description: >
63          The value of this property shall be the attribute name that contains
64          the name of the Group in the LDAP server.
65    - name: UserNameAttribute
66      type: string
67      description: >
68          The value of this property shall be the attribute name that contains
69          the username in the LDAP server.
70enumerations:
71    - name: SearchScope
72      description: >
73          Possible base scopes.
74      values:
75          - name: sub
76          - name: one
77          - name: base
78
79    - name: Type
80      description: >
81          Possible LDAP Types.
82      values:
83          - name: ActiveDirectory
84          - name: OpenLdap
85