1description: >
2    Implement to update LDAP mandatory properties.
3    Any service implementing User.Ldap.Config interface on one or more
4    objects must implement Object.Enable interface on the object.
5
6properties:
7    - name: LDAPServerURI
8      type: string
9      description: >
10          Specifies the LDAP URI of the server to connect to.
11      errors:
12          - xyz.openbmc_project.Common.Error.InternalFailure
13          - xyz.openbmc_project.Common.Error.InvalidArgument
14          - xyz.openbmc_project.Common.Error.NoCACertificate
15    - name: LDAPBindDN
16      type: string
17      description: >
18          Specifies the distinguished name with which to bind to the directory
19          server for lookups.
20      errors:
21          - xyz.openbmc_project.Common.Error.InternalFailure
22          - xyz.openbmc_project.Common.Error.InvalidArgument
23    - name: LDAPBindDNPassword
24      type: string
25      description: >
26          Specifies the credentials with which to bind,Implementation should
27          consider changing the permissions of the underlying file to
28          only grant access to the root user.
29          This property value should not be reflected on the D-bus object itself.
30          Implementation can use the given value and update the service
31          implementing the LDAP client.This is just to facilitate the support
32          for changing the bin dn password if needed.
33          Currently this property is over D-bus, There are security concerns
34          for the same, but once we find better way to update the ldap password
35          we would fix it.
36    - name: LDAPBaseDN
37      type: string
38      description: >
39          Specifies the base distinguished name to use as search base.
40      errors:
41          - xyz.openbmc_project.Common.Error.InternalFailure
42          - xyz.openbmc_project.Common.Error.InvalidArgument
43    - name: LDAPSearchScope
44      type: enum[self.SearchScope]
45      description: >
46          Specifies the search scope:subtree, one level or base object.
47      default: sub
48      errors:
49          - xyz.openbmc_project.Common.Error.InternalFailure
50    - name: LDAPType
51      type: enum[self.Type]
52      description: >
53          Specifies the the configured server is ActiveDirectory(AD) or
54          OpenLdap. It's just an indication for the LDAP stack running on
55          the BMC, in case the app is implemented in such a way that it has
56          to react differently for AD vs openldap.
57          This property is readonly, Once the D-Bus object gets created then
58          this property should not be modifiable.
59      errors:
60          - xyz.openbmc_project.Common.Error.InternalFailure
61          - xyz.openbmc_project.Common.Error.NotAllowed
62    - name: GroupNameAttribute
63      type: string
64      description: >
65          The value of this property shall be the attribute name
66          that contains the name of the Group in the LDAP server.
67    - name: UserNameAttribute
68      type: string
69      description: >
70          The value of this property shall be the attribute name
71          that contains the username in the LDAP server.
72enumerations:
73    - name: SearchScope
74      description: >
75          Possible base scopes.
76      values:
77          - name: sub
78          - name: one
79          - name: base
80
81    - name: Type
82      description: >
83          Possible LDAP Types.
84      values:
85          - name: ActiveDirectory
86          - name: OpenLdap
87