14.1.1.7. Resolver endpoints

The code of this module is tested in tests/test_api_system.py

GET /resolver/(resolver)
GET /resolver/

returns a json list of the specified resolvers. The passwords of resolvers (e.g. Bind PW of the LDAP resolver or password of the SQL resolver) will be returned as “__CENSORED__”. You can run a POST request to update the data and eduMFA will ignore the “__CENSORED__” password or you can even run a testresolver.

Parameters:
  • resolver (str) – the name of the resolver

  • type (str) – Only return resolvers of type (like passwdresolver..)

  • editable (str) – Set to “1” if only editable resolvers should be returned.

Return:

a json result with the configuration of resolvers

POST /resolver/(resolver)

This creates a new resolver or updates an existing one. A resolver is uniquely identified by its name.

If you update a resolver, you do not need to provide all parameters. Parameters you do not provide are left untouched. When updating a resolver you must not change the type! You do not need to specify the type, but if you specify a wrong type, it will produce an error.

Parameters:
  • resolver (str) – the name of the resolver.

  • type – the type of the resolver. Valid types are passwdresolver,

ldapresolver, sqlresolver, scimresolver :type type: str :return: a json result with the value being the database id (>0)

Additional parameters depend on the resolver type.

LDAP:
  • LDAPURI

  • LDAPBASE

  • AUTHTYPE

  • BINDDN

  • BINDPW

  • TIMEOUT

  • CACHE_TIMEOUT

  • SIZELIMIT

  • LOGINNAMEATTRIBUTE

  • LDAPSEARCHFILTER

  • LDAPFILTER

  • LOGINNAMEATTRIBUTE

  • MULTIVALUEATTRIBUTES

  • USERINFO

  • UIDTYPE

  • NOREFERRALS - True|False

  • NOSCHEMAS - True|False

  • EDITABLE - True|False

  • START_TLS - True|False

  • TLS_VERIFY - True|False

  • TLS_VERSION

SQL:
  • Database

  • Driver

  • Server

  • Port

  • User

  • Password

  • Table

  • Map

Passwd
  • Filename

DELETE /resolver/(resolver)

This function deletes an existing resolver. A resolver can not be deleted, if it is contained in a realm

Parameters:
  • resolver – the name of the resolver to delete.

Return:

json with success or fail

POST /resolver/test

Send the complete parameters of a resolver to the eduMFA server to test, if these settings will result in a successful connection. If you are testing existing resolvers, you can send the “__CENSORED__” password. eduMFA will use the already stored password from the database.

Return:

a json result with True, if the given values can create a working resolver and a description.