Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Map LDAP Groups to Ops Manager Roles

Note

Groups and projects are synonymous terms. Your {GROUP-ID} is the same as your project id. For existing groups, your group/project id remains the same. This page uses the more familiar term group when referring to descriptions. The endpoint remains as stated in the document.

Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0

Resource

PATCH /groups/{GROUP-ID}

Request Parameters

Request Path Parameters

Name Type Description
GROUP-ID string (Required.) The unique identifier for the group.

Request Query Parameters

This endpoint may use any of the HTTP request query parameters available to all Ops Manager API resources. These are all optional.

Name Type Description Default
pretty boolean Flag indicating whether the response body should be in a prettyprint format. false
envelope boolean

Flag indicating whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, response body includes:

status
HTTP response code
envelope
The expected response body
false

Request Body Parameters

Name Type Description
id string The unique identifier for the group.
name string The display name for the group.
tags string array

The tags assigned to the group for use in programmatically identifying the group.

A project can have up to 10 tags. Tags follow these rules:

  • Are case-sensitive
  • Can contain these characters:
    • A through Z
    • 0 through 9
    • . (period)
    • _ (underscore)
    • - (dash)
  • Are limited to 32 characters
ldapGroupMappings object array For LDAP-backed Ops Manager, the mappings of LDAP groups to Ops Manager roles. Only present for LDAP-backed Ops Manager.

Response

Name Type Description
activeAgentCount number

The number of active agents of any type (Monitoring, Backup, Automation) sending regular pings to Ops Manager.

The value is refreshed every 30 minutes. If you start a new agent or stop an existing one, the change can take up to 30 minutes to show up in the activeAgentCount field.

agentApiKey string

The agent API key for the group.

You must have the Project Owner or Global Read Only role to view this field.

hostCounts object The total number of hosts by type. The embedded fields should be self-explanatory.
id string The unique identifier for the group.
lastActiveAgent date The time Ops Manager last updated the activeAgentCount total for the group. Ops Manager runs a job every 30 minutes to record the number of active agents of any type (Monitoring, Backup, Automation).
ldapGroupMappings object array For LDAP-backed Ops Manager, the mappings of LDAP groups to Ops Manager roles. Only present for LDAP-backed Ops Manager.
ldapGroupMappings.roleName string

The Ops Manager user role. The mapping of User Role to roleName follows:

User Role roleName Value
Project Owner (required) GROUP_OWNER
Project Automation Admin GROUP_AUTOMATION_ADMIN
Project Backup Admin GROUP_BACKUP_ADMIN
Project Monitoring Admin GROUP_MONITORING_ADMIN
Project Data Access Admin GROUP_DATA_ACCESS_ADMIN
Project Read Only GROUP_READ_ONLY
ldapGroupMappings.ldapGroups string array The LDAP group(s) that map to the Ops Manager role.
links object array One or more links to sub-resources and/or related resources. The relations between URLs are explained in the Web Linking Specification
name string The display name for the group.
orgId string The unique identifier for the organization to which the group/project belongs.
publicApiEnabled boolean The indicator that the Public API is enabled for this group. This is a read-only field that is always true.
replicaSetCount number The total number of replica sets for this group.
shardCount number The total number of shards for this group.
tags string array

The tags assigned to the group for use in programmatically identifying the group.

A project can have up to 10 tags. Tags follow these rules:

  • Are case-sensitive
  • Can contain these characters:
    • A through Z
    • 0 through 9
    • . (period)
    • _ (underscore)
    • - (dash)
  • Are limited to 32 characters

Example Request

curl --user "{username}:{apiKey}" --digest \
 --header "Accept: application/json" \
 --header "Content-Type: application/json" \
 --include \
 --request PATCH "https://{opsManagerHost}:{port}/api/public/v1.0/groups/{GROUP-ID}?pretty=true" \
 --data '
   {
     "ldapGroupMappings" : [ {
       "roleName": "GROUP_OWNER",
       "ldapGroups": [ {LDAP-Group} ]
      }]
   }'

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}

Response Body

{
  "id": "{GROUP-ID}",
  "name": "My Group",
  "orgId" : "111111111aaaaaf38dc78bdf",
  "hostCounts": {
    "arbiter": 2,
    "config": 1,
    "primary": 4,
    "secondary": 8,
    "mongos": 2,
    "master": 0,
    "slave": 0
  },
  "lastActiveAgent": ISODate("2016-08-05T07:23:34Z"),
  "activeAgentCount": 1,
  "replicaSetCount": 3,
  "shardCount": 2,
  "publicApiEnabled": true,
  "agentApiKey": "{API-KEY}",
  "tags": [ "DEV", "PRODUCT" ],
  "ldapGroupMappings" : [ {
    "roleName": "GROUP_OWNER",
    "ldapGroups": [ {LDAP-GROUP} ]
  }, ... ],
  "links" : []
}