1 files changed, 83 insertions, 0 deletions

diff --git a/xyz/openbmc_project/User/Ldap/Config.interface.yaml b/xyz/openbmc_project/User/Ldap/Config.interface.yaml
new file mode 100644
index 0000000..42c7126
--- /dev/null
+++ b/xyz/openbmc_project/User/Ldap/Config.interface.yaml
@@ -0,0 +1,83 @@
+description: >
+    Implement to update LDAP mandatory properties.
+
+properties:
+    - name: LDAPServerURI
+      type: string
+      description: >
+          Specifies the LDAP URI of the server to connect to.
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+        - xyz.openbmc_project.Common.Error.InvalidArgument
+        - xyz.openbmc_project.Common.Error.NoCACertificate
+    - name: LDAPBindDN
+      type: string
+      description: >
+          Specifies the distinguished name with which to bind to the directory
+          server for lookups.
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+        - xyz.openbmc_project.Common.Error.InvalidArgument
+    - name: LDAPBindDNPassword
+      type: string
+      description: >
+          Specifies the credentials with which to bind,Implementation should
+          consider changing the permissions of the underlying file to
+          only grant access to the root user.
+          This property value should not be reflected on the D-bus object itself.
+          Implementation can use the given value and update the service
+          implementing the LDAP client.This is just to facilitate the support
+          for changing the bin dn password if needed.
+          Currently this property is over D-bus, There are security concerns
+          for the same, but once we find better way to update the ldap password
+          we would fix it.
+    - name: LDAPBaseDN
+      type: string
+      description: >
+          Specifies the base distinguished name to use as search base.
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+        - xyz.openbmc_project.Common.Error.InvalidArgument
+    - name: LDAPSearchScope
+      type: enum[self.SearchScope]
+      description: >
+          Specifies the search scope:subtree, one level or base object.
+      default: sub
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+    - name: LDAPType
+      type: enum[self.Type]
+      description: >
+          Specifies the the configured server is ActiveDirectory(AD) or
+          OpenLdap. It's just an indication for the LDAP stack running on
+          the BMC, in case the app is implemented in such a way that it has
+          to react differently for AD vs openldap.
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+    - name: GroupNameAttribute
+      type: string
+      description: >
+          The value of this property shall be the attribute name
+          that contains the name of the Group in the LDAP server.
+    - name: UserNameAttribute
+      type: string
+      description: >
+          The value of this property shall be the attribute name
+          that contains the username in the LDAP server.
+enumerations:
+    - name: SearchScope
+      description: >
+          Possible base scopes.
+      values:
+        - name: sub
+        - name: one
+        - name: base
+
+    - name: Type
+      description: >
+          Possible LDAP Types.
+      values:
+        - name: ActiveDirectory
+        - name: OpenLdap
+
+# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4