LDAP

You can use the LDAP API to update account relationships between a GitHub Enterprise user or team and its linked LDAP entry or queue a new synchronization.

With the LDAP mapping endpoints, you're able to update the Distinguished Name (DN) that a user or team maps to. Note that the LDAP endpoints are generally only effective if your GitHub Enterprise appliance has LDAP Sync enabled. As of GitHub Enterprise 2.3.1, the Update LDAP mapping for a user can be used when LDAP is enabled, even if LDAP Sync is disabled.

Update LDAP mapping for a user

PATCH /admin/ldap/users/:username/mapping

Body parameters

Pass a JSON payload with the new LDAP Distinguished Name.

Example

'{"ldap_dn": "uid=asdf,ou=users,dc=github,dc=com"}'

Response

Status: 200 OK
{
  "ldap_dn": "uid=asdf,ou=users,dc=github,dc=com",
  "login": "octocat",
  "id": 1,
  "avatar_url": "https://github.com/images/error/octocat_happy.gif",
  "gravatar_id": "",
  "url": "https://api.github.com/users/octocat",
  "html_url": "https://github.com/octocat",
  "followers_url": "https://api.github.com/users/octocat/followers",
  "following_url": "https://api.github.com/users/octocat/following{/other_user}",
  "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
  "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
  "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
  "organizations_url": "https://api.github.com/users/octocat/orgs",
  "repos_url": "https://api.github.com/users/octocat/repos",
  "events_url": "https://api.github.com/users/octocat/events{/privacy}",
  "received_events_url": "https://api.github.com/users/octocat/received_events",
  "type": "User",
  "site_admin": false
}

Sync LDAP mapping for a user

Note that this API call does not automatically initiate an LDAP sync. Rather, if a 201 is returned, the sync job is queued successfully, and is performed when the instance is ready.

POST /admin/ldap/users/:username/sync

Response

Status: 201 Created
{
  "status": "queued"
}

Update LDAP mapping for a team

PATCH /admin/ldap/teams/:team_id/mapping

Body parameters

Pass a JSON payload with the new LDAP Distinguished Name.

Example

'{"ldap_dn": "cn=Enterprise Ops,ou=teams,dc=github,dc=com"}'

Response

Status: 200 OK
{
  "ldap_dn": "cn=Enterprise Ops,ou=teams,dc=github,dc=com",
  "id": 1,
  "url": "https://api.github.com/teams/1",
  "name": "Justice League",
  "slug": "justice-league",
  "description": "A great team.",
  "privacy": "closed",
  "permission": "admin",
  "members_url": "https://api.github.com/teams/1/members{/member}",
  "repositories_url": "https://api.github.com/teams/1/repos"
}

Sync LDAP mapping for a team

Note that this API call does not automatically initiate an LDAP sync. Rather, if a 201 is returned, the sync job is queued successfully, and is performed when the instance is ready.

POST /admin/ldap/teams/:team_id/sync

Response

Status: 201 Created
{
  "status": "queued"
}