Update Password (LDAP Gateway)
PUT {{apiPath}}/environments/{{envID}}/users/{{userID}}/password
Use the PUT /environments/{{envID}}/users/{{userID}}/password endpoint to configure a user to use the LDAP gateway as the password authority when the user already exists in PingOne. This operation uses the application/vnd.pingidentity.password.setGateway+json custom media type as the content type in the request header.
Note: In the LDAP gateway configuration, the userTypes.passwordAuthority property specifies the password authority. If LDAP is the password authority, then PingOne does not migrate the password to the PingOne directory. The user’s password is removed from PingOne, and credential validation requests are sent to the LDAP directory through the LDAP gateway. The user's password state is set as EXTERNAL. If PING_ONE is the password authority, and the user's password is not set, then the user’s password is migrated from the LDAP directory to PingOne the next time the user signs on.
If PING_ONE is the password authority, follow this process to migrate a user password from the LDAP gateway to PingOne:
Set up the password gateway configuration for the user. For more information, see Gateway Management and the
password.externalproperties in User Operations.If the user already has a password set in PingOne, call this operation with an empty string (
{}) in the request body to unset the user password. If the user's password is not set, this step can be skipped.If PingOne is the password authority, on the user's next sign on, the user’s password is migrated from the LDAP directory to PingOne.
Prerequisites
- See Users and User Passwords for important overview information.
| Property | Type | Required? |
|---|---|---|
value | String | Required |
forceChange | Boolean | Required |
password.external.gateway.id | String | Optional |
password.external.gateway.correlationAttributes | Object | Optional |
password.external.gateway.correlationAttributes.uid | String | Optional |
password.external.gateway.correlationAttributes.mail | String | Optional |
password.external.gateway.userType.id | String | Optional |
See the User operations data model for full property descriptions.
Request Body
{"id"=>"{{gatewayID}}", "userType"=>{"id"=>"{{userTypeID}}"}, "correlationAttributes"=>{"uid"=>"eFudd", "mail"=>"eFudd@example.com"}}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string |
RESPONSES
status: OK
{"_links":{"self":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/a1dad115-5d2f-469d-9c02-de0523402995/password"},"environment":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"user":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/a1dad115-5d2f-469d-9c02-de0523402995"},"passwordPolicy":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/cd502ee4-176a-438a-a947-a4d8cffb0fdb"},"password.check":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/a1dad115-5d2f-469d-9c02-de0523402995/password"},"password.reset":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/a1dad115-5d2f-469d-9c02-de0523402995/password"},"password.set":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/a1dad115-5d2f-469d-9c02-de0523402995/password"},"password.recover":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/a1dad115-5d2f-469d-9c02-de0523402995/password"}},"environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"user":{"id":"a1dad115-5d2f-469d-9c02-de0523402995"},"passwordPolicy":{"id":"cd502ee4-176a-438a-a947-a4d8cffb0fdb"},"status":"OK","lastChangedAt":"2023-01-24T15:56:49.360Z","warnings":{"expires":"2023-07-25T15:56:49.360Z"}}