3.1. Listing users in a domain

GET /v3/users

Lists users in a domain.

Source: https://docs.openstack.org/api-ref/identity/v3/index.html?expanded=#list-users

3.1.1. Request

3.1.1.1. Parameters

Name In Type Description
domain_id (Optional) query string Filters the response by a domain ID.
enabled (Optional) query string Filters the response by either enabled (true) or disabled (false) users.
idp_id (Optional) query string Filters the response by an identity provider ID.
name (Optional) query string Filters the response by a user name.
password_expires_at (Optional) query string

Filter results based on which user passwords have expired. The query should include an operator and a timestamp with a colon (:) separating the two, for example:

password_expires_at={operator}:{timestamp}
  • Valid operators are: lt, lte, gt, gte, eq, and neq
    • lt: expiration time lower than the timestamp
    • lte: expiration time lower than or equal to the timestamp
    • gt: expiration time higher than the timestamp
    • gte: expiration time higher than or equal to the timestamp
    • eq: expiration time equal to the timestamp
    • neq: expiration time not equal to the timestamp
  • Valid timestamps are of the form: YYYY-MM-DDTHH:mm:ssZ.

For example:

/v3/users?password_expires_at=lt:2016-12-08T22:02:00Z

The example would return a list of users whose password expired before the timestamp (2016-12-08T22:02:00Z).

protocol_id (Optional) query string Filters the response by a protocol ID.
unique_id (Optional) query string Filters the response by a unique ID.

To find out domain IDs, send a GET request to /v3/domains (see Listing domains).

3.1.1.2. Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' \
https://<node_IP_addr>:5000/v3/users?domain_id=f2eeaaf15c254d4fa10255796122c8ec

3.1.2. Response

3.1.2.1. Parameters

Name In Type Description
links body object The link to the collection of resources.
users body array A list of user objects
default_project_id (Optional) body string The ID of the default project for the user.
domain_id body string The ID of the domain.
enabled body boolean If the user is enabled, this value is true. If the user is disabled, this value is false.
id body string The user ID.
links body object The links for the user resource.
name body string The user name. Must be unique within the owning domain.
password_expires_at body string

The date and time when the password expires. The time zone is UTC.

This is a response object attribute; not valid for requests. A null value indicates that the password never expires.

New in version 3.7

3.1.2.2. Status codes

3.1.2.2.1. Success

Code Reason
200 - OK Request was successful.

3.1.2.2.2. Error

Code Reason
400 - Bad Request Some content in the request was invalid.
401 - Unauthorized User must authenticate before making a request.
403 - Forbidden Policy does not allow current user to do this operation.

3.1.2.3. Example

{
  "users": [
    {
      "password_expires_at": null,
      "name": "admin1",
      "links": {
        "self": "https://<node_IP_addr>:5000/v3/users/ebb3fe534b6443acb8d4e7bb1aa28489"
      },
      "email": "admin1@example.com",
      "domain_id": "f2eeaaf15c254d4fa10255796122c8ec",
      "enabled": true,
      "id": "ebb3fe534b6443acb8d4e7bb1aa28489",
      "options": {}
    },
    {
      "password_expires_at": null,
      "name": "user1",
      "links": {
        "self": "https://<node_IP_addr>:5000/v3/users/d74d88c8863048d79feae0f1e5ca2f52"
      },
      "email": "user1@example.com",
      "options": {
        "ignore_password_expiry": true
      },
      "domain_id": "f2eeaaf15c254d4fa10255796122c8ec",
      "enabled": true,
      "id": "d74d88c8863048d79feae0f1e5ca2f52",
      "options": {}
    },
    <...>
  ],
  "links": {
    "self": "https://<node_IP_addr>:5000/v3/users?domain_id=f2eeaaf15c254d4fa10255796122c8ec",
    "previous": null,
    "next": null
  }
}