Prev Next

3.1. Listing users in a domain¶

GET /v3/users

Lists users in a domain.

Source: https://docs.openstack.org/api-ref/identity/v3/index.html?expanded=#list-users

3.1.1. Request¶

3.1.1.1. Parameters¶

Name	In	Type	Description
`domain_id` (Optional)	query	string	Filters the response by a domain ID.
`enabled` (Optional)	query	string	Filters the response by either enabled (`true`) or disabled (`false`) users.
`idp_id` (Optional)	query	string	Filters the response by an identity provider ID.
`name` (Optional)	query	string	Filters the response by a user name.
`password_expires_at` (Optional)	query	string	Filter results based on which user passwords have expired. The query should include an `operator` and a `timestamp` with a colon (`:`) separating the two, for example: password_expires_at={operator}:{timestamp} Valid operators are: `lt`, `lte`, `gt`, `gte`, `eq`, and `neq` lt: expiration time lower than the timestamp lte: expiration time lower than or equal to the timestamp gt: expiration time higher than the timestamp gte: expiration time higher than or equal to the timestamp eq: expiration time equal to the timestamp neq: expiration time not equal to the timestamp Valid timestamps are of the form: `YYYY-MM-DDTHH:mm:ssZ`. For example: /v3/users?password_expires_at=lt:2016-12-08T22:02:00Z The example would return a list of users whose password expired before the timestamp (`2016-12-08T22:02:00Z`).
`protocol_id` (Optional)	query	string	Filters the response by a protocol ID.
`unique_id` (Optional)	query	string	Filters the response by a unique ID.

To find out domain IDs, send a GET request to /v3/domains (see Listing domains).

3.1.1.2. Example¶

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' \
https://<node_IP_addr>:5000/v3/users?domain_id=f2eeaaf15c254d4fa10255796122c8ec

3.1.2. Response¶

3.1.2.1. Parameters¶

Name	In	Type	Description
`links`	body	object	The link to the collection of resources.
`users`	body	array	A list of `user` objects
`default_project_id` (Optional)	body	string	The ID of the default project for the user.
`domain_id`	body	string	The ID of the domain.
`enabled`	body	boolean	If the user is enabled, this value is `true`. If the user is disabled, this value is `false`.
`id`	body	string	The user ID.
`links`	body	object	The links for the `user` resource.
`name`	body	string	The user name. Must be unique within the owning domain.
`password_expires_at`	body	string	The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A `null` value indicates that the password never expires. New in version 3.7

3.1.2.2. Status codes¶

3.1.2.2.1. Success¶

Code	Reason
`200 - OK`	Request was successful.

3.1.2.2.2. Error¶

Code	Reason
`400 - Bad Request`	Some content in the request was invalid.
`401 - Unauthorized`	User must authenticate before making a request.
`403 - Forbidden`	Policy does not allow current user to do this operation.

3.1.2.3. Example¶

{
  "users": [
    {
      "password_expires_at": null,
      "name": "admin1",
      "links": {
        "self": "https://<node_IP_addr>:5000/v3/users/ebb3fe534b6443acb8d4e7bb1aa28489"
      },
      "email": "admin1@example.com",
      "domain_id": "f2eeaaf15c254d4fa10255796122c8ec",
      "enabled": true,
      "id": "ebb3fe534b6443acb8d4e7bb1aa28489",
      "options": {}
    },
    {
      "password_expires_at": null,
      "name": "user1",
      "links": {
        "self": "https://<node_IP_addr>:5000/v3/users/d74d88c8863048d79feae0f1e5ca2f52"
      },
      "email": "user1@example.com",
      "options": {
        "ignore_password_expiry": true
      },
      "domain_id": "f2eeaaf15c254d4fa10255796122c8ec",
      "enabled": true,
      "id": "d74d88c8863048d79feae0f1e5ca2f52",
      "options": {}
    },
    <...>
  ],
  "links": {
    "self": "https://<node_IP_addr>:5000/v3/users?domain_id=f2eeaaf15c254d4fa10255796122c8ec",
    "previous": null,
    "next": null
  }
}

Version 5.0.0 — Feb 01, 2022

Prev Next