In our redfish solution we are supporting LDAP certificates using URI, "/redfish/v1/Managers/Self/RemoteAccountService/LDAP/Certificates". We came across Redfish Resource and Schema Guide document which specifies both URIs "/redfish/v1/AccountService" and "/redfish/v1/Managers/Self/RemoteAccountService" should follow same account service schema ( Ex: AccountService 1.3.1).
Suppose if user traverse to URI, "/redfish/v1/Managers/Self/RemoteAccountService/LDAP", is there any specific schema that we should follow or is it ok to return 404 http status code for URI "/redfish/v1/Managers/Self/RemoteAccountService/LDAP" even though we are supporting "/redfish/v1/Managers/Self/RemoteAccountService/LDAP/Certificates" ?
RemoteAccountService is to be only used when your implementation is aggregating other Redfish services. In the "Self" case, you don't use RemoteAccountService since your "self" account service is found at /redfish/v1/AccountService. The purpose of the RemoteAccountService link is if you want to control the AcccountService for a downstream Redfish service found on a remote manager. Here's the description of the RemoteAccountService property: This property shall contain a link to the account service resource for the remote manager that this resource represents. This property shall only be present when providing aggregation of Redfish services.
From a schema perspective, both "RemoteAccountService" and /redfish/v1/AccountService follow the same schema definition (AccountService_v1.xml). Within the AccountService definition, there's an LDAP object. So, "/redfish/v1/AccountService/LDAP" is not a valid URI, but the certificates for the LDAP object within the account service are found at /redfish/v1/AccountService/LDAP/Certificates. This additional segment is needed since there is also an ActiveDirectory object in the account service, which in turn can have its own certificates.