Versions Compared

Old Version 12

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 13

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Read LDAP Settings: XML and JSON Examples




Expand
titleXML
Code Block
languagetext
<?xml
version="1.0"
encoding="UTF-8"
standalone="yes"?>
<ldap
exportReleaseLevel="7.5.0.0"
exportTable="ops_ldap">
    <allowLocalLogin>false</allowLocalLogin>
    <baseDn>DC=qad,DC=stone,DC=branch</baseDn>
    <bindDn>administrator@qad</bindDn>
<bindPassword /> <connectTimeout>5</connectTimeout>
    <bindPassword />
    <connectTimeout>5</connectTimeout>
    <groupFilter>(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))</groupFilter>
<groupMemberAttribute /> <groupTargetOuList>
    <groupMemberAttribute />
    <groupTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </groupTargetOuList>
    <loginMethod>Standard,
Single
Sign-On</loginMethod>
<mappings> <mapping
    <mappings>
        <mapping type="Group"
column="manager">managedBy</mapping>
<mapping type
        <mapping type="Group"
column="email">mail</mapping>
<mapping
        <mapping type="User"
column="manager">manager</mapping>
<mapping
        <mapping type="User"
column="phone">telephoneNumber</mapping>
<mapping
        <mapping type="User"
column="department">department</mapping>
<mapping
        <mapping type="User"
column="first_name">givenName</mapping>
<mapping type
        <mapping type="User"
column="last_name">sn</mapping>
<mapping
        <mapping type="User"
column="mobile_phone">mobile</mapping>
<mapping
        <mapping type="User"
column="home_phone">homePhone</mapping>
<mapping
        <mapping type="User"
column="email">mail</mapping>
<mapping
        <mapping type="User"
column="title">title</mapping>
<mapping type
        <mapping type="Group"
column="description">description1</mapping>
<mapping
        <mapping type="User"
column="middle_name">initials</mapping>
    </mappings>
    <readTimeout>30</readTimeout>
    <sysId>bb678a4f4d2c4fc4a1dc93b1ffe4bdfc</sysId>
<url>ldap
    <url>ldap://qa-dc1.stone.branch:389</
url>
url>
    <useForAuthentication>true</useForAuthentication>
<userFilter>
    <userFilter>(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))</userFilter>
    <userIdAttribute>sAMAccountName</userIdAttribute>
<userMembershipAttribute>user
    <userMembershipAttribute>user member</userMembershipAttribute>
<userTargetOuList>
    <userTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </userTargetOuList>
</ldap>



Expand
titleJSON
Code Block
languagetext
{ "allowLocalLogin": false, "
{
    "allowLocalLogin": false,
    "baseDn":
"DC=qad,DC=stone,DC=branch",
    "bindDn":
"administrator@qad",
    "bindPassword":
null,
    "connectTimeout":
5,
    "exportReleaseLevel":
"7.5.0.0",
    "exportTable":
"ops_ldap",
    "groupFilter":
"(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))",
    "groupMemberAttribute":
null,
    "groupTargetOuList":
null,
    "loginMethod":
"Standard,
Single
Sign-On",
    "mappings":
[ {
[
        {
            "attribute":
"managedBy",
"column":
            "column": "manager",
            "type":
"Group"
}, {
        },
        {
            "attribute":
"mail",
            "column":
"email",
            "type":
"Group"
}, {
        },
        {
            "attribute":
"manager",
            "column":
"manager",
            "type":
"User"
}, {
        },
        {
            "attribute":
"telephoneNumber",
            "column":
"phone",
            "type":
"User"
}, {
        },
        {
            "attribute":
"department",
            "column":
"department",
            "type":
"User"
}, { "attribute": "givenName",
        },
        {
            "attribute": "givenName",
            "column":
"first_name",
            "type":
"User"
}, {
        },
        {
            "attribute":
"sn",
            "column":
"last_name",
            "type":
"User"
}, {
        },
        {
            "attribute":
"mobile",
            "column":
"mobile_phone",
            "type":
"User"
}, {
        },
        {
            "attribute":
"homePhone",
            "column":
"home_phone",
            "type":
"User"
}, {
        },
        {
            "attribute":
"mail",
            "column":
"email",
            "type":
"User"
}, {
        },
        {
            "attribute":
"title",
            "column":
"title",
            "type":
"User"
}, {
        },
        {
            "attribute":
"description1",
            "column":
"description",
            "type":
"Group"
}, {
        },
        {
            "attribute":
"initials",
            "column":
"middle_name",
            "type":
"User"
} ],
        }
    ],
    "readTimeout":
30,
    "sysId":
"bb678a4f4d2c4fc4a1dc93b1ffe4bdfc",
    "url":
"ldap://qa-dc1.stone.branch:389",
    "useForAuthentication":
true,
    "userFilter":
"(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))",
    "userIdAttribute":
"sAMAccountName",
    "userMembershipAttribute":
"user
member",
    "userTargetOuList":
[
[
        "OU=TestUsers",
        "OU=TestOtherUsers"
]
    ]
}


Update LDAP Settings


 Description

Consumes Content-Type

 application/xml, application/json

Description

Modify LDAP Settings

Authentication

HTTP Basic

URI

http://host_name/uc/resources/ldap

HTTP Method

PUT

Example URI

http://localhost:8080/uc/resources/ldap

Produces Content-Type

 application/xml, application/json

Example Responses

  • Status 200

    • Successfully updated the LDAP Setting with id {uuid}.

  • Status 400

    • Error message.

  • Status 403

    • Operation prohibited due to security constraints.

  • Status 404

    • LDAP Setting with id "{uuid}" not found.

  • Status 500

    • Unexpected request failure. See log(s) for more details.

Update LDAP Settings: XML and JSON Examples




language
<?xml
version="1.0"
encoding="UTF-8"
standalone="yes"?>
<ldap
exportReleaseLevel="7.5.0.0"
exportTable="ops_ldap">
    <allowLocalLogin>false</allowLocalLogin>
    <baseDn>DC=qad,DC=stone,DC=branch</baseDn>
    <bindDn>administrator@qad</bindDn>
<bindPassword /> <connectTimeout>5</connectTimeout>
    <bindPassword />
    <connectTimeout>5</connectTimeout>
    <groupFilter>(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))</groupFilter>
<groupMemberAttribute /> <groupTargetOuList>
    <groupMemberAttribute />
    <groupTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </groupTargetOuList>
    <loginMethod>Standard,
Single
Sign-On</loginMethod>
<mappings> <mapping
    <mappings>
        <mapping type="Group"
column="manager">managedBy</mapping>
<mapping
        <mapping type="Group"
column="email">mail</mapping>
<mapping
        <mapping type="User"
column="manager">manager</mapping>
<mapping
        <mapping type="User"
column="phone">telephoneNumber</mapping>
<mapping type
        <mapping type="User"
column="department">department</mapping>
<mapping
        <mapping type="User"
column="first_name">givenName</mapping>
<mapping
        <mapping type="User"
column="last_name">sn</mapping>
<mapping
        <mapping type="User"
column="mobile_phone">mobile</mapping>
<mapping
        <mapping type="User"
column="home_phone">homePhone</mapping>
<mapping type
        <mapping type="User"
column="email">mail</mapping>
<mapping
        <mapping type="User"
column="title">title</mapping>
<mapping
        <mapping type="Group"
column="description">description1</mapping>
<mapping
        <mapping type="User"
column="middle_name">initials</mapping>
    </mappings>
    <readTimeout>30</readTimeout>
    <sysId>bb678a4f4d2c4fc4a1dc93b1ffe4bdfc</sysId>
<url>ldap
    <url>ldap://qa-dc1.stone.branch:389</
url>
url>
    <useForAuthentication>true</useForAuthentication>
    <userFilter>(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))</userFilter>
    <userIdAttribute>sAMAccountName</userIdAttribute>
<userMembershipAttribute>user
    <userMembershipAttribute>user member</userMembershipAttribute>
<userTargetOuList>
    <userTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
<targetOu>OU=TestOtherUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </userTargetOuList>
</ldap>
Expand
titleXML
Code Block
text



{
{
    "allowLocalLogin":
false,
    "baseDn":
"DC=qad,DC=stone,DC=branch",
    "bindDn":
"administrator@qad",
    "bindPassword":
null,
    "connectionTimeout":
5,
"
    "exportReleaseLevel":
"7.5.0.0",
    "exportTable":
"ops_ldap",
    "groupFilter":
"(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))",
    "groupMemberAttribute":
null,
    "groupTargetOuList":
null,
    "loginMethod":
"Standard,
Single
Sign-On",
    "mappings":
[ {
[
        {
            "attribute":
"managedBy",
            "column":
"manager",
            "type":
"Group"
}, {
        },
        {
            "attribute":
"mail",
            "column":
"email",
            "type":
"Group"
}, {
        },
        {
            "attribute":
"manager",
            "column":
"manager",
            "type":
"User"
}, {
        },
        {
            "attribute":
"telephoneNumber",
            "column":
"phone",
            "type":
"User"
}, {
        },
        {
            "attribute":
"department",
            "column":
"department",
            "type":
"User"
}, {
        },
        {
            "attribute":
"givenName",
            "column":
"first_name",
            "type":
"User"
}, {
        },
        {
            "attribute":
"sn",
            "column":
"last_name",
            "type":
"User"
}, {
        },
        {
            "attribute":
"mobile",
            "column":
"mobile_phone",
            "type":
"User"
}, {
        },
        {
            "attribute":
"homePhone",
            "column":
"home_phone",
            "type":
"User"
}, {
        },
        {
            "attribute":
"mail",
            "column":
"email",
            "type":
"User"
}, {
        },
        {
            "attribute":
"title",
            "column":
"title",
            "type":
"User"
}, {
        },
        {
            "attribute":
"description1",
            "column":
"description",
            "type":
"Group"
}, {
        },
        {
            "attribute":
"initials"
,
,
            "column":
"middle_name",
            "type":
"User"
} ],
        }
    ],
    "readTimeout":
30,
    "sysId":
"bb678a4f4d2c4fc4a1dc93b1ffe4bdfc",
    "url":
"ldap://qa-dc1.stone.branch:389",
    "useForAuthentication":
true,
    "userFilter":
"(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))",
    "userIdAttribute":
"sAMAccountName",
    "userMembershipAttribute":
"user
member",
    "userTargetOuList":
[
[
        "OU=TestUsers",
        "OU=TestOtherUsers"
]
    ]
}
Expand
titleJSON
Code Block
languagetext


LDAP: Request Properties

Property

UI Field

Description

Required

allowLocalLogin

Allow Local Login

If the LDAP Synchronization Enabled Universal Controller system property is false, or if it is true but the Use for Authentication field is not enabled, an administrator must explicitly specify Allow Local Login to allow local account login for users that were provisioned through LDAP synchronization.

N

baseDn

Base DN

Starting point for searching the directory. For example: dc=stonebranch,dc=com. If you do not specify a Base DN, the search starts as the root of the directory tree.

N

url

URL

URL of the LDAP connection.

Y

bindDn

Bind DN or User

Distinguished Name (DN) or User ID used for initial access to the LDAP server.

N

bindPassword

Bind Password


N

useForAuthentication

Use for Authentication

If enabled, indicates that LDAP will be used for password authentication.

N

userIdAttribute

User Id Attribute

LDAP attribute for the specified User ID.
 
Options:

  • sAMAccountName

  • cn

  • uid

  • Other...

Y

userFilter

User Filter

Search filter for users.
 
If you do not specify a User Filter, the server uses (&(objectClass=user)(objectCategory=person)).

N

userTargetOuList

User Target OU List

Single- or multi-level target OU's (Organizational Units) within the Base DN directory to filter for user records.
 
For example, OU=Employees or OU=Employees,OU=Users.
 
If you do not specify one or more OU's, the entire sub-tree from the Base DN will be searched.

N

groupFilter

Group Filter

Search filter for groups.
 
If you do not specify a Group Filter, the server uses (&(objectClass=group)(objectCategory=group)).

N

groupTargetOuList

Group Target OU List

Single- or multi-level target OU's within the Base DN directory to filter for group records.
 
For example, OU=Universal Controller or OU=Universal Controller,OU=Groups.
 
If you do not specify one or more OU's, the entire sub-tree from the Base DN will be searched.

N

connectTimeout

Connect Timeout (Seconds)

Timeout for connecting to the LDAP server.

N

readTimeout

Read Timeout (Seconds)

Timeout for reading from the LDAP server.

N

userMembershipAttribute

User Membership Attribute

LDAP attribute for the groups in which a user is a member. If you do not specify a User Membership Attribute, the LDAP server uses memberOf (see the uc.ldap.users.synchronize_indirect Universal Controller start-up property.

N

groupMemberAttribute

Group Member Attribute

LDAP attribute for the members of a group. If you do not specify a Group Member Attribute, the LDAP server uses member (see the uc.ldap.groups.update_members Universal Controller start-up property.

N

loginMethod

Login Method

Login method(s) that an LDAP-provisioned user can authenticate with by default. The default is applied only at user creation time.
 
Options:

  • Standard

  • Single Sign-On

Y

mappings


List of Controller columns mapped to LDAP attributes.


...