Overview

Universal Controller supports the following RESTful-based web services for LDAP Settings, which are listed alphabetically on this page.

Read LDAP Settings
Update LDAP Settings
Update LDAP Bind Password

Formatting specifications for each web service, including details about parameter requirements, are provided.

Read LDAP Settings

	Description
Consumes Content-Type	N/A
Description	Get LDAP Settings
Authentication	HTTP Basic
URI	http://host_name/uc/resources/ldap
HTTP Method	GET
Example URI	http://localhost:8080/uc/resources/ldap
Produces Content-Type	application/xml, application/json

Read LDAP Settings: XML and JSON Examples

XML JSON

XML

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ldap exportReleaseLevel="7.7.0.0" exportTable="ops_ldap">
    <allowLocalLogin>false</allowLocalLogin>
    <baseDn>DC=qad,DC=stone,DC=branch</baseDn>
    <bindDn>administrator@qad</bindDn>
    <bindPassword />
    <connectTimeout>5</connectTimeout>
    <groupFilter>(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))</groupFilter>
    <groupMemberAttribute />
    <groupTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </groupTargetOuList>
    <loginMethod>Standard, Single Sign-On</loginMethod>
    <mappings>
        <mapping type="Group" column="manager">managedBy</mapping>
        <mapping type="Group" column="email">mail</mapping>
        <mapping type="User" column="manager">manager</mapping>
        <mapping type="User" column="phone">telephoneNumber</mapping>
        <mapping type="User" column="department">department</mapping>
        <mapping type="User" column="first_name">givenName</mapping>
        <mapping type="User" column="last_name">sn</mapping>
        <mapping type="User" column="mobile_phone">mobile</mapping>
        <mapping type="User" column="home_phone">homePhone</mapping>
        <mapping type="User" column="email">mail</mapping>
        <mapping type="User" column="title">title</mapping>
        <mapping type="Group" column="description">description1</mapping>
        <mapping type="User" column="middle_name">initials</mapping>
    </mappings>
    <readTimeout>30</readTimeout>
    <sysId>bb678a4f4d2c4fc4a1dc93b1ffe4bdfc</sysId>
    <url>ldap://qa-dc1.stone.branch:389</url>
    <useForAuthentication>true</useForAuthentication>
    <userFilter>(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))</userFilter>
    <userIdAttribute>sAMAccountName</userIdAttribute>
    <userMembershipAttribute>user member</userMembershipAttribute>
    <userTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </userTargetOuList>
</ldap>

JSON

{
    "allowLocalLogin": false,
    "baseDn": "DC=qad,DC=stone,DC=branch",
    "bindDn": "administrator@qad",
    "bindPassword": null,
    "connectTimeout": 5,
    "exportReleaseLevel": "7.7.0.0",
    "exportTable": "ops_ldap",
    "groupFilter": "(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))",
    "groupMemberAttribute": null,
    "groupTargetOuList": null,
    "loginMethod": "Standard, Single Sign-On",
    "mappings": [
        {
            "attribute": "managedBy",
            "column": "manager",
            "type": "Group"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "Group"
        },
        {
            "attribute": "manager",
            "column": "manager",
            "type": "User"
        },
        {
            "attribute": "telephoneNumber",
            "column": "phone",
            "type": "User"
        },
        {
            "attribute": "department",
            "column": "department",
            "type": "User"
        },
        {
            "attribute": "givenName",
            "column": "first_name",
            "type": "User"
        },
        {
            "attribute": "sn",
            "column": "last_name",
            "type": "User"
        },
        {
            "attribute": "mobile",
            "column": "mobile_phone",
            "type": "User"
        },
        {
            "attribute": "homePhone",
            "column": "home_phone",
            "type": "User"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "User"
        },
        {
            "attribute": "title",
            "column": "title",
            "type": "User"
        },
        {
            "attribute": "description1",
            "column": "description",
            "type": "Group"
        },
        {
            "attribute": "initials",
            "column": "middle_name",
            "type": "User"
        }
    ],
    "readTimeout": 30,
    "sysId": "bb678a4f4d2c4fc4a1dc93b1ffe4bdfc",
    "url": "ldap://qa-dc1.stone.branch:389",
    "useForAuthentication": true,
    "userFilter": "(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))",
    "userIdAttribute": "sAMAccountName",
    "userMembershipAttribute": "user member",
    "userTargetOuList": [
        "OU=TestUsers",
        "OU=TestOtherUsers"
    ]
}

Update LDAP Settings

	Description
Consumes Content-Type	application/xml, application/json
Description	Modify LDAP Settings
Authentication	HTTP Basic
URI	http://host_name/uc/resources/ldap
HTTP Method	PUT
Example URI	http://localhost:8080/uc/resources/ldap
Produces Content-Type	application/xml, application/json
Example Responses	Status 200 Successfully updated the LDAP Setting with id {uuid}. Status 400 Error message. Status 403 Operation prohibited due to security constraints. Status 404 LDAP Setting with id "{uuid}" not found. Status 500 Unexpected request failure. See log(s) for more details.

Update LDAP Settings: XML and JSON Examples

XML JSON

XML

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ldap exportReleaseLevel="7.7.0.0" exportTable="ops_ldap">
    <allowLocalLogin>false</allowLocalLogin>
    <baseDn>DC=qad,DC=stone,DC=branch</baseDn>
    <bindDn>administrator@qad</bindDn>
    <bindPassword />
    <connectTimeout>5</connectTimeout>
    <groupFilter>(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))</groupFilter>
    <groupMemberAttribute />
    <groupTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </groupTargetOuList>
    <loginMethod>Standard, Single Sign-On</loginMethod>
    <mappings>
        <mapping type="Group" column="manager">managedBy</mapping>
        <mapping type="Group" column="email">mail</mapping>
        <mapping type="User" column="manager">manager</mapping>
        <mapping type="User" column="phone">telephoneNumber</mapping>
        <mapping type="User" column="department">department</mapping>
        <mapping type="User" column="first_name">givenName</mapping>
        <mapping type="User" column="last_name">sn</mapping>
        <mapping type="User" column="mobile_phone">mobile</mapping>
        <mapping type="User" column="home_phone">homePhone</mapping>
        <mapping type="User" column="email">mail</mapping>
        <mapping type="User" column="title">title</mapping>
        <mapping type="Group" column="description">description1</mapping>
        <mapping type="User" column="middle_name">initials</mapping>
    </mappings>
    <readTimeout>30</readTimeout>
    <sysId>bb678a4f4d2c4fc4a1dc93b1ffe4bdfc</sysId>
    <url>ldap://qa-dc1.stone.branch:389</url>
    <useForAuthentication>true</useForAuthentication>
    <userFilter>(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))</userFilter>
    <userIdAttribute>sAMAccountName</userIdAttribute>
    <userMembershipAttribute>user member</userMembershipAttribute>
    <userTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </userTargetOuList>
</ldap>

JSON

{
    "allowLocalLogin": false,
    "baseDn": "DC=qad,DC=stone,DC=branch",
    "bindDn": "administrator@qad",
    "bindPassword": null,
    "connectionTimeout": 5,
    "exportReleaseLevel": "7.7.0.0",
    "exportTable": "ops_ldap",
    "groupFilter": "(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))",
    "groupMemberAttribute": null,
    "groupTargetOuList": null,
    "loginMethod": "Standard, Single Sign-On",
    "mappings": [
        {
            "attribute": "managedBy",
            "column": "manager",
            "type": "Group"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "Group"
        },
        {
            "attribute": "manager",
            "column": "manager",
            "type": "User"
        },
        {
            "attribute": "telephoneNumber",
            "column": "phone",
            "type": "User"
        },
        {
            "attribute": "department",
            "column": "department",
            "type": "User"
        },
        {
            "attribute": "givenName",
            "column": "first_name",
            "type": "User"
        },
        {
            "attribute": "sn",
            "column": "last_name",
            "type": "User"
        },
        {
            "attribute": "mobile",
            "column": "mobile_phone",
            "type": "User"
        },
        {
            "attribute": "homePhone",
            "column": "home_phone",
            "type": "User"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "User"
        },
        {
            "attribute": "title",
            "column": "title",
            "type": "User"
        },
        {
            "attribute": "description1",
            "column": "description",
            "type": "Group"
        },
        {
            "attribute": "initials",
            "column": "middle_name",
            "type": "User"
        }
    ],
    "readTimeout": 30,
    "sysId": "bb678a4f4d2c4fc4a1dc93b1ffe4bdfc",
    "url": "ldap://qa-dc1.stone.branch:389",
    "useForAuthentication": true,
    "userFilter": "(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))",
    "userIdAttribute": "sAMAccountName",
    "userMembershipAttribute": "user member",
    "userTargetOuList": [
        "OU=TestUsers",
        "OU=TestOtherUsers"
    ]
}

LDAP: Request Properties

Property	UI Field	Description	Required
`allowLocalLogin`	Allow Local Login	If the LDAP Synchronization Enabled Universal Controller system property is false, or if it is true but the Use for Authentication field is not enabled, an administrator must explicitly specify Allow Local Login to allow local account login for users that were provisioned through LDAP synchronization.	N
`baseDn`	Base DN	Starting point for searching the directory. For example: dc=stonebranch,dc=com. If you do not specify a Base DN, the search starts as the root of the directory tree.	N
`url`	URL	URL of the LDAP connection.	Y
`bindDn`	Bind DN or User	Distinguished Name (DN) or User ID used for initial access to the LDAP server.	N
`bindPassword`	Bind Password		N
`useForAuthentication`	Use for Authentication	If enabled, indicates that LDAP will be used for password authentication.	N
`userIdAttribute`	User Id Attribute	LDAP attribute for the specified User ID. Options: sAMAccountName cn uid Other...	Y
`userFilter`	User Filter	Search filter for users. If you do not specify a User Filter, the server uses (&(objectClass=user)(objectCategory=person)).	N
`userTargetOuList`	User Target OU List	Single- or multi-level target OU's (Organizational Units) within the Base DN directory to filter for user records. For example, OU=Employees or OU=Employees,OU=Users. If you do not specify one or more OU's, the entire sub-tree from the Base DN will be searched.	N
`groupFilter`	Group Filter	Search filter for groups. If you do not specify a Group Filter, the server uses (&(objectClass=group)(objectCategory=group)).	N
`groupTargetOuList`	Group Target OU List	Single- or multi-level target OU's within the Base DN directory to filter for group records. For example, OU=Universal Controller or OU=Universal Controller,OU=Groups. If you do not specify one or more OU's, the entire sub-tree from the Base DN will be searched.	N
`connectTimeout`	Connect Timeout (Seconds)	Timeout for connecting to the LDAP server.	N
`readTimeout`	Read Timeout (Seconds)	Timeout for reading from the LDAP server.	N
`userMembershipAttribute`	User Membership Attribute	LDAP attribute for the groups in which a user is a member. If you do not specify a User Membership Attribute, the LDAP server uses memberOf (see the uc.ldap.users.synchronize_indirect Universal Controller start-up property.	N
`groupMemberAttribute`	Group Member Attribute	LDAP attribute for the members of a group. If you do not specify a Group Member Attribute, the LDAP server uses member (see the uc.ldap.groups.update_members Universal Controller start-up property.	N
`loginMethod`	Login Method	Login method(s) that an LDAP-provisioned user can authenticate with by default. The default is applied only at user creation time. Options: Standard Single Sign-On Standard, Single Sign-On Standard / Authenticator App (TOTP) Standard / Authenticator App (TOTP), Single Sign-On	Y
`mappings`		List of Controller columns mapped to LDAP attributes.

LDAP: Mapping Properties

Property	UI Field	Description	Required
`type`	Type	Type of records.	Y
`column`	Column	Controller column being mapped to LDAP attribute.	Y
`attribute`	Attribute	LDAP attribute to which the Controller column is being mapped.	N

Update LDAP Bind Password

	Description
Consumes Content-Type	N/A
Description	Modify LDAP Settings Bind Password
Authentication	HTTP Basic
URI	http://host_name/uc/resources/ldap/changeBindPwd http://host_name/uc/resources/ldap/changebindpwd
HTTP Method	POST
Example URI	http://localhost:8080/uc/resources/ldap/changebindpwd http://localhost:8080/uc/resources/ldap/changeBindPwd
Produces Content-Type	application/xml, application/json
Body	New Password

Universal Controller 7.7.x

LDAP Web Services