LDAP Web Services


Overview

Universal Controller supports the following RESTful-based web services for LDAP Settings, which are listed alphabetically on this page.

Formatting specifications for each web service, including details about parameter requirements, are provided.

Read LDAP Settings


 Description

Consumes Content-Type

N/A

Description

Get LDAP Settings

Authentication

HTTP Basic

URI

http://host_name/uc/resources/ldap

HTTP Method

GET

Example URI

http://localhost:8080/uc/resources/ldap

Produces Content-Type

 application/xml, application/json

Read LDAP Settings: XML and JSON Examples

XMLJSON
 XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ldap exportReleaseLevel="7.7.0.0" exportTable="ops_ldap">
    <allowLocalLogin>false</allowLocalLogin>
    <baseDn>DC=qad,DC=stone,DC=branch</baseDn>
    <bindDn>administrator@qad</bindDn>
    <bindPassword />
    <connectTimeout>5</connectTimeout>
    <groupFilter>(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))</groupFilter>
    <groupMemberAttribute />
    <groupTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </groupTargetOuList>
    <loginMethod>Standard, Single Sign-On</loginMethod>
    <mappings>
        <mapping type="Group" column="manager">managedBy</mapping>
        <mapping type="Group" column="email">mail</mapping>
        <mapping type="User" column="manager">manager</mapping>
        <mapping type="User" column="phone">telephoneNumber</mapping>
        <mapping type="User" column="department">department</mapping>
        <mapping type="User" column="first_name">givenName</mapping>
        <mapping type="User" column="last_name">sn</mapping>
        <mapping type="User" column="mobile_phone">mobile</mapping>
        <mapping type="User" column="home_phone">homePhone</mapping>
        <mapping type="User" column="email">mail</mapping>
        <mapping type="User" column="title">title</mapping>
        <mapping type="Group" column="description">description1</mapping>
        <mapping type="User" column="middle_name">initials</mapping>
    </mappings>
    <readTimeout>30</readTimeout>
    <sysId>bb678a4f4d2c4fc4a1dc93b1ffe4bdfc</sysId>
    <useForAuthentication>true</useForAuthentication>
    <userFilter>(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))</userFilter>
    <userIdAttribute>sAMAccountName</userIdAttribute>
    <userMembershipAttribute>user member</userMembershipAttribute>
    <userTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </userTargetOuList>
</ldap>
 JSON
{
    "allowLocalLogin": false,
    "baseDn": "DC=qad,DC=stone,DC=branch",
    "bindDn": "administrator@qad",
    "bindPassword": null,
    "connectTimeout": 5,
    "exportReleaseLevel": "7.7.0.0",
    "exportTable": "ops_ldap",
    "groupFilter": "(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))",
    "groupMemberAttribute": null,
    "groupTargetOuList": null,
    "loginMethod": "Standard, Single Sign-On",
    "mappings": [
        {
            "attribute": "managedBy",
            "column": "manager",
            "type": "Group"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "Group"
        },
        {
            "attribute": "manager",
            "column": "manager",
            "type": "User"
        },
        {
            "attribute": "telephoneNumber",
            "column": "phone",
            "type": "User"
        },
        {
            "attribute": "department",
            "column": "department",
            "type": "User"
        },
        {
            "attribute": "givenName",
            "column": "first_name",
            "type": "User"
        },
        {
            "attribute": "sn",
            "column": "last_name",
            "type": "User"
        },
        {
            "attribute": "mobile",
            "column": "mobile_phone",
            "type": "User"
        },
        {
            "attribute": "homePhone",
            "column": "home_phone",
            "type": "User"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "User"
        },
        {
            "attribute": "title",
            "column": "title",
            "type": "User"
        },
        {
            "attribute": "description1",
            "column": "description",
            "type": "Group"
        },
        {
            "attribute": "initials",
            "column": "middle_name",
            "type": "User"
        }
    ],
    "readTimeout": 30,
    "sysId": "bb678a4f4d2c4fc4a1dc93b1ffe4bdfc",
    "useForAuthentication": true,
    "userFilter": "(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))",
    "userIdAttribute": "sAMAccountName",
    "userMembershipAttribute": "user member",
    "userTargetOuList": [
        "OU=TestUsers",
        "OU=TestOtherUsers"
    ]
}

Update LDAP Settings


 Description

Consumes Content-Type

 application/xml, application/json

Description

Modify LDAP Settings

Authentication

HTTP Basic

URI

http://host_name/uc/resources/ldap

HTTP Method

PUT

Example URI

http://localhost:8080/uc/resources/ldap

Produces Content-Type

 application/xml, application/json

Example Responses

  • Status 200

    • Successfully updated the LDAP Setting with id {uuid}.

  • Status 400

    • Error message.

  • Status 403

    • Operation prohibited due to security constraints.

  • Status 404

    • LDAP Setting with id "{uuid}" not found.

  • Status 500

    • Unexpected request failure. See log(s) for more details.

Update LDAP Settings: XML and JSON Examples

XMLJSON
 XML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ldap exportReleaseLevel="7.7.0.0" exportTable="ops_ldap">
    <allowLocalLogin>false</allowLocalLogin>
    <baseDn>DC=qad,DC=stone,DC=branch</baseDn>
    <bindDn>administrator@qad</bindDn>
    <bindPassword />
    <connectTimeout>5</connectTimeout>
    <groupFilter>(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))</groupFilter>
    <groupMemberAttribute />
    <groupTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </groupTargetOuList>
    <loginMethod>Standard, Single Sign-On</loginMethod>
    <mappings>
        <mapping type="Group" column="manager">managedBy</mapping>
        <mapping type="Group" column="email">mail</mapping>
        <mapping type="User" column="manager">manager</mapping>
        <mapping type="User" column="phone">telephoneNumber</mapping>
        <mapping type="User" column="department">department</mapping>
        <mapping type="User" column="first_name">givenName</mapping>
        <mapping type="User" column="last_name">sn</mapping>
        <mapping type="User" column="mobile_phone">mobile</mapping>
        <mapping type="User" column="home_phone">homePhone</mapping>
        <mapping type="User" column="email">mail</mapping>
        <mapping type="User" column="title">title</mapping>
        <mapping type="Group" column="description">description1</mapping>
        <mapping type="User" column="middle_name">initials</mapping>
    </mappings>
    <readTimeout>30</readTimeout>
    <sysId>bb678a4f4d2c4fc4a1dc93b1ffe4bdfc</sysId>
    <useForAuthentication>true</useForAuthentication>
    <userFilter>(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))</userFilter>
    <userIdAttribute>sAMAccountName</userIdAttribute>
    <userMembershipAttribute>user member</userMembershipAttribute>
    <userTargetOuList>
        <targetOu>OU=TestUsers</targetOu>
        <targetOu>OU=TestOtherUsers</targetOu>
    </userTargetOuList>
</ldap>
 JSON
{
    "allowLocalLogin": false,
    "baseDn": "DC=qad,DC=stone,DC=branch",
    "bindDn": "administrator@qad",
    "bindPassword": null,
    "connectionTimeout": 5,
    "exportReleaseLevel": "7.7.0.0",
    "exportTable": "ops_ldap",
    "groupFilter": "(&(objectClass=group)(objectCategory=group)(|(cn=GroupA)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch)))",
    "groupMemberAttribute": null,
    "groupTargetOuList": null,
    "loginMethod": "Standard, Single Sign-On",
    "mappings": [
        {
            "attribute": "managedBy",
            "column": "manager",
            "type": "Group"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "Group"
        },
        {
            "attribute": "manager",
            "column": "manager",
            "type": "User"
        },
        {
            "attribute": "telephoneNumber",
            "column": "phone",
            "type": "User"
        },
        {
            "attribute": "department",
            "column": "department",
            "type": "User"
        },
        {
            "attribute": "givenName",
            "column": "first_name",
            "type": "User"
        },
        {
            "attribute": "sn",
            "column": "last_name",
            "type": "User"
        },
        {
            "attribute": "mobile",
            "column": "mobile_phone",
            "type": "User"
        },
        {
            "attribute": "homePhone",
            "column": "home_phone",
            "type": "User"
        },
        {
            "attribute": "mail",
            "column": "email",
            "type": "User"
        },
        {
            "attribute": "title",
            "column": "title",
            "type": "User"
        },
        {
            "attribute": "description1",
            "column": "description",
            "type": "Group"
        },
        {
            "attribute": "initials",
            "column": "middle_name",
            "type": "User"
        }
    ],
    "readTimeout": 30,
    "sysId": "bb678a4f4d2c4fc4a1dc93b1ffe4bdfc",
    "useForAuthentication": true,
    "userFilter": "(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupA,OU=TestGroups,DC=qad,DC=stone,DC=branch))",
    "userIdAttribute": "sAMAccountName",
    "userMembershipAttribute": "user member",
    "userTargetOuList": [
        "OU=TestUsers",
        "OU=TestOtherUsers"
    ]
}

LDAP: Request Properties

Property

UI Field

Description

Required

allowLocalLogin

Allow Local Login

If the LDAP Synchronization Enabled Universal Controller system property is false, or if it is true but the Use for Authentication field is not enabled, an administrator must explicitly specify Allow Local Login to allow local account login for users that were provisioned through LDAP synchronization.

N

baseDn

Base DN

Starting point for searching the directory. For example: dc=stonebranch,dc=com. If you do not specify a Base DN, the search starts as the root of the directory tree.

N

url

URL

URL of the LDAP connection.

Y

bindDn

Bind DN or User

Distinguished Name (DN) or User ID used for initial access to the LDAP server.

N

bindPassword

Bind Password


N

useForAuthentication

Use for Authentication

If enabled, indicates that LDAP will be used for password authentication.

N

userIdAttribute

User Id Attribute

LDAP attribute for the specified User ID.
 
Options:

  • sAMAccountName

  • cn

  • uid

  • Other...

Y

userFilter

User Filter

Search filter for users.
 
If you do not specify a User Filter, the server uses (&(objectClass=user)(objectCategory=person)).

N

userTargetOuList

User Target OU List

Single- or multi-level target OU's (Organizational Units) within the Base DN directory to filter for user records.
 
For example, OU=Employees or OU=Employees,OU=Users.
 
If you do not specify one or more OU's, the entire sub-tree from the Base DN will be searched.

N

groupFilter

Group Filter

Search filter for groups.
 
If you do not specify a Group Filter, the server uses (&(objectClass=group)(objectCategory=group)).

N

groupTargetOuList

Group Target OU List

Single- or multi-level target OU's within the Base DN directory to filter for group records.
 
For example, OU=Universal Controller or OU=Universal Controller,OU=Groups.
 
If you do not specify one or more OU's, the entire sub-tree from the Base DN will be searched.

N

connectTimeout

Connect Timeout (Seconds)

Timeout for connecting to the LDAP server.

N

readTimeout

Read Timeout (Seconds)

Timeout for reading from the LDAP server.

N

userMembershipAttribute

User Membership Attribute

LDAP attribute for the groups in which a user is a member. If you do not specify a User Membership Attribute, the LDAP server uses memberOf (see the uc.ldap.users.synchronize_indirect Universal Controller start-up property.

N

groupMemberAttribute

Group Member Attribute

LDAP attribute for the members of a group. If you do not specify a Group Member Attribute, the LDAP server uses member (see the uc.ldap.groups.update_members Universal Controller start-up property.

N

loginMethod

Login Method

Login method(s) that an LDAP-provisioned user can authenticate with by default. The default is applied only at user creation time.
 
Options:

  • Standard
  • Single Sign-On
  • Standard, Single Sign-On
  • Standard / Authenticator App (TOTP)

  • Standard / Authenticator App (TOTP), Single Sign-On

Y

mappings


List of Controller columns mapped to LDAP attributes.


LDAP: Mapping Properties 

Property

UI Field

Description

Required

type

Type

Type of records.

Y

column

Column

Controller column being mapped to LDAP attribute.

Y

attribute

Attribute

LDAP attribute to which the Controller column is being mapped.

N

Update LDAP Bind Password


 Description

Consumes Content-Type

 N/A

Description

Modify LDAP Settings Bind Password

Authentication

HTTP Basic

URI

http://host_name/uc/resources/ldap/changeBindPwd

http://host_name/uc/resources/ldap/changebindpwd

HTTP Method

POST

Example URI

http://localhost:8080/uc/resources/ldap/changebindpwd

http://localhost:8080/uc/resources/ldap/changeBindPwd

Produces Content-Type

 application/xml, application/json

Body

New Password