Account Maps and Group Maps Using LDAP



On This Page

Overview

Lightweight Directory Access Protocol (LDAP) is an internet protocol used to look up data from a server. Using REST API calls, you can create an account map that integrates to LDAP. You can also query DryvIQ to return the LDAP configuration being used for an account map.

Test LDAP Connection

Use the following call to test the LDAP Connection. Replace the values with the information relevant to your server. This should return a status of 200 when a successful connection is made.

POST {{url}}v1/ldap/test

POST {{url}}v1/ldap/test

{ "auth_type": "anonymous", "dn": "string", "name": "string", "password": "string", "port": 0, "ssl": true, "username": "string" }

LDAP Configuration Options

Below are the available configuration options for LDAP. The following sections provide samples of how to use the information to create and account map and query the information for an account map that is being used.

Field

Type

Description

Example

Security Map Features

ldap

Boolean

This field indicates if LDAP is being used.

true

LDAP Server Definitions

name

String

This field identifies the DNS name or IP address for the LDAP server. This is a required field.

xx.xx.x.xxx

port

Integer

This is the port number that should be used if other than 389 (the default).
If you are using SSL set to true, the default port is 636.

636

dn

String

This is the location within AD where you want to search for users. It is optional if you are using the DNS name for the server name rather than the IP Address. (The default should be good.)

OU=Organizational Units. You can have multiple OUs, they can be comma separated. OU are containers for users or groups; think of them as folders.
DC= Domain Controller. For each dot, you need additional DC.

dc=internal,dc=string,dc=com

ou=accounts,dc=internal,dc=string,dc=com

username

String

This field identifies the username that needs to be used to log on to the server.

domain\\joe_user

password

String

This is the password for the above username.

Pa$$w0RdValu3

ssl

Boolean

Indicates if the LDAP server uses SSL for the connection

true

LDAP Search Definitions

server

LdapServerDefinition

LDAP server name.

 

filter

String

This is the filter that should be applied when requesting users from LDAP.

sn=smith
(filters users whose surname is smith)

mapid=5f55f55fff5555f5f5f555ff55555555
(filters by map with the specified ID)

jobid=1111111111a11a11111aa1aa11a11111
(filters by job with the specified ID)

account_exclusion_pattern

String

This field is used to exclude specific accounts based on values in the account name (sAMAccountName). Exclusions are indicated using wild-card patterns. Multiple values must be separated by a semicolon ( ; ).

admin*
(Excludes accounts that include “admin” in the account name.)

Create an Account Map Integrated to LDAP

The example code below creates a one-to-one matching map from the LDAP server for the connections. Replace the server and connection ID values with the values applicable to your server and connections IDs with the IDs assigned to the connections you are using.

POST {{url}}v1/account_maps

{ "name":"name assigned to the map you are creating", "type": "account_map", "unmapped_policy": "warn", "map_by": { "ldap": true, "email": true }, "ldap": { "server": { "name": "00.00.0.00", "username": "domain\\user", "password": "password" } }, "source": { "connection": { "id": "connection ID" } }, "destination": { "connection": { "id": "connection ID" } } }

Query the LDAP Configuration for an Account or Group Map

The example code below shows how to query the to return the LDAP configuration being used for an account map.

Basic Query

The example code below is a basic query to view the LDAP configurations being used for an account map.

GET {{url}}v1/ldap/query/accounts

 

The example code below is a basic query to view the LDAP configurations being used for a group map.

 

Query by Map ID

The example code below shows a query to view the LDAP configuration used for a specific map being used for an account map or group map (respectively).

Account Map

Group Map

 

Query by Job ID

The example code below shows a query to view the LDAP configuration used for a specific account map or group map being used for a specific job.

Account Map

Group Map

 

Query Using Filters

The example below shows a query using a filter for surname. Substitute additional filters as needed.

POST: {{url}}v1/ldap/query/accounts

POST: {{url}}v1/ldap/query/accounts

Create a User Job Mapping Job That Uses LDAP

When you want to use LDAP with a User Job Mapping job, you have to create the LDAP map when creating the job. This must be done through the REST API; LDAP maps cannot currently be created through the user interface. Example code is provided below to show how you can add the LDAP map information to the CREATE job call.

POST: {{url}}v1/jobs

POST: {{url}}v1/jobs

DryvIQ Migrate Version: 5.9.1
Release Date: November 7, 2024