Account Maps and Group Maps Using LDAP
- Andrea Harvey
On This Page
- 1 Overview
- 2 Test LDAP Connection
- 3 LDAP Configuration Options
- 4 Create an Account Map Integrated to LDAP
- 5 Query the LDAP Configuration for an Account or Group Map
- 5.1 Basic Query
- 5.2 Query by Map ID
- 5.2.1 Account Map
- 5.2.2 Group Map
- 5.3 Query by Job ID
- 5.3.1 Account Map
- 5.3.2 Group Map
- 5.4 Query Using Filters
- 6 Create a User Job Mapping Job That Uses LDAP
Overview
Lightweight Directory Access Protocol (LDAP) is an internet protocol used to look up data from a server. Using REST API calls, you can create an account map that integrates to LDAP. You can also query DryvIQ to return the LDAP configuration being used for an account map.
Test LDAP Connection
Use the following call to test the LDAP Connection. Replace the values with the information relevant to your server. This should return a status of 200 when a successful connection is made.
POST {{url}}v1/ldap/test |
|---|
{
"auth_type": "anonymous",
"dn": "string",
"name": "string",
"password": "string",
"port": 0,
"ssl": true,
"username": "string"
} |
LDAP Configuration Options
Below are the available configuration options for LDAP. The following sections provide samples of how to use the information to create and account map and query the information for an account map that is being used.
Field | Type | Description | Example |
Security Map Features | |||
ldap | Boolean | This field indicates if LDAP is being used. | true |
LDAP Server Definitions | |||
name | String | This field identifies the DNS name or IP address for the LDAP server. This is a required field. | |
port | Integer | This is the port number that should be used if other than 389 (the default). | 636 |
dn | String | This is the location within AD where you want to search for users. It is optional if you are using the DNS name for the server name rather than the IP Address. (The default should be good.) OU=Organizational Units. You can have multiple OUs, they can be comma separated. OU are containers for users or groups; think of them as folders. | dc=internal,dc=string,dc=com ou=accounts,dc=internal,dc=string,dc=com |
username | String | This field identifies the username that needs to be used to log on to the server. | domain\\joe_user |
password | String | This is the password for the above username. | Pa$$w0RdValu3 |
ssl | Boolean | Indicates if the LDAP server uses SSL for the connection | true |
LDAP Search Definitions | |||
server | LdapServerDefinition | LDAP server name. |
|
filter | String | This is the filter that should be applied when requesting users from LDAP. | sn=smith mapid=5f55f55fff5555f5f5f555ff55555555 jobid=1111111111a11a11111aa1aa11a11111 |
account_exclusion_pattern | String | This field is used to exclude specific accounts based on values in the account name (sAMAccountName). Exclusions are indicated using wild-card patterns. Multiple values must be separated by a semicolon ( ; ). | admin* |
Create an Account Map Integrated to LDAP
The example code below creates a one-to-one matching map from the LDAP server for the connections. Replace the server and connection ID values with the values applicable to your server and connections IDs with the IDs assigned to the connections you are using.
POST {{url}}v1/account_maps |
{
"name":"name assigned to the map you are creating",
"type": "account_map",
"unmapped_policy": "warn",
"map_by": {
"ldap": true,
"email": true
},
"ldap": {
"server": {
"name": "00.00.0.00",
"username": "domain\\user",
"password": "password"
}
},
"source": {
"connection": {
"id": "connection ID"
}
},
"destination": {
"connection": {
"id": "connection ID"
}
}
} |
Query the LDAP Configuration for an Account or Group Map
The example code below shows how to query the to return the LDAP configuration being used for an account map.
Basic Query
The example code below is a basic query to view the LDAP configurations being used for an account map.
GET {{url}}v1/ldap/query/accounts
The example code below is a basic query to view the LDAP configurations being used for a group map.
Query by Map ID
The example code below shows a query to view the LDAP configuration used for a specific map being used for an account map or group map (respectively).
Account Map
Group Map
Query by Job ID
The example code below shows a query to view the LDAP configuration used for a specific account map or group map being used for a specific job.
Account Map
Group Map
Query Using Filters
The example below shows a query using a filter for surname. Substitute additional filters as needed.
POST: {{url}}v1/ldap/query/accounts |
|---|
Create a User Job Mapping Job That Uses LDAP
When you want to use LDAP with a User Job Mapping job, you have to create the LDAP map when creating the job. This must be done through the REST API; LDAP maps cannot currently be created through the user interface. Example code is provided below to show how you can add the LDAP map information to the CREATE job call.
POST: {{url}}v1/jobs |
|---|