LDAP Object Management by OU (DN)

The following operations allow to access an LDAP object directly by its OU reference. Keep in mind that only objects that are correctly mapped in LDAP backend Service Data configuration (sections tenantMapping, groupMapping, userMapping) will be taken into account. These objects must reflect the Broadworks tenant, group and user levels.

Note: what is called here OU is usually called DN (Distinguished Name) in LDAP terminology. The choice of the name OU instead of UN is unfortunately coming from the very first implementation where the resources searched where of type OU and ity could not have been changed afterwards due to backward compatibility.

Retrieve an object by OU (DN)

GET /api/v1/ldap/(string: ldap_id)/ou/(string: ou)/

Gets the requested OU (DN) for the selected LDAP backend. This OU (DN) will be searched according to the LDAP backend Service Data configuration. The resulting object if found will be explicitly mapped to a tenant, a group or a user according the OU (DN) structure.

Example request:

GET /api/v1/ldap/Customer_LDAP_Concentrator/ou/uid=ldap_user_1,ou=ldap_group_1,ou=ldap_tenant_1,ou=Instance1,dc=vendor,dc=intra/ HTTP/1.1
Host: example.com

Example response:

HTTP/1.1 200 OK
Content-Type: "application/json"

{
   "user": {
      "id": "christophe.bury@tenant1.acud.eg",
      "ou": "uid=christophe.bury@tenant1.acud.eg,ou=ACUDGroup1,ou=ACUDtenant1,ou=Instance1,dc=acud,dc=intra",
      "fullName": "Christophe BURY",
      "lastName": "BURY",
      "parents": {
         "tenant": {
            "id": "ACUDtenant1",
            "ou": "ou=ACUDtenant1,ou=Instance1,dc=acud,dc=intra"
         },
         "group": {
            "id": "ACUDGroup1",
            "ou": "ou=ACUDGroup1,ou=ACUDtenant1,ou=Instance1,dc=acud,dc=intra"
         }
      }
   }
}
Response JSON Object:

  • tenant/group/user (object) – according to the mapped OU, a tenant, group or user as defined by LDAP Object Details

Status Codes:

Note

To help retrieval of parents object, a parents structure has been added to the result. This structure lists all parent objects from current one in the LDAP tree up to the tenant level. They are referenced by their id and ou.

Create an object by OU (DN)

POST /api/v1/ldap/(string: ldap_id)/ou/(string: ou)/

Creates a new LDAP tenant, group or user according to the OU passed and its mapped level. Parameters set as input of the service are not fixed and may vary according to LDAP backend Service Data configuration (sections tenantMapping, groupMapping, userMapping).

Authorization Right: System Admin.

Example request:

POST /api/v1/ldap/Customer_LDAP_Concentrator/ou/ou=ldap_tenant_1,ou=Instance1,dc=vendor,dc=intra/ HTTP/1.1
Host: example.com
Content-Type: "application/json"

{
   "description": "Tenant created by OU"
}
Request JSON Object:

  • <ldap_attribute> (object) – any valid attribute for the mapped type of OUdefined by LDAP Object Details

Example response:

HTTP/1.1 200 OK
Content-Type: "application/json"

{
   "created": {
      "tenant": "ou=ldap_tenant_1,ou=Instance1,dc=vendor,dc=intra"
   }
}
Response JSON Object:

  • created (object) – contains the complete LDAP OU reference of the created tenant, object or user

Status Codes:

  • 200 OK – no error.

  • 400 Bad Request – format of the JSON input data not valid or object already exists.

Modify an existing object by OU (DN)

PUT /api/v1/ldap/(string: ldap_id)/ou/(string: ou)/

Modifies a new LDAP tenant, group or user according to the OU (DN) passed and its mapped level. Parameters set as input of the service are not fixed and may vary according to LDAP backend Service Data configuration (sections tenantMapping, groupMapping, userMapping).

Authorization Right: System Admin.

Example request:

PUT /api/v1/ldap/Customer_LDAP_Concentrator/ou/uid=ldap.user@netaxis.be,ou=ldap_group_1,ou=ldap_tenant_1,ou=Instance1,dc=vendor,dc=intra/ HTTP/1.1
Host: example.com
Content-Type: "application/json"

{
   "firstName": "Test",
   "lastName": "Modified by OU"
}
Request JSON Object:

  • <ldap_attribute> (object) –

    any valid attribute defined by LDAP Object Details

    Note

    If you want to delete an attribute, put this attribute in the request body and use JSON value null

Example response:

HTTP/1.1 200 OK
Content-Type: "application/json"

{
   "results": {
      "firstName": "modified",
      "lastName": "modified"
   }
}
Response JSON Object:

  • results (object) – a summary of performed actions on every passed attribute

Status Codes:

Delete an object by OU (DN)

DELETE /api/v1/ldap/(string: ldap_id)/ou/(string: ou)/

Deletes an LDAP object by its OU (DN) identity. Only applies if the OU could be matched to a valid tenant, group or user level.

Authorization Right: System Admin.

Example request:

DELETE /api/v1/ldap/Customer_LDAP_Concentrator/tenants/ou/ou=ldap_tenant_1,ou=Instance1,dc=acud,dc=intra/ HTTP/1.1
Host: example.com

Example response:

HTTP/1.1 200 OK
Content-Type: "application/json"

{
   "deleted": {
      "tenant": "ou=ldap_tenant_1,ou=Instance1,dc=vendor,dc=intra"
   }
}
Response JSON Object:

  • deleted (object) – contains the complete LDAP OU (DN) reference of the deleted tenant, group or user

Status Codes: