Creating an LDAP Container Using an LDAP Group Source

A Group DN is used to identify the directory entry that is the group. When a Group DN is specified, a member attribute is also specified, which holds the collection of member identifiers, that is, their DNs. This provides the list of candidate resources.

1. Find out the LDAP Connection Shared Resources that are configured in ActiveMatrix Administrator by calling the listLdapConnections operation. Only those whose instance name is prefixed with "ldap/de/" will be listed.

   One of the returned sources must be specified as the primary LDAP source when calling the saveContainer operation to create the LDAP container.

   // Step 1 : Get a list of the LDAP Sources available <soapenv:Body> <dir:listLdapConnections/> </soapenv:Body>

   <SOAP-ENV:Body> <listLdapConnectionsResponse xmlns="http://directory.api.de.bpm.tibco.com">          <ldap-connection ldap-alias="deLdap5" provider-url="ldap://servername01096:10801/o=goCarInsuranceHeadOffice" xmlns=""/> <ldap-connection ldap-alias="deLdap4" provider-url="ldap://servername01096:10801/o=insuranceCorporate" xmlns=""/> <ldap-connection ldap-alias="system" provider-url="ldap://servername01096:10801/ou=system" xmlns=""/> <ldap-connection ldap-alias="deLdap6" provider-url="ldap://servername01096:10801/o=goCarInsuranceSales" xmlns=""/> <ldap-connection ldap-alias="deLdap3" provider-url="ldap://servername01096:10801/o=insuranceSales" xmlns=""/> <ldap-connection ldap-alias="deLdap2" provider-url="ldap://servername01096:10801/o=insuranceServices" xmlns=""/> <ldap-connection ldap-alias="easyAs" provider-url="ldap://servername01096:10801/o=easyAsInsurance" xmlns=""/>       </listLdapConnectionsResponse> </SOAP-ENV:Body>

2. Use the listAttributeNames operation to get the groups and member attribute that can be used when calling the saveContainer operation (see step 3).

   // Step 2: Use the required LDAP Connection alias to get a list // of possible attributes <soapenv:Body> <dir:listAttributeNames ldap-alias="deLdap2" base-dn="o=insuranceServices" ldap-query="(objectclass=organizationalRole)" sample-size="10"/> </soapenv:Body>

   <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header/> <SOAP-ENV:Body> <listAttributeNamesResponse base-dn="o=insuranceServices" entry-count="5" ldap-alias="deLdap2" ldap-query="(objectclass=organizationalRole)" xmlns="http://directory.api.de.bpm.tibco.com"> <attribute binary="false" name="roleoccupant" xmlns=""/> <attribute binary="false" name="ou" xmlns=""/> <attribute binary="false" name="objectClass" xmlns=""/> <attribute binary="false" name="cn" xmlns=""/> <sample-entry ldap-dn="OU=MIS, OU=groups, O=insuranceServices" xmlns=""> <attribute binary="false" name="roleoccupant"> <value>uid=chill,ou=Employees,o=insuranceServices</value> <value>uid=llawrence,ou=Employees,o=insuranceServices</value> </attribute> <attribute binary="false" name="ou"> <value>MIS</value> </attribute> <attribute binary="false" name="objectClass"> <value>organizationalRole</value> <value>top</value> </attribute> <attribute binary="false" name="cn"> <value>Motor Insurance Specialist</value> </attribute> </sample-entry> . . . <sample-entry ldap-dn="OU=TIS, OU=groups, O=insuranceServices" xmlns=""> <attribute binary="false" name="roleoccupant"> <value>uid=jeustace,ou=Employees,o=insuranceServices</value> <value>uid=lcourt,ou=Employees,o=insuranceServices</value> </attribute> <attribute binary="false" name="ou"> <value>TIS</value> </attribute> <attribute binary="false" name="objectClass"> <value>organizationalRole</value> <value>top</value> </attribute> <attribute binary="false" name="cn"> <value>Travel Insurance Specialist</value> </attribute> </sample-entry> </listAttributeNamesResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

3. Use the saveContainer operation to create and save a new LDAP container.

   The required parameters are:

   • name - This is the name you want assigned to the new LDAP container. It must be unique on the Directory Engine.
   • primary-ldap.ldap-alias - You must specify a primary LDAP source, and one that identifies a valid LDAP connection. A list of the available LDAP sources can be obtained using the listLdapConnections operation.
   • group-dn - The LDAP directory entry that is the group. If the following LDAP directory identifies the group, the group-DN is "ou=CSR,ou=groups,o=insuranceServices":
   • 
   • member-attribute - Identifies the attribute within the group entry that holds the collection of DNs that identifies the candidate resources. In the following example, the roleoccupant attribute identifies candidate resources:
   • 
   • resource-name-attributes - The attribute(s) whose value(s) the resource will use to log into the system.

     Additional optional parameters are also available for adding secondary LDAP group sources, setting up organizational relationships, etc. For information about those parameters, see saveContainer.

// Step 3: Create the new LDAP Container
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:dir="http://directory.api.de.bpm.tibco.com">
   <soapenv:Header/>
   <soapenv:Body>
      <dir:saveContainer name="Southeast" description="Southeast Region">
         <primary-group-ldap ldap-alias="deLdap2"                             resource-name-attributes="displayname"                             group-dn="OU=CSR,OU=groups,O=insuranceServices"
                             member-attribute="roleoccupant"
         </primary-group-ldap>
      </dir:saveContainer>
   </soapenv:Body>
</soapenv:Envelope>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
   <SOAP-ENV:Header/>
   <SOAP-ENV:Body>
      <saveContainerResponse container-id="11" xmlns="http://directory.api.de.bpm.tibco.com"/>
   </SOAP-ENV:Body>
</SOAP-ENV:Envelope>