Ldap

the ldap connector allows for the management of directory information services through actions such as add, modify, delete, and search within an ldap directory the ldap turbine connector allows for seamless integration with ldap directories, enabling efficient user and directory management within the swimlane turbine platform it provides a suite of actions such as adding, deleting, modifying, and searching ldap entries, which can be used to automate directory synchronization and user management tasks by leveraging this connector, swimlane turbine users can streamline identity management processes, enforce security policies, and maintain up to date directory information without manual intervention prerequisites to utilize the ldap connector in your swimlane environment, ensure you have the following prerequisites ldap server credentials and access details server url the address of the ldap server you wish to connect to bind dn the distinguished name used to bind to the ldap server bind password the password associated with the bind dn for authentication base dn the base distinguished name from which ldap operations should be performed capabilities this connector provides the following ldap operations search query all users query system custom query user is member of group add add user add computer add contact add shared folder add organizational unit custom create delete delete user delete computer delete contact delete shared folder delete organizational unit modify disable user enable user modify password modify password at next login update system update container custom update use cases microsoft active directory see the examples below to implement your own microsoft active directory functionalities for more information please read the https //learn microsoft com/en us/openspecs/windows protocols/ms adts/d2435927 0999 4c62 8c6d 13ba31a52e1a add user operation add inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local", "object class" \["person", "user"], "attributes" {} delete user operation delete inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local" disable user operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "useraccountcontrol", "operation" "modify replace", "value" \[ "514" ] } ] enable user operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "useraccountcontrol", "operation" "modify replace", "value" \[ "512" ] } ] query all users operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" modify password operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "userpassword", "operation" "modify replace", "value" \[ "123qwe" ] } ] modify password at next login operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "pwdlastset", "operation" "modify replace", "value" \[ "0" ] } ] add computer operation add inputs "dn" "cn=windowsnt,ou=executives,dc=testdomain,dc=local", "object class" \["computer"] delete computer operation delete inputs "dn" "cn=windowsnt,ou=executives,dc=testdomain,dc=local" add contact operation add inputs "dn" "cn=a contact,ou=friends,dc=testdomain,dc=local", "object class" \["contact"] delete contact operation delete inputs "dn" "cn=a contact,ou=friends,dc=testdomain,dc=local" add shared folder operation add inputs "dn" "cn=a folder,ou=friends,dc=testdomain,dc=local", "object class" \["volume"] delete shared folder operation delete inputs "dn" "cn=a folder,ou=friends,dc=testdomain,dc=local" update system operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "operatingsystem", "operation" "modify replace", "value" \[ "windows server 2012" ] } ] add organizational unit operation add inputs "dn" "ou=organizational unit name,ou=friends,dc=testdomain,dc=local", "object class" \["organizationalunit"] delete organizational unit operation delete inputs "dn" "ou=organization unit name,ou=friends,dc=testdomain,dc=local" update container operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "email", "operation" "modify replace", "value" \[ "new email\@example com" ] } ] custom update operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "sn", "operation" "modify replace", "value" \[ "swimlane" ] } ] custom create operation add inputs "dn" "cn=nacho libre,ou=friends,dc=testdomain,dc=local", "object class" \["top", "person", "organizationalperson", "user"], "attributes" {} query system operation search inputs "search base" "cn=windowsnt,ou=executives,dc=testdomain,dc=local", "search filter" "(&(objectclass=computer)(objectcategory=person)(|(cn= )))" custom query operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" "attributes" {} user is member of group operation search inputs "search base" "cn=leeroy jenkins,ou=friends,dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" https //ldap3 readthedocs io/en/latest/operations html https //ldap3 readthedocs io/en/latest/modify html in the case of using the ldap modify connector action, please pass the input changes parameter as shown below "changes" \[ {"attribute name" "memberof", "operation" "modify add", "value" \["cn=group1,ou=groups,dc=testdomain,dc=local"]}, {"attribute name" "memberof", "operation" "modify delete", "value" \["cn=group2,ou=groups,dc=testdomain,dc=local"]}, {"attribute name" "useraccountcontrol", "operation" "modify replace", "value" \["514"]} ] configurations ldap authentication authenticates ldap server configuration parameters parameter description type required host address to the target host string optional domain name domain name string optional port port number number optional user username string optional password password string optional use ssl use ssl boolean optional connect timeout the timeout in seconds for each connection attempt number optional verify ssl verify ssl certificate boolean optional auto bind auto bind string optional authentication authentication string optional actions add adds a new entry to the ldap directory with the specified distinguished name (dn) input argument name type required description dn string required parameter for add object class array optional parameter for add attributes object optional parameter for add attributes name string optional name of the resource to csv boolean optional when true, also return the add operation result as a csv file object input example {"dn" "cn=charles,ou=friends,dc=testdomain,dc=local","object class" \["person"],"attributes" {"name" "charles darwin"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} delete removes an entry from the ldap directory using the provided distinguished name (dn) input argument name type required description dn string required parameter for delete to csv boolean optional when true, also return the delete operation result as a csv file object input example {"dn" "cn=nacho libre,ou=friends,dc=testdomain,dc=local"} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} modify modifies an existing ldap directory entry using the distinguished name (dn) and specified changes input argument name type required description dn string required parameter for modify changes array required parameter for modify changes attribute name string required the ldap attribute that needs to be modified example useraccountcontrol for enabling or disabling a user account changes operation string required the type of modification to be performed on the attribute supported operations are modify add, modify delete, modify replace, modify increment changes value array required the new value(s) for the specified attribute the format depends on the attribute type for example, setting useraccountcontrol to 514 disables an ldap user to csv boolean optional when true, also return the modify operation result as a csv file object input example {"dn" "cn=john doe,ou=friends,dc=testdomain,dc=local"} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} search performs an ldap search using a specified base and filter to retrieve directory entries while respecting access controls input argument name type required description search base string required parameter for search search filter string required parameter for search attributes array optional ' ' will return all attributes, '1 1' will return no attributes (as per rfc 4511) and '+' will only return operational attributes (as per rfc 3673) search scope string optional parameter for search size limit number optional size limit to csv boolean optional when true, also return the search results as a csv file object input example {"search base" "dc=testdomain,dc=local","search filter" "(&(objectclass=user)(objectcategory=person)(|(cn=john doe)))","size limit" 10} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt