LDAP

the ldap connector allows for streamlined interaction with ldap directory services, enabling automated management of directory entries the ldap turbine connector allows for streamlined integration with ldap directory services, enabling efficient user and group management within the swimlane turbine platform it provides essential functionalities such as adding, deleting, modifying, and searching ldap entries, which are crucial for maintaining an up to date and secure directory by leveraging this connector, swimlane turbine users can automate directory synchronization, enforce access controls, and ensure consistent identity management across their security infrastructure the connector's low code interface simplifies complex ldap interactions, making it accessible for users of all technical levels prerequisites to utilize the ldap connector for swimlane turbine effectively, ensure you have the following ldap server credentials and access details server url the address of the ldap server you wish to connect to bind dn the distinguished name used to bind to the ldap server bind password the password for the bind dn search base the starting point for directory server searches search filter the criteria used to filter ldap search results capabilities this connector provides the following ldap operations search query all users query system custom query user is member of group add add user add computer add contact add shared folder add organizational unit custom create delete delete user delete computer delete contact delete shared folder delete organizational unit modify disable user enable user modify password modify password at next login update system update container custom update use cases microsoft active directory see the examples below to implement your own microsoft active directory functionalities for more information please read the https //learn microsoft com/en us/openspecs/windows protocols/ms adts/d2435927 0999 4c62 8c6d 13ba31a52e1a add user operation add inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local", "object class" \["person", "user"], "attributes" {} delete user operation delete inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local" disable user operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "useraccountcontrol", "operation" "modify replace", "value" \[ "514" ] } ] enable user operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "useraccountcontrol", "operation" "modify replace", "value" \[ "512" ] } ] query all users operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" modify password operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "userpassword", "operation" "modify replace", "value" \[ "123qwe" ] } ] modify password at next login operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "pwdlastset", "operation" "modify replace", "value" \[ "0" ] } ] add computer operation add inputs "dn" "cn=windowsnt,ou=executives,dc=testdomain,dc=local", "object class" \["computer"] delete computer operation delete inputs "dn" "cn=windowsnt,ou=executives,dc=testdomain,dc=local" add contact operation add inputs "dn" "cn=a contact,ou=friends,dc=testdomain,dc=local", "object class" \["contact"] delete contact operation delete inputs "dn" "cn=a contact,ou=friends,dc=testdomain,dc=local" add shared folder operation add inputs "dn" "cn=a folder,ou=friends,dc=testdomain,dc=local", "object class" \["volume"] delete shared folder operation delete inputs "dn" "cn=a folder,ou=friends,dc=testdomain,dc=local" update system operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "operatingsystem", "operation" "modify replace", "value" \[ "windows server 2012" ] } ] add organizational unit operation add inputs "dn" "ou=organizational unit name,ou=friends,dc=testdomain,dc=local", "object class" \["organizationalunit"] delete organizational unit operation delete inputs "dn" "ou=organization unit name,ou=friends,dc=testdomain,dc=local" update container operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "email", "operation" "modify replace", "value" \[ "new email\@example com" ] } ] custom update operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "sn", "operation" "modify replace", "value" \[ "swimlane" ] } ] custom create operation add inputs "dn" "cn=nacho libre,ou=friends,dc=testdomain,dc=local", "object class" \["top", "person", "organizationalperson", "user"], "attributes" {} query system operation search inputs "search base" "cn=windowsnt,ou=executives,dc=testdomain,dc=local", "search filter" "(&(objectclass=computer)(objectcategory=person)(|(cn= )))" custom query operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" "attributes" {} user is member of group operation search inputs "search base" "cn=leeroy jenkins,ou=friends,dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" https //ldap3 readthedocs io/en/latest/operations html https //ldap3 readthedocs io/en/latest/modify html in the case of using the ldap modify connector action, please pass the input changes parameter as shown below "changes" \[ {"attribute name" "memberof", "operation" "modify add", "value" \["cn=group1,ou=groups,dc=testdomain,dc=local"]}, {"attribute name" "memberof", "operation" "modify delete", "value" \["cn=group2,ou=groups,dc=testdomain,dc=local"]}, {"attribute name" "useraccountcontrol", "operation" "modify replace", "value" \["514"]} ] configurations ldap authentication authenticates ldap server configuration parameters parameter description type required host address to the target host string optional domain name domain name string optional port port number number optional user username string optional password password string optional use ssl use ssl boolean optional connect timeout the timeout in seconds for each connection attempt number optional verify ssl verify ssl certificate boolean optional auto bind auto bind string optional authentication authentication string optional actions add adds a new entry to the ldap directory using the provided distinguished name (dn) input argument name type required description dn string required parameter for add object class array optional parameter for add attributes object optional parameter for add attributes name string optional name of the resource input example {"dn" "cn=charles,ou=friends,dc=testdomain,dc=local","object class" \["person"],"attributes" {"name" "charles darwin"}} delete removes an entry from the ldap directory using the specified distinguished name (dn) input argument name type required description dn string required parameter for delete input example {"dn" "cn=nacho libre,ou=friends,dc=testdomain,dc=local"} modify modifies an existing ldap directory entry using the distinguished name (dn) and specified changes input argument name type required description dn string required parameter for modify changes array required parameter for modify changes attribute name string required the ldap attribute that needs to be modified example useraccountcontrol for enabling or disabling a user account changes operation string required the type of modification to be performed on the attribute supported operations are modify add, modify delete, modify replace, modify increment changes value array required the new value(s) for the specified attribute the format depends on the attribute type for example, setting useraccountcontrol to 514 disables an ldap user input example {"dn" "cn=john doe,ou=friends,dc=testdomain,dc=local"} search performs an ldap search with a specified base and filter to retrieve directory entries, respecting access controls input argument name type required description search base string required parameter for search search filter string required parameter for search attributes array optional ' ' will return all attributes, '1 1' will return no attributes (as per rfc 4511) and '+' will only return operational attributes (as per rfc 3673) search scope string optional parameter for search size limit number optional size limit input example {"search base" "dc=testdomain,dc=local","search filter" "(&(objectclass=user)(objectcategory=person)(|(cn=john doe)))","size limit" 10} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt