Ldap

the ldap connector enables automated interaction with ldap directories, facilitating streamlined user and resource management ldap (lightweight directory access protocol) is a widely used protocol for managing and accessing directory services this connector allows swimlane turbine users to automate ldap directory management tasks such as adding, deleting, modifying, and searching for entries by integrating with ldap, swimlane turbine enhances security automation workflows, enabling efficient user synchronization and directory maintenance without manual intervention the connector's actions are designed to streamline directory operations, ensuring that user data is consistent and up to date across systems, which is crucial for maintaining access control and compliance in security sensitive environments prerequisites to utilize the ldap connector within swimlane turbine, ensure you have the following prerequisites ldap server credentials and access details server url the address of the ldap server you wish to connect to bind dn the distinguished name used to bind to the ldap server bind password the password associated with the bind dn for authentication search base the starting point for directory server searches search filter the criteria used to filter ldap search results capabilities this connector provides the following ldap operations search query all users query system custom query user is member of group pagination support (using page size and page number parameters) if neither page size nor page number is provided returns all objects matching the query if only page size is provided returns results with default page number = 1 if only page number is provided returns results with default page size = 1000 if both page size and page number are provided works accordingly using the specified values add add user add computer add contact add shared folder add organizational unit custom create delete delete user delete computer delete contact delete shared folder delete organizational unit modify disable user enable user modify password modify password at next login update system update container custom update csv export support all actions (search, add, delete, and modify) support csv export functionality by setting the to csv parameter to true , the operation results will also be returned as a csv file object, enabling easy data export and integration with other systems use cases microsoft active directory see the examples below to implement your own microsoft active directory functionalities for more information please read the https //learn microsoft com/en us/openspecs/windows protocols/ms adts/d2435927 0999 4c62 8c6d 13ba31a52e1a search operations query all users operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" note without page size or page number , this returns all users matching the query query system operation search inputs "search base" "cn=windowsnt,ou=executives,dc=testdomain,dc=local", "search filter" "(&(objectclass=computer)(objectcategory=person)(|(cn= )))" custom query operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" "attributes" {} user is member of group operation search inputs "search base" "cn=leeroy jenkins,ou=friends,dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))" pagination support the search action supports pagination using page size and page number parameters search with page size only operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))", "page size" 50 note returns 50 results from page 1 (default) search with page number only operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))", "page number" 2 note returns up to 1000 results (default page size) from page 2 search with both page size and page number operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))", "page size" 10, "page number" 3 note returns 10 results from page 3 as specified csv export support search with csv export operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))", "to csv" true search with pagination and csv export operation search inputs "search base" "dc=testdomain,dc=local", "search filter" "(&(objectclass=user)(objectcategory=person)(|(cn= )))", "page size" 50, "page number" 2, "to csv" true add operations add user operation add inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local", "object class" \["person", "user"], "attributes" {} add computer operation add inputs "dn" "cn=windowsnt,ou=executives,dc=testdomain,dc=local", "object class" \["computer"] add contact operation add inputs "dn" "cn=a contact,ou=friends,dc=testdomain,dc=local", "object class" \["contact"] add shared folder operation add inputs "dn" "cn=a folder,ou=friends,dc=testdomain,dc=local", "object class" \["volume"] add organizational unit operation add inputs "dn" "ou=organizational unit name,ou=friends,dc=testdomain,dc=local", "object class" \["organizationalunit"] custom create operation add inputs "dn" "cn=nacho libre,ou=friends,dc=testdomain,dc=local", "object class" \["top", "person", "organizationalperson", "user"], "attributes" {} add user with csv export operation add inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local", "object class" \["person", "user"], "attributes" {}, "to csv" true delete operations delete user operation delete inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local" delete computer operation delete inputs "dn" "cn=windowsnt,ou=executives,dc=testdomain,dc=local" delete contact operation delete inputs "dn" "cn=a contact,ou=friends,dc=testdomain,dc=local" delete shared folder operation delete inputs "dn" "cn=a folder,ou=friends,dc=testdomain,dc=local" delete organizational unit operation delete inputs "dn" "ou=organization unit name,ou=friends,dc=testdomain,dc=local" delete user with csv export operation delete inputs "dn" "cn=charles,ou=friends,dc=testdomain,dc=local", "to csv" true modify operations disable user operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "useraccountcontrol", "operation" "modify replace", "value" \[ "514" ] } ] enable user operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "useraccountcontrol", "operation" "modify replace", "value" \[ "512" ] } ] modify password operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "userpassword", "operation" "modify replace", "value" \[ "123qwe" ] } ] modify password at next login operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "pwdlastset", "operation" "modify replace", "value" \[ "0" ] } ] update system operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "operatingsystem", "operation" "modify replace", "value" \[ "windows server 2012" ] } ] update container operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "email", "operation" "modify replace", "value" \[ "new email\@example com" ] } ] custom update operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "sn", "operation" "modify replace", "value" \[ "swimlane" ] } ] modify user with csv export operation modify inputs "dn" "cn=john doe,ou=friends,dc=testdomain,dc=local", "changes" \[ { "attribute name" "useraccountcontrol", "operation" "modify replace", "value" \[ "512" ] } ], "to csv" true https //ldap3 readthedocs io/en/latest/operations html https //ldap3 readthedocs io/en/latest/modify html in the case of using the ldap modify connector action, please pass the input changes parameter as shown below "changes" \[ {"attribute name" "memberof", "operation" "modify add", "value" \["cn=group1,ou=groups,dc=testdomain,dc=local"]}, {"attribute name" "memberof", "operation" "modify delete", "value" \["cn=group2,ou=groups,dc=testdomain,dc=local"]}, {"attribute name" "useraccountcontrol", "operation" "modify replace", "value" \["514"]} ] configurations ldap authentication authenticates ldap server configuration parameters parameter description type required host address to the target host string optional domain name domain name string optional port port number number optional user username string optional password password string optional use ssl use ssl boolean optional connect timeout the timeout in seconds for each connection attempt number optional verify ssl verify ssl certificate boolean optional auto bind auto bind string optional authentication authentication string optional actions add adds a new entry to the ldap directory using the provided distinguished name (dn) input argument name type required description dn string required parameter for add object class array optional parameter for add attributes object optional parameter for add attributes name string optional name of the resource to csv boolean optional when true, also return the add operation result as a csv file object input example {"dn" "cn=charles,ou=friends,dc=testdomain,dc=local","object class" \["person"],"attributes" {"name" "charles darwin"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} delete removes an entry from the ldap directory using the specified distinguished name (dn) input argument name type required description dn string required parameter for delete to csv boolean optional when true, also return the delete operation result as a csv file object input example {"dn" "cn=nacho libre,ou=friends,dc=testdomain,dc=local"} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} modify modifies an existing ldap directory entry using the distinguished name (dn) and specified changes input argument name type required description dn string required parameter for modify changes array required parameter for modify changes attribute name string required the ldap attribute that needs to be modified example useraccountcontrol for enabling or disabling a user account changes operation string required the type of modification to be performed on the attribute supported operations are modify add, modify delete, modify replace, modify increment changes value array required the new value(s) for the specified attribute the format depends on the attribute type for example, setting useraccountcontrol to 514 disables an ldap user to csv boolean optional when true, also return the modify operation result as a csv file object input example {"dn" "cn=john doe,ou=friends,dc=testdomain,dc=local"} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} search performs an ldap search with a specified base and filter to retrieve directory entries, respecting access controls input argument name type required description search base string required parameter for search search filter string required parameter for search attributes array optional ' ' will return all attributes, '1 1' will return no attributes (as per rfc 4511) and '+' will only return operational attributes (as per rfc 3673) search scope string optional parameter for search page size number optional page size page number number optional page number to csv boolean optional when true, also return the search results as a csv file object input example {"search base" "dc=testdomain,dc=local","search filter" "(&(objectclass=user)(objectcategory=person)(|(cn=john doe)))","page size" 10,"page number" 1} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" \[{"file" "urn\ swimlane\ playbook run file 29f36333 9778 49ea 96c2 78bbce050c44","file name" "ldap search 20251216t042448z csv"}]} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt