skip to main content
Administering Hybrid Data Pipeline : Authentication : Integrating an LDAP authentication service : Provisioning end users to authenticate via an LDAP service
  

Try Now
Provisioning end users to authenticate via an LDAP service
After the LDAP service has been registered, end users can be provisioned to authenticate via the LDAP service. In this scenario, the Users API must be used to provide authentication information to Hybrid Data Pipeline user accounts that will authenticate through the LDAP service. The example below involves a basic operation that creates a user account that authenticates with the LDAP service. However, more advanced operations are supported. See Advanced functionality for authentication services for details.

POST operation

The POST operation will have the following syntax.
POST https://<myserver>:<port>/api/admin/users

Payload definition

The payload used to create a user can be defined as follows.
{
"userName": "user_name",
"tenantId": tenant_id,
"statusInfo": {status_information},
"passwordInfo": {password_information},
"permissions": {permissions},
"authenticationInfo": {authentication_information}
}
Property
Description
Usage
Valid Values
"userName"
The name of the user account.
Required
The maximum length is 128 characters.
"tenantId"
The ID of the tenant to which the user belongs.
Optional
A valid tenant ID.
Note: When tenantId is not specified, the user is created in the tenant in which the administrator executing the operation resides.
"statusInfo"
The status of the user account defined by the status property and additional properties associated with an account lockout policy.
Required
See statusInfo Object for details.
"passwordInfo"
Password information associated with the user account defined by the password, passwordStatus, and passwordExpiration properties.
Optional
See passwordInfo Object for details.
"permissions"
Permissions associated with the user account in terms of the role(s) and permissions set explicitly on the account. User account permissions are the sum of the permissions on associated role(s) and permissions set explicitly on the account. A user account may only be assigned roles in their tenant.
Optional
See permissions Object for details.
"authenticationInfo"
Authentication information associated with the user account as defined by the authUserName and authServiceId properties. The authenticationInfo object does not need to be included in a request payload when the default internal authentication service is being used. When an external authentication service is being used, authenticationInfo must be included in the request payload. If authenticationInfo is not passed, a default authenticationInfo object is created where the userName of the account object is used as the authUserName and the authServiceId specifies the ID of the internal authentication service (1).
Optional
See authenticationInfo Object for details.

Example

The following POST operation creates a user account that authenticates through an LDAP service. Here the end user (LDAP_user_1) authenticates via an LDAP service ("authServiceId": 21). This end user inherits all the attributes associated with the testuser2 account.
POST https://MyServer:8443/api/admin/users
Request payload
{
"userName": "testuser2",
"tenantId": 1,
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
2
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "LDAP_user_1",
"authServiceId": 21
}
]
}
}
Request payload
Status code: 201
Successful response
{
"id": 8,
"userName": "testuser2",
"tenantId": 1,
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
2
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "LDAP_user1",
"authServiceId": 21
}
]
}
}