Syntax for Linking an Identity Store to the Tenant
PUT /api/tenants/{tenantId}/directories/{id} links an LDAP, Active Directory, or Native Active Directory identity store to the vRealize Automation tenant.
Input
Use the supported input parameters to control the command output.
| Parameter | Description |
|---|---|
| URL | https://$vRA/identity/api/tenants/$tenantId/directories/$domainName --data @$inputFileName.json |
| $vRA |
Specifies the appliance name and fully qualified domain name, or IP address of the vRealize Automation server. |
| $token |
Specifies a valid HTTP bearer token with necessary credentials. |
| $tenantId |
Specifies the ID of the tenant. |
| userId | Specifies the ID of the user in the form name@domain. |
| $domainAlias | Specifies the domain alias. |
| $domainName | Specifies the domain of the identity store. |
| $grpBaseSearchDn | Specifies the group search base Distinguished Name. |
| $identityStoreName | Specifies a description of the new tenant. |
| $password | Specifies the password. |
| $identityStoreType | Specifies the identity store type for the
tenant. The following values are supported:
|
| $identityServerUrl | Specifies the URL of the identity server. |
| $usrBaseSearchDn | Specifies the user search base Distinguished Name. |
| $usrNameDn | Specifies the Distinguished Name for the login user. |
JSON Input File Template
Use this template to create a JSON input file. Replace the variables in the template with actual values in the file.
{
"alias": "$domainAlias",
"domain": "$domainName",
"groupBaseSearchDn": "$grpBaseSearchDn",
"name": "$identityStoreName",
"password": "$password",
"type": "$identityStoreType",
"url": "$identityServerUrl",
"userBaseSearchDn": "$usrBaseSearchDn",
"userNameDn": "$usrNameDn"
}
Output
The command output contains property names and values based on the command input parameters.
| Parameter | Description |
|---|---|
|
Links |
Specifies an array of link objects, each of which contains the following parts:
|
|
Content |
Specifies an array of data rows, each of which represents one of the tenant objects returned in a pageable list. Each tenant object can contain the following information:
|
|
Metadata |
Specifies the
following paging-related data:
|
curl Command to Link an Identity Store to a Tenant
The following sample ldap.json.txt file contains parameters for the tenant request.
{
"alias": "example.com",
"domain": "example.mycompany.com",
"groupBaseSearchDn": "ou=demo,dc=example,dc=mycompany,dc=com",
"name": "openLDAPDemo",
"password": "password",
"type": "LDAP",
"url": "ldap://10.000.00.000:389",
"userBaseSearchDn": "ou=demo,dc=example,dc=mycompany,dc=com",
"userNameDn": "cn=demoadmin,ou=demo,dc=example,dc=mycompany,dc=com"
}
The following example command links an identity store to a tenant by calling the example JSON text file.
curl --insecure -H "Content-Type: application/json" -H "Authorization: Bearer $token” https://$vRA/identity/api/tenants/development/directories/example.mycompany.com --data @C:\Temp\ldap.json.txt
The command also tests that vRealize Automation can connect to the identity store successfully. If the command finishes successfully,vRealize Automation succeeded in connecting to the identity store.
Request Headers
{
Content-Type = application/json
Accept = application/json
Content-Length = 413
Accept-Charset = big5, big5-hkscs, euc-jp, euc-kr, gb18030, gb2312, gbk,
ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145,
ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277,
ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500,
ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864,
ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp,
iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2,
iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9,
jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16,
utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251,
windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257,
windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text,
x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097,
x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1364, x-ibm1381,
x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874,
x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939,
x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950,
x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11,
x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian,
x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman,
x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213,
x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom,
x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874,
x-windows-949, x-windows-950, x-windows-iso2022jp
}
Response Headers
{
Date = Wed, 29 Oct 2014 22:41:57 GMT
Content-Type = application/json;charset=UTF-8
Content-Length = 0
Vary = Accept-Encoding,User-Agent
Keep-Alive = timeout=15, max=100
Connection = Keep-Alive
}
Successful
Unlinked Identity Store Error
Command failed [Rest Error]: {Status code: 400}, {Error code: 90027} , {Error
Source: null}, {Error Msg: Cannot connect to the directory service.}, {System
Msg: 90027-Connection to directory service can’t be established}
To resolve the problem, correct the identity store and connection details in the JSON input file and rerun the command.