If an organization defines an LDAP service to use, an organization or system administrator can import groups from that service.

Importing a group from LDAP imports all the users in the group. You can also import users individually. See Import a User from an LDAP Service.

Prerequisites

  • This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights. Verify that you are logged in to the vCloud Air Compute Service as an Account Administrator.

  • Verify that your organization has defined an LDAP service to use.

Procedure

  1. Create a Group element that identifies the LDAP group to import.
    The name attribute of the Group element must match the LDAP group name, as specified in the organization's LDAP properties. You must include a Role element in the request body. The role specified in this element is assigned to all group members during the import.
  2. POST the Group element to the organization's groups URL.

Results

The server matches the value of the name attribute in the request body with the value of the LDAP attribute that the organization specified in the value of the GroupName element in the GroupAttributes of its OrgLdapSettings. The LDAP cn attribute is a common choice here. The server imports that group and all of its users from organization's LDAP service, and returns an updated Group element to the client.

Example: Import a Group from an LDAP Service

This example imports a group to the organization created in Create an Organization. The response is a Group element, most of which does not appear in the example. The response includes a link that an administrator can use to edit group metadata such as name and description, and a UsersList element that includes a UserReference element for each user in the group. The response also includes a NameInSource element, which contains the group's name as stored by the LDAP service, using its native encoding.

Request: 
POST https://vcloud.example.com/api/admin/org/26/groups
Content-Type: application/vnd.vmware.admin.group+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<Group
   name="Engineering"
   xmlns="http://www.vmware.com/vcloud/v1.5">
   <Role
        href="https://vcloud.example.com/api/admin/role/1bf4457f-a253-3cf1-b163-f319f1a31802"/>
</Group>
Response: 
201 Created
Content-Type: application/vnd.vmware.admin.group+xml
...
<Group
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="Engineering"
   id="urn:vcloud:group:44"
   type="application/vnd.vmware.admin.group+xml"
   href="https://vcloud.example.com/api/admin/group/44" ...>
   <Role
      type="application/vnd.vmware.admin.role+xml"
      name="vApp Author"
      href="https://vcloud.example.com/api/admin/role/1bf4457f-a253-3cf1-b163-f319f1a31802" />
</Group>

Until the import is complete, the Group element contains only partial information. After the import is complete, the element includes a list of users and other information. 

<Group
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="Engineering"
   id="urn:vcloud:group:44"
   type="application/vnd.vmware.admin.group+xml"
   href="https://vcloud.example.com/api/admin/group/44" ...>
   <Link
      rel="edit"
      type="application/vnd.vmware.admin.group+xml"
      href="https://vcloud.example.com/api/admin/group/44" />
   <Link
      rel="remove"
      href="https://vcloud.example.com/api/admin/group/44" />
   <Description>Research and development</Description>
   <NameInSource>\C5\AF\B9\D4\9E\B5\32\40\AD\C5\E3\8E\17\4C\0D\28</NameInSource>
   <UsersList>
      <UserReference
         type="application/vnd.vmware.admin.user+xml"
         name="User-1"
         href="https://vcloud.example.com/api/admin/user/18" />
      <UserReference
         type="application/vnd.vmware.admin.user+xml"
         name="User-3"
         href="https://vcloud.example.com/api/admin/user/19" />
   </UsersList>
   <Role
      type="application/vnd.vmware.admin.role+xml"
      name="vApp Wrangler"
      href="https://vcloud.example.com/api/admin/role/102" />
</Group>