Import a User from an LDAP Service

If an organization defines an LDAP service to use, an organization or system administrator can import user accounts from that service.

Importing a group from LDAP imports all the users in the group. See Import a Group from an LDAP Service. You can also import users individually.

Note: Starting with API version 38.0, the POST /admin/org/{id}/users operation is deprecated.

Prerequisites

This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights. Verify that you are logged in to the vCloud Air Compute Service as an Account Administrator.
Verify that your organization has defined an LDAP service to use.

Procedure

Create a User element that identifies the LDAP user account to import.
The name attribute of the User element must match the LDAP user name, as specified in the organization's LDAP properties. You must include the Role element in the request body.
POST the User element to the organization's users URL.

Results

The server matches the value of the name attribute in the request body with the value of the LDAP attribute that the organization specified in the value of the UserName element in the UserAttributes of its OrgLdapSettings. LDAP attributes such as userPrincipalName or samAccountName are common choices here. The server imports the user from the organization's LDAP service, and returns an updated User element to the client.

Example: Import a User from an LDAP Database

This example imports a user to the organization created in Create an Organization. The request includes an optional IsEnabled element, so the user is enabled as soon as the import is complete.

The response is a User element, most of which is not shown in the example. The response includes a link that an administrator can use to edit user metadata, and additional elements, such as IsDefaultCached and StoredVmQuota, inherited from organization defaults. It also includes a NameInSource element, which contains the user's name as stored by the LDAP server, using the server's native encoding.

Request:

POST https://vcloud.example.com/api/admin/org/26/users
Content-Type: application/vnd.vmware.admin.user+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="[email protected]"
   type="application/vnd.vmware.admin.user+xml">
   <IsEnabled>true</IsEnabled>
   <IsExternal>true</IsExternal>
   <Role
      href="https://vcloud.example.com/api/admin/org/26/role/13a69c14-e64c-409f-800f-0ecc470ea42d" />
</User>

Response:

201 Created
Content-Type: application/vnd.vmware.admin.user+xml
...
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="[email protected]"
   id="urn:vcloud:user:85"
   type="application/vnd.vmware.admin.user+xml"
   href="https://vcloud.example.com/api/admin/user/85">
   <Link
      rel="edit"
      type="application/vnd.vmware.admin.user+xml"
      href="https://vcloud.example.com/api/admin/user/85" />
   <FullName>Imported User Full Name</FullName>
   <EmailAddress>[email protected]</EmailAddress>
   <IsEnabled>true</IsEnabled>
   <ProviderType>INTEGRATED</ProviderType>
   <NameInSource>\F4\D3\42\8E\6A\BC\D3</NameInSource>
   <IsAlertEnabled>false</IsAlertEnabled>
   <IsDefaultCached>false</IsDefaultCached>
   <StoredVmQuota>0</StoredVmQuota>
   <DeployedVmQuota>0</DeployedVmQuota>
   <Role
     type="application/vnd.vmware.admin.role+xml"
     name="vApp Author"
     href="https://vcloud.example.com/api/admin/org/26/role/13a69c14-e64c-409f-800f-0ecc470ea42d" />
   <GroupReferences />
</User>