You can use the REST API identity service to link an LDAP, Active Directory, or Native Active Directory identity store to the vRealize Automation tenant.

Input

Use the supported input parameters to control the command output.

Parameter

Description

URL

https://$host/identity/api/tenants/$tenantId/directories/$domainName --data @$inputFileName.json

$host

Specifies the host name and fully qualified domain name or IP address of the vRealize Automation identity server.

$token

Specifies a valid HTTP bearer token with necessary credentials.

$tenantId

Specifies the ID of the tenant.

userId

Specifies the ID of the user in the form name@domain.

$domainAlias

Specifies the domain alias.

$domainName

Specifies the domain of the identity store.

$grpBaseSearchDn

Specifies the group search base Distinguished Name.

$identityStoreName

Specifies a description of the new tenant.

$password

Specifies the password.

$identityStoreType

Specifies the identity store type for the tenant. The following values are supported:

  • LDAP

  • AD

  • NATIVE_AD

$identityServerUrl

Specifies the URL of the identity server.

$usrBaseSearchDn

Specifies the user search base Distinguished Name.

$usrNameDn

Specifies the Distinguished Name for the login user.

JSON Input File Template

Use this template to create a JSON input file. Replace the variables in the template with actual values in the file.

{
	"alias": "$domainAlias",
	"domain": "$domainName",
	"groupBaseSearchDn": "$grpBaseSearchDn",
	"name": "$identityStoreName",
	"password": "$password",
	"type": "$identityStoreType",
	"url": "$identityServerUrl",
	"userBaseSearchDn": "$usrBaseSearchDn",
	"userNameDn": "$usrNameDn"
}

Output

The command output contains property names and values based on the command input parameters.

Parameter

Description

Links

Specifies an array of link objects, each of which contains the following parts:

  • rel

    Specifies the name of the link.

    • Self refers to the object that was returned or requested. This parameter does not appear when you query a single profile.

    • First, Previous, Next, and Last refer to corresponding pages of pageable lists.

    • Specifies the application or service that determines the other names.

  • href

    Specifies the URL that produces the result.

Content

Specifies an array of data rows, each of which represents one of the tenant objects returned in a pageable list. Each tenant object can contain the following information:

  • Id:

    Specifies the unique tenant identifier.

  • urlName:

    Specifies the name of the tenant as it appears in URLs.

  • Name:

    Specifies the name of the tenant for display purposes.

  • description:

    Specifies the long description of the tenant.

  • contactEmail:

    Specifies the primary contact email address.

  • Password:

    Unused

  • defaultTenant:

    Is set to True if the corresponding tenant is the default tenant (vsphere.local).

Metadata

Specifies the following paging-related data:

  • Size: Specifies the maximum number of rows per page.

  • totalElement: Specifies the number of rows returned. This parameter is not output when you query for a single profile.

  • totalPages: Specifies the total number of pages of data available.

  • Number: Specifies the current page number.

  • Offset: Specifies the number of rows skipped.

Example JSON Input File

Call the following sample ldap.json.txt input file from the command line to specify necessary parameters.

{
	"alias": "example.com",
	"domain": "example.mycompany.com",
	"groupBaseSearchDn": "ou=demo,dc=example,dc=mycompany,dc=com",
	"name": "openLDAPDemo",
	"password": "password",
	"type": "LDAP",
	"url": "ldap://10.000.00.000:389",
	"userBaseSearchDn": "ou=demo,dc=example,dc=mycompany,dc=com",
	"userNameDn": "cn=demoadmin,ou=demo,dc=example,dc=mycompany,dc=com"
}

curl Command

The following example command calls the example JSON text file and links an identity store to a tenant. The command also tests that vRealize Automation can connect to the identity store successfully. If the command finishes successfully,vRealize Automation succeeded in connecting to the identity store.

curl --insecure -H "Content-Type: application/json" 
-H "Authorization: Bearer $token” 
https://$host/identity/api/tenants/development/directories/example.mycompany.com
--data @C:\Temp\ldap.json.txt

JSON Output

This output indicates that an identity store is successfully linked to the specified tenant.

Request Headers
{
	   Content-Type = application/json
	         Accept = application/json
	 Content-Length = 413
	 Accept-Charset = big5, big5-hkscs, euc-jp, euc-kr, gb18030, gb2312, gbk,
ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145,
ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277,
ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500,
ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864,
ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp,
iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2,
iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9,
jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16,
utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251,
windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257,
windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text,
x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097,
x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1364, x-ibm1381,
x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874,
x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939,
x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950,
x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11,
x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian,
x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman,
x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213,
x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom,
x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874,
x-windows-949, x-windows-950, x-windows-iso2022jp
}
Response Headers
{
	           Date = Wed, 29 Oct 2014 22:41:57 GMT
	   Content-Type = application/json;charset=UTF-8
	 Content-Length = 0
	           Vary = Accept-Encoding,User-Agent
	     Keep-Alive = timeout=15, max=100
	     Connection = Keep-Alive
}
Successful

Unlinked Identity Store Error

The following output indicates that an identity store is not linked to the specified tenant. To resolve the problem, correct the identity store and connection details in the JSON input file and rerun the command.

Command failed [Rest Error]: {Status code: 400}, {Error code: 90027} , {Error 
Source: null}, {Error Msg: Cannot connect to the directory service.}, {System 
Msg: 90027-Connection to directory service can’t be established}