You can configure the LDAP authentication settings by running a Configuration workflow or by using the REST API.

About this task

To set up an LDAP directory service and configure Orchestrator to work with it, you can run a configuration workflow named after the directory service that you want to set up.

For information about configuring LDAP authentication settings by using the Orchestrator configuration interface, see Configuring LDAP Settings.


  1. Make a GET request at the URL of the Workflow service, for the directory service you want to configure.



    Configure Active Directory

    Configures Active Directory

    Configure eDirectory

    Configures eDirectory

    Configure Embedded LDAP

    Configures Embedded LDAP

    Configure OpenLDAP

    Configures OpenLDAP

    Configure Sun One Directory

    Configures Sun ONE Directory

    For example, to search for the workflow named Configure Active Directory, make the following GET request:

    GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Configure Active Directory
  2. Retrieve the definition of the workflow by making a GET request at the URL of the definition.

    To retrieve the definition of the Configure Active Directory workflow, make the following GET request:

    GET https://{vcoHost}:{port}/vco/api/workflows/fde9fale-lbdd-479f-93fi-0426dd2ad06d
  3. Make a POST request at the URL that holds the execution objects of the workflow.

    For the Configure Active Directory workflow, make the following POST request:

    POST https://{vcoHost}:{port}/workflows/fde9fale-lbdd-479f-93fi-0426dd2ad06d/executions
  4. Provide values for the input parameters of the workflow in an execution-context element in the request body.

    The following parameters are available for all directory services except Embedded LDAP:




    The port number


    The IP address or the DNS name of the host on which your primary LDAP service runs


    The IP address or the DNS name of the host on which your secondary LDAP service runs


    The root element of the LDAP service


    Activates encrypted certification for the connection between Orchestrator and LDAP


    The user name of a valid user who has browsing permissions on your LDAP server


    The password for the user name


    The LDAP container (the top-level domain name or organizational unit) where Orchestrator searches for potential users


    The LDAP container where Orchestrator searches for groups


    An LDAP group (such as Domain Users) to which you grant administrative privileges for Orchestrator


    The period within which the Orchestrator server sends a query to the service directory, the directory searches, and sends a reply


    Allows all links to be followed before the search operation is performed


    Allows filtering of the attributes that the search returns


    The timeout period for the test checking the status of the destination host