You can configure the LDAP authentication settings by running a Configuration workflow or by using the REST API.

About this task

To set up an LDAP directory service and configure Orchestrator to work with it, you can run a configuration workflow named after the directory service that you want to set up.

For information about configuring LDAP authentication settings by using the Orchestrator configuration interface, see Configuring LDAP Settings.

Procedure

  1. Make a GET request at the URL of the Workflow service, for the directory service you want to configure.

    Option

    Description

    Configure Active Directory

    Configures Active Directory

    Configure eDirectory

    Configures eDirectory

    Configure Embedded LDAP

    Configures Embedded LDAP

    Configure OpenLDAP

    Configures OpenLDAP

    Configure Sun One Directory

    Configures Sun ONE Directory

    For example, to search for the workflow named Configure Active Directory, make the following GET request:

    GET https://{vcoHost}:{port}/vco/api/workflows?conditions=name=Configure Active Directory
  2. Retrieve the definition of the workflow by making a GET request at the URL of the definition.

    To retrieve the definition of the Configure Active Directory workflow, make the following GET request:

    GET https://{vcoHost}:{port}/vco/api/workflows/fde9fale-lbdd-479f-93fi-0426dd2ad06d
  3. Make a POST request at the URL that holds the execution objects of the workflow.

    For the Configure Active Directory workflow, make the following POST request:

    POST https://{vcoHost}:{port}/workflows/fde9fale-lbdd-479f-93fi-0426dd2ad06d/executions
  4. Provide values for the input parameters of the workflow in an execution-context element in the request body.

    The following parameters are available for all directory services except Embedded LDAP:

    Option

    Description

    port

    The port number

    primaryHost

    The IP address or the DNS name of the host on which your primary LDAP service runs

    secondaryHost

    The IP address or the DNS name of the host on which your secondary LDAP service runs

    elementRoot

    The root element of the LDAP service

    useSSL

    Activates encrypted certification for the connection between Orchestrator and LDAP

    userName

    The user name of a valid user who has browsing permissions on your LDAP server

    password

    The password for the user name

    userLookupBase

    The LDAP container (the top-level domain name or organizational unit) where Orchestrator searches for potential users

    groupLookupBase

    The LDAP container where Orchestrator searches for groups

    vcoAdminGroup

    An LDAP group (such as Domain Users) to which you grant administrative privileges for Orchestrator

    requestTimeout

    The period within which the Orchestrator server sends a query to the service directory, the directory searches, and sends a reply

    dereferenceLinks

    Allows all links to be followed before the search operation is performed

    filterAttributes

    Allows filtering of the attributes that the search returns

    hostReachableTimeout

    The timeout period for the test checking the status of the destination host