You can use the REST API identity service to link an LDAP, Active Directory, or Native Active Directory identity store to the vRealize Automation tenant.


Use the supported input parameters to control the command output.




https://$host/identity/api/tenants/$tenantId/directories/$domainName --data @$inputFileName.json


Specifies the host name and fully qualified domain name or IP address of the vRealize Automation identity server.


Specifies a valid HTTP bearer token with necessary credentials.


Specifies the ID of the tenant.


Specifies the ID of the user in the form name@domain.


Specifies the domain alias.


Specifies the domain of the identity store.


Specifies the group search base Distinguished Name.


Specifies a description of the new tenant.


Specifies the password.


Specifies the identity store type for the tenant. The following values are supported:

  • LDAP

  • AD



Specifies the URL of the identity server.


Specifies the user search base Distinguished Name.


Specifies the Distinguished Name for the login user.

JSON Input File Template

Use this template to create a JSON input file. Replace the variables in the template with actual values in the file.

	"alias": "$domainAlias",
	"domain": "$domainName",
	"groupBaseSearchDn": "$grpBaseSearchDn",
	"name": "$identityStoreName",
	"password": "$password",
	"type": "$identityStoreType",
	"url": "$identityServerUrl",
	"userBaseSearchDn": "$usrBaseSearchDn",
	"userNameDn": "$usrNameDn"


The command output contains property names and values based on the command input parameters.




Specifies an array of link objects, each of which contains the following parts:

  • rel

    Specifies the name of the link.

    • Self refers to the object that was returned or requested. This parameter does not appear when you query a single profile.

    • First, Previous, Next, and Last refer to corresponding pages of pageable lists.

    • Specifies the application or service that determines the other names.

  • href

    Specifies the URL that produces the result.


Specifies an array of data rows, each of which represents one of the tenant objects returned in a pageable list. Each tenant object can contain the following information:

  • Id:

    Specifies the unique tenant identifier.

  • urlName:

    Specifies the name of the tenant as it appears in URLs.

  • Name:

    Specifies the name of the tenant for display purposes.

  • description:

    Specifies the long description of the tenant.

  • contactEmail:

    Specifies the primary contact email address.

  • Password:


  • defaultTenant:

    Is set to True if the corresponding tenant is the default tenant (vsphere.local).


Specifies the following paging-related data:

  • Size: Specifies the maximum number of rows per page.

  • totalElement: Specifies the number of rows returned. This parameter is not output when you query for a single profile.

  • totalPages: Specifies the total number of pages of data available.

  • Number: Specifies the current page number.

  • Offset: Specifies the number of rows skipped.

Example JSON Input File

Call the following sample ldap.json.txt input file from the command line to specify necessary parameters.

	"alias": "",
	"domain": "",
	"groupBaseSearchDn": "ou=demo,dc=example,dc=mycompany,dc=com",
	"name": "openLDAPDemo",
	"password": "password",
	"type": "LDAP",
	"url": "ldap://",
	"userBaseSearchDn": "ou=demo,dc=example,dc=mycompany,dc=com",
	"userNameDn": "cn=demoadmin,ou=demo,dc=example,dc=mycompany,dc=com"

curl Command

The following example command calls the example JSON text file and links an identity store to a tenant. The command also tests that vRealize Automation can connect to the identity store successfully. If the command finishes successfully,vRealize Automation succeeded in connecting to the identity store.

curl --insecure -H "Content-Type: application/json" 
-H "Authorization: Bearer $token” 
--data @C:\Temp\ldap.json.txt

JSON Output

This output indicates that an identity store is successfully linked to the specified tenant.

Request Headers
	   Content-Type = application/json
	         Accept = application/json
	 Content-Length = 413
	 Accept-Charset = big5, big5-hkscs, euc-jp, euc-kr, gb18030, gb2312, gbk,
ibm-thai, ibm00858, ibm01140, ibm01141, ibm01142, ibm01143, ibm01144, ibm01145,
ibm01146, ibm01147, ibm01148, ibm01149, ibm037, ibm1026, ibm1047, ibm273, ibm277,
ibm278, ibm280, ibm284, ibm285, ibm290, ibm297, ibm420, ibm424, ibm437, ibm500,
ibm775, ibm850, ibm852, ibm855, ibm857, ibm860, ibm861, ibm862, ibm863, ibm864,
ibm865, ibm866, ibm868, ibm869, ibm870, ibm871, ibm918, iso-2022-cn, iso-2022-jp,
iso-2022-jp-2, iso-2022-kr, iso-8859-1, iso-8859-13, iso-8859-15, iso-8859-2,
iso-8859-3, iso-8859-4, iso-8859-5, iso-8859-6, iso-8859-7, iso-8859-8, iso-8859-9,
jis_x0201, jis_x0212-1990, koi8-r, koi8-u, shift_jis, tis-620, us-ascii, utf-16,
utf-16be, utf-16le, utf-32, utf-32be, utf-32le, utf-8, windows-1250, windows-1251,
windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257,
windows-1258, windows-31j, x-big5-hkscs-2001, x-big5-solaris, x-compound_text,
x-euc-jp-linux, x-euc-tw, x-eucjp-open, x-ibm1006, x-ibm1025, x-ibm1046, x-ibm1097,
x-ibm1098, x-ibm1112, x-ibm1122, x-ibm1123, x-ibm1124, x-ibm1364, x-ibm1381,
x-ibm1383, x-ibm300, x-ibm33722, x-ibm737, x-ibm833, x-ibm834, x-ibm856, x-ibm874,
x-ibm875, x-ibm921, x-ibm922, x-ibm930, x-ibm933, x-ibm935, x-ibm937, x-ibm939,
x-ibm942, x-ibm942c, x-ibm943, x-ibm943c, x-ibm948, x-ibm949, x-ibm949c, x-ibm950,
x-ibm964, x-ibm970, x-iscii91, x-iso-2022-cn-cns, x-iso-2022-cn-gb, x-iso-8859-11,
x-jis0208, x-jisautodetect, x-johab, x-macarabic, x-maccentraleurope, x-maccroatian,
x-maccyrillic, x-macdingbat, x-macgreek, x-machebrew, x-maciceland, x-macroman,
x-macromania, x-macsymbol, x-macthai, x-macturkish, x-macukraine, x-ms932_0213,
x-ms950-hkscs, x-ms950-hkscs-xp, x-mswin-936, x-pck, x-sjis_0213, x-utf-16le-bom,
x-utf-32be-bom, x-utf-32le-bom, x-windows-50220, x-windows-50221, x-windows-874,
x-windows-949, x-windows-950, x-windows-iso2022jp
Response Headers
	           Date = Wed, 29 Oct 2014 22:41:57 GMT
	   Content-Type = application/json;charset=UTF-8
	 Content-Length = 0
	           Vary = Accept-Encoding,User-Agent
	     Keep-Alive = timeout=15, max=100
	     Connection = Keep-Alive

Unlinked Identity Store Error

The following output indicates that an identity store is not linked to the specified tenant. To resolve the problem, correct the identity store and connection details in the JSON input file and rerun the command.

Command failed [Rest Error]: {Status code: 400}, {Error code: 90027} , {Error 
Source: null}, {Error Msg: Cannot connect to the directory service.}, {System 
Msg: 90027-Connection to directory service can’t be established}