LDAP Connector
The Lightweight Directory Access Protocol (LDAP) connector for PingOne DaVinci lets you gain access to entries in an LDAP directory to be used in your PingOne DaVinci flow.
You can use the LDAP connector to:
-
Create a new entry in your LDAP store.
-
Reset a user’s password, including generating a new password.
-
Update a user or group’s profile.
-
Delete an entry from your LDAP store.
-
Search for and view a user’s group membership.
Setup
Resources
For information and setup help, see the following documentation:
-
PingOne Gateway documentation:
**Documentation for your LDAP directory, such as PingDirectory:
Requirements
To use the connector, you’ll need:
-
An LDAP directory store, such as PingDirectory:
-
For more information, see Supported directories.
-
-
Your LDAP directory store credentials
-
A PingOne LDAP Gateway installation
-
A worker application for userless administration:
-
For more information, see the Worker application documentation.
-
Setting up the LDAP connector
Review the prerequisites in Before you begin, and then follow the gateway set up instructions in Overview.
Setting up the connector configuration
In DaVinci, add an LDAP connector. For help, see Adding a connector.
Using the connector in a flow
Managing entries in an LDAP directory store
The connector has several capabilities that allow you to manage entries in your LDAP directory store:
-
Create entry
-
Modify DN
-
Search entries
-
Delete entry
This flow allows the user to create a new entry in any LDAP directory.
-
Customize the entry-creation parameters:
-
Select the Create LDAP entry node.
-
In the DN field, customize the distinguished name of the new entry.
-
In the Attributes section, click the Add button. In the Variable Namefield, enter
objectClass
, and in the Value field, enter the name of the new entry’s objectClass according to the directory schema.The objectClass attribute value differs depending on the directory. For example, a new PingDirectory entry is an instance of the
inetOrgPerson
objectClass, while a new Active Directory (AD) entry is an instance of theuser
objectClass. -
In the Attributes section, click the Add button and populate the Variable Name and Value fields with information on the entry’s username.
The Variable Name differs depending on the directory. For example, a new PingDirectory entry’s username requires a variable name of
uid
, while a new AD entry’s username requires a variable name ofsAMAccountName
. -
(Optional) In the Attributes section, add other attributes as permitted by the new entry’s objectClass.
-
In the Perform Operation As list, select the user account performing the entry creation.
-
Click Apply.
-
Managing passwords in an LDAP directory store
The connector has several capabilities that allow you to manage different entries' passwords in your LDAP directory store:
-
Generate password
-
Reset password
-
Check password
No special flow configuration is needed. Add the capability that you want and populate its properties according to the help text.
Managing attributes in an LDAP directory store
The connector has several capabilities that allow you to manage different entries' attributes in your LDAP directory store:
-
Modify attributes
-
Replace attributes
No special flow configuration is needed. Add the capability that you want and populate its properties according to the help text.
Capabilities
Create Entry
Create a new entry
Show details
Properties
- DN
textField
required
-
The DN to perform the operation on.
- Input attributes as JSON?
toggleSwitch
- Attributes
variableInputList
- Attributes
codeEditor
-
Input attributes as a JSON object with the attribute names as the keys and the attribute values as the values. Multi-valued attributes may be provided as an array.
- Perform Operation As
dropDown
required
-
The user that will perform this operation.
-
Gateway Service Account (Default)
-
Proxied User - Match by Username
-
Proxied User - Match by Distinguished Name (DN)
-
- Proxied Authorization Username
textField
-
The user to perform this operation as.
- Proxied Authorization DN
textField
-
The Distinguished Name of the user to perform this operation as.
Input Schema
- default
object
-
- dn
string
required
- proxyAuthzUser
string
- proxyAuthzUsername
string
- proxyAuthzDn
string
- dn
- Output Schema
- output
object
-
- entry
object
- rawResponse
object
- headers
object
- statusCode
integer
- entry
Generate Password
Generates a new password and sets it on an entry
Show details
Properties
- DN
textField
required
-
The DN to perform the operation on.
- Perform Operation As
dropDown
required
-
The user that will perform this operation.
-
Gateway Service Account (Default)
-
Proxied User - Match by Username
-
Proxied User - Match by Distinguished Name (DN)
-
- Proxied Authorization Username
textField
-
The user to perform this operation as.
- Proxied Authorization DN
textField
-
The Distinguished Name of the user to perform this operation as.
Input Schema
- default
object
-
- dn
string
required
- proxyAuthzUser
string
- proxyAuthzUsername
string
- proxyAuthzDn
string
- dn
- Output Schema
- output
object
-
- password
string
- rawResponse
object
- headers
object
- statusCode
integer
- password
Modify DN
Changes the DN of an entry
Show details
Properties
- DN
textField
required
-
The DN to perform the operation on.
- New DN
textField
required
-
The new DN of the entry.
- Perform Operation As
dropDown
required
-
The user that will perform this operation.
-
Gateway Service Account (Default)
-
Proxied User - Match by Username
-
Proxied User - Match by Distinguished Name (DN)
-
- Proxied Authorization Username
textField
-
The user to perform this operation as.
- Proxied Authorization DN
textField
-
The Distinguished Name of the user to perform this operation as.
Input Schema
- default
object
-
- dn
string
required
- newDn
string
required
- proxyAuthzUser
string
- proxyAuthzUsername
string
- proxyAuthzDn
string
- dn
- Output Schema
- output
object
-
- entry
object
- properties
object
- entry
- dn
string
- attributes
object
-
- rawResponse
object
- headers
object
- statusCode
integer
- rawResponse
Replace Attributes
Replaces attribute values on an entry with the provided values
Show details
Properties
- DN
textField
required
-
The DN to perform the operation on.
- Input attributes as JSON?
toggleSwitch
- Attributes
variableInputList
- Attributes
codeEditor
-
Input attributes as a JSON object with the attribute names as the keys and the attribute values as the values. Multi-valued attributes may be provided as an array.
- Perform Operation As
dropDown
required
-
The user that will perform this operation.
-
Gateway Service Account (Default)
-
Proxied User - Match by Username
-
Proxied User - Match by Distinguished Name (DN)
-
- Proxied Authorization Username
textField
-
The user to perform this operation as.
- Proxied Authorization DN
textField
-
The Distinguished Name of the user to perform this operation as.
Input Schema
- default
object
-
- dn
string
required
- proxyAuthzUser
string
- proxyAuthzUsername
string
- proxyAuthzDn
string
- dn
- Output Schema
- output
object
-
- entry
object
- rawResponse
object
- headers
object
- statusCode
integer
- entry
Reset Password
Sets a given password on an entry
Show details
Properties
- DN
textField
required
-
The DN to perform the operation on.
- New Password
textField
required
-
The password to set on an entry.
- Perform Operation As
dropDown
required
-
The user that will perform this operation.
-
Gateway Service Account (Default)
-
Proxied User - Match by Username
-
Proxied User - Match by Distinguished Name (DN)
-
- Proxied Authorization Username
textField
-
The user to perform this operation as.
- Proxied Authorization DN
textField
-
The Distinguished Name of the user to perform this operation as.
Input Schema
- default
object
-
- dn
string
required
- newPassword
string
required
- proxyAuthzUser
string
- proxyAuthzUsername
string
- proxyAuthzDn
string
- dn
- Output Schema
- output
object
-
- rawResponse
object
- headers
object
- statusCode
integer
- rawResponse
Search Entries
Search for entries
Show details
Properties
- Base DN
textField
required
-
The base distinguished name of the search.
- Filter
textField
required
-
The criteria for defining matching entries in a search.
- Scope
dropDown
required
-
The set of entries at or below the BaseDN that may be considered potential matches in a search.
-
Whole Subtree
-
Base Object
-
Single Level
-
- Entry Attributes
multipleTextFields
-
The attributes that should be retrieved. All attributes will be retrieved if this is unset.
- Retrieve Operational Attributes?
toggleSwitch
-
Operational attributes will be retrieved when this is enabled.
- Size Limit
textField
-
The maximum number of entries to retrieve.
- Time Limit
textField
-
The maximum amount of time allowed for the search in seconds.
- Types only
toggleSwitch
-
Only the attribute names but not values will be returned when this is enabled.
- Perform Operation As
dropDown
required
-
The user that will perform this operation.
-
Gateway Service Account (Default)
-
Proxied User - Match by Username
-
Proxied User - Match by Distinguished Name (DN)
-
- Proxied Authorization Username
textField
-
The user to perform this operation as.
- Proxied Authorization DN
textField
-
The Distinguished Name of the user to perform this operation as.
Input Schema
- default
object
-
- proxyAuthzUser
string
- proxyAuthzUsername
string
- proxyAuthzDn
string
- proxyAuthzUser
- Output Schema
- output
object
-
- entries
array
- items
array
- entries
- type
object
- properties
-
- references
array
- items
array
- references
- type
object
- properties
-
- rawResponse
object
- headers
object
- statusCode
integer
- rawResponse
Delete Entry
Delete an entry
Show details
Properties
- DN
textField
required
-
The DN to perform the operation on.
- Perform Operation As
dropDown
required
-
The user that will perform this operation.
-
Gateway Service Account (Default)
-
Proxied User - Match by Username
-
Proxied User - Match by Distinguished Name (DN)
-
- Proxied Authorization Username
textField
-
The user to perform this operation as.
- Proxied Authorization DN
textField
-
The Distinguished Name of the user to perform this operation as.
Input Schema
- default
object
-
- dn
string
required
- proxyAuthzUser
string
- proxyAuthzUsername
string
- proxyAuthzDn
string
- dn
- Output Schema
- output
object
-
- rawResponse
object
- headers
object
- statusCode
integer
- rawResponse