Connectors

LDAP Connector

The Lightweight Directory Access Protocol (LDAP) connector for PingOne DaVinci lets you gain access to entries in an LDAP directory to be used in your PingOne DaVinci flow.

You can use the LDAP connector to:

  • Create a new entry in your LDAP store.

  • Reset a user’s password, including generating a new password.

  • Update a user or group’s profile.

  • Delete an entry from your LDAP store.

  • Search for and view a user’s group membership.

Setup

Resources

For information and setup help, see the following documentation:

**Documentation for your LDAP directory, such as PingDirectory:

Requirements

To use the connector, you’ll need:

  • An LDAP directory store, such as PingDirectory:

  • Your LDAP directory store credentials

  • A PingOne LDAP Gateway installation

  • A worker application for userless administration:

Setting up the LDAP connector

Review the prerequisites in Before you begin, and then follow the gateway set up instructions in Overview.

Setting up the connector configuration

In DaVinci, add an LDAP connector. For help, see Adding a connector.

Connector settings

Environment ID

Your PingOne Environment ID. In PingOne, go to Environment > Properties.

Client ID

The Client ID for your PingOne Worker application. In PingOne, go to Applications > Your application > Configuration.

Client secret

The Client secret for your PingOne Worker application. In PingOne, go to Applications > Your application > Configuration.

Region

Your PingOne environment region. In PingOne, go to Environment > Properties.

Using the connector in a flow

Managing entries in an LDAP directory store

The connector has several capabilities that allow you to manage entries in your LDAP directory store:

  • Create entry

  • Modify DN

  • Search entries

  • Delete entry

A screen capture of the

This flow allows the user to create a new entry in any LDAP directory.

  1. Customize the entry-creation parameters:

    1. Select the Create LDAP entry node.

    2. In the DN field, customize the distinguished name of the new entry.

    3. In the Attributes section, click the Add button. In the Variable Namefield, enter objectClass, and in the Value field, enter the name of the new entry’s objectClass according to the directory schema.

      The objectClass attribute value differs depending on the directory. For example, a new PingDirectory entry is an instance of the inetOrgPerson objectClass, while a new Active Directory (AD) entry is an instance of the user objectClass.

    4. In the Attributes section, click the Add button and populate the Variable Name and Value fields with information on the entry’s username.

      The Variable Name differs depending on the directory. For example, a new PingDirectory entry’s username requires a variable name of uid, while a new AD entry’s username requires a variable name of sAMAccountName.

    5. (Optional) In the Attributes section, add other attributes as permitted by the new entry’s objectClass.

    6. In the Perform Operation As list, select the user account performing the entry creation.

    7. Click Apply.

Managing passwords in an LDAP directory store

The connector has several capabilities that allow you to manage different entries' passwords in your LDAP directory store:

  • Generate password

  • Reset password

  • Check password

No special flow configuration is needed. Add the capability that you want and populate its properties according to the help text.

Managing attributes in an LDAP directory store

The connector has several capabilities that allow you to manage different entries' attributes in your LDAP directory store:

  • Modify attributes

  • Replace attributes

No special flow configuration is needed. Add the capability that you want and populate its properties according to the help text.

Capabilities

Create Entry

Create a new entry

Show details

Properties

DN textField required

The DN to perform the operation on.

Input attributes as JSON? toggleSwitch
Attributes variableInputList
Attributes codeEditor

Input attributes as a JSON object with the attribute names as the keys and the attribute values as the values. Multi-valued attributes may be provided as an array.

Perform Operation As dropDown required

The user that will perform this operation.

  • Gateway Service Account (Default)

  • Proxied User - Match by Username

  • Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object
dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string
Output Schema
output object
entry object
rawResponse object
headers object
statusCode integer

Generate Password

Generates a new password and sets it on an entry

Show details

Properties

DN textField required

The DN to perform the operation on.

Perform Operation As dropDown required

The user that will perform this operation.

  • Gateway Service Account (Default)

  • Proxied User - Match by Username

  • Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object
dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string
Output Schema
output object
password string
rawResponse object
headers object
statusCode integer

Modify DN

Changes the DN of an entry

Show details

Properties

DN textField required

The DN to perform the operation on.

New DN textField required

The new DN of the entry.

Perform Operation As dropDown required

The user that will perform this operation.

  • Gateway Service Account (Default)

  • Proxied User - Match by Username

  • Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object
dn string required
newDn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string
Output Schema
output object
entry object
properties object
dn string
attributes object
rawResponse object
headers object
statusCode integer

Replace Attributes

Replaces attribute values on an entry with the provided values

Show details

Properties

DN textField required

The DN to perform the operation on.

Input attributes as JSON? toggleSwitch
Attributes variableInputList
Attributes codeEditor

Input attributes as a JSON object with the attribute names as the keys and the attribute values as the values. Multi-valued attributes may be provided as an array.

Perform Operation As dropDown required

The user that will perform this operation.

  • Gateway Service Account (Default)

  • Proxied User - Match by Username

  • Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object
dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string
Output Schema
output object
entry object
rawResponse object
headers object
statusCode integer

Reset Password

Sets a given password on an entry

Show details

Properties

DN textField required

The DN to perform the operation on.

New Password textField required

The password to set on an entry.

Perform Operation As dropDown required

The user that will perform this operation.

  • Gateway Service Account (Default)

  • Proxied User - Match by Username

  • Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object
dn string required
newPassword string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string
Output Schema
output object
rawResponse object
headers object
statusCode integer

Search Entries

Search for entries

Show details

Properties

Base DN textField required

The base distinguished name of the search.

Filter textField required

The criteria for defining matching entries in a search.

Scope dropDown required

The set of entries at or below the BaseDN that may be considered potential matches in a search.

  • Whole Subtree

  • Base Object

  • Single Level

Entry Attributes multipleTextFields

The attributes that should be retrieved. All attributes will be retrieved if this is unset.

Retrieve Operational Attributes? toggleSwitch

Operational attributes will be retrieved when this is enabled.

Size Limit textField

The maximum number of entries to retrieve.

Time Limit textField

The maximum amount of time allowed for the search in seconds.

Types only toggleSwitch

Only the attribute names but not values will be returned when this is enabled.

Perform Operation As dropDown required

The user that will perform this operation.

  • Gateway Service Account (Default)

  • Proxied User - Match by Username

  • Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string
Output Schema
output object
entries array
items array
type object
properties
references array
items array
type object
properties
rawResponse object
headers object
statusCode integer

Delete Entry

Delete an entry

Show details

Properties

DN textField required

The DN to perform the operation on.

Perform Operation As dropDown required

The user that will perform this operation.

  • Gateway Service Account (Default)

  • Proxied User - Match by Username

  • Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object
dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string
Output Schema
output object
rawResponse object
headers object
statusCode integer