LDAP gateway and user type scenarios

Use the information in this section to solve various Lightweight Directory Access Protocol (LDAP) gateway and user type scenarios.

An LDAP gateway is disabled

Re-enable the LDAP gateway.

An LDAP gateway client is stopped

Start or restart the LDAP gateway client.

A user type is deleted

In the PingOne admin console, go to Integrations > Gateways.
Click the appropriate gateway and add a new user type:

The settings for the new user type should match those of the deleted one.
1. If the settings related to the underlying directory server have changed, adjust the settings of the new user type accordingly.
2. Get the ID of the existing LDAP gateway and the ID of the new user type.

Edit the sign-on policy you created to use the new user type.

If you use DaVinci to manage end-user authentication, update the Authenticate User via Kerberos and Migrate User through Gateway capabilities from the PingOne Authentication connector to use the new user type.

Use the API or the PingOne admin console to get the correlationAttributes attribute value for each user whose PingOne user record is pointing to the deleted user type.

Sample correlationAttributes attribute and its value:

"correlationAttributes": {
  "objectGUID": "c338caf3-6964-4d8b-b226-838a4b235cfe",
  "objectSid": "S-1-5-21-729906757-3091572434-2958842742-1114",
  "dn": "CN=Bob Newman,OU=NW,OU=People,DC=imokatdi,DC=ping-eng,DC=com",
  "sAMAccountName": "bnewman"
}

Use the PUT Update Password to update each applicable PingOne user record to point to the new user type.

Sample API request using curl:

curl --location --request PUT '{{apiPath}}/environments/{{envID}}/users/{{userID}}/password' \
--header 'Authorization: Bearer {{accessToken}}' \
--header 'Content-Type: application/vnd.pingidentity.password.setGateway+json' \
--data-raw '{
   "id": "{{existingGatewayID}}",
   "userType": {
     "id": "{{newUserTypeID}}"
   },
   "correlationAttributes": {
       "objectGUID": "c338caf3-6964-4d8b-b226-838a4b235cfe",
       "objectSid": "S-1-5-21-729906757-3091572434-2958842742-1114",
       "dn": "CN=Bob Newman,OU=NW,OU=People,DC=imokatdi,DC=ping-eng,DC=com",
       "sAMAccountName": "bnewman"
   }
}'

An LDAP gateway is deleted

In the PingOne admin console, go to Integrations > Gateways.
Add a new LDAP gateway and a new user type.

The settings in the new LDAP gateway and user type should match those of the deleted ones.
1. If the settings related to the underlying directory server have changed, adjust the settings of the new user type accordingly.
2. Get the ID of the new LDAP gateway and the ID of the new user type.

Create a sign-on policy to use the new user type.

If you use the LDAP connector, update it to use the new user type as well.

Use the API or the PingOne admin console to get the correlationAttributes attribute value for each user whose PingOne user record is pointing to the deleted user type.

Sample correlationAttributes attribute and its value:

"correlationAttributes": {
  "objectGUID": "c338caf3-6964-4d8b-b226-838a4b235cfe",
  "objectSid": "S-1-5-21-729906757-3091572434-2958842742-1114",
  "dn": "CN=Bob Newman,OU=NW,OU=People,DC=imokatdi,DC=ping-eng,DC=com",
  "sAMAccountName": "bnewman"
}

Use the PUT Update Password to update each applicable PingOne user record to point to the new user type.

Sample API request using curl:

curl --location --request PUT '{{apiPath}}/environments/{{envID}}/users/{{userID}}/password' \
--header 'Authorization: Bearer {{accessToken}}' \
--header 'Content-Type: application/vnd.pingidentity.password.setGateway+json' \
--data-raw '{
    "id": "{{newGatewayID}}",
    "userType": {
        "id": "{{newUserTypeID}}"
    },
    "correlationAttributes": {
        "objectGUID": "c338caf3-6964-4d8b-b226-838a4b235cfe",
        "objectSid": "S-1-5-21-729906757-3091572434-2958842742-1114",
        "dn": "CN=Bob Newman,OU=NW,OU=People,DC=imokatdi,DC=ping-eng,DC=com",
        "sAMAccountName": "bnewman"
    }
}'