LDAP Connector - PingOne Cloud Platform - PingOne Services - PingOne DaVinci

Page created: 17 Mar 2022 |

Page updated: 13 Dec 2022

| 7 min read

PingOne DaVinci Product PingOne Cloud Platform PingOne PingOne Services Home Page Doc Tools

The LDAP connector for PingOne DaVinci lets you gain access to entries in an LDAP directory to be used in your PingOne DaVinci flow.

You can use the LDAP connector to:

Create a new entry in your LDAP store
Reset a user's password, including generating a new password
Update a user or group's profile
Delete an entry from your LDAP store
Search for and view a user's group membership

Setup

Resources

For information and setup help, see the following documentation:

PingOne Gateway documentation
- Introduction to Gateways
Documentation for your LDAP directory, such as PingDirectory
- Introduction to PingDirectory Server
DaVinci documentation
- Adding a connector
- Importing a flow from the Flow Library

Requirements

To use the connector, you'll need:

An LDAP directory store, such as PingDirectory
- For more information, see Supported directories.
Your LDAP directory store credentials
A PingOne LDAP Gateway installation
A worker application for userless administration
- For more information, see the Worker application documentation.

Setting up the LDAP connector

Review the prerequisites in Before you begin, and then follow the gateway set up instructions in Overview.

Setting up the connector configuration

In DaVinci, add an LDAP connector. For help, see Adding a connector.

Connector settings

Environment ID

Your PingOne Environment ID. In PingOne, go to Environment > Properties.

Client ID

The Client ID for your PingOne Worker application. In PingOne, go to Applications > Your application > Configuration.

Client secret

The Client secret for your PingOne Worker application. In PingOne, go to Applications > Your application > Configuration.

Region

Your PingOne environment region. In PingOne, go to Environment > Properties.

Using the connector in a flow

Managing entries in an LDAP directory store

The connector has several capabilities that allow you to manage entries in your LDAP directory store:

Capabilities	Description
Create Entry	Use to create users, groups, and other entries.
Generate Password	Generate a user password with the Password Modify Extended Operation.
Modify DN	Edit the DN of an entry.
Replace Attribute	Edit entry attributes other than the DN. This capability does not include deleting or adding a value, which is handled by the Modify Attributes capability.
Modify Attribute	Edit entry attributes by adding or removing a value. This capability is also used to add or remove values from a multivalued attribute.
Reset Password	Provide a new value for the user's password.
Search Entries	Search for users, groups, and other entries.
Delete Entry	Delete any LDAP object.
Check Password	Validate a user's password.

No special flow configuration is needed. Add the capability you want and populate its properties according to the help text.

Capabilities

Create Entry

Create a new entry

Properties

DN textField required

The DN to perform the operation on.

Input attributes as JSON? toggleSwitch

Attributes variableInputList

Attributes codeEditor

Input attributes as a JSON object with the attribute names as the keys and the attribute values as the values. Multi-valued attributes may be provided as an array.

Perform Operation As dropDown required

The user that will perform this operation.

Gateway Service Account (Default)
Proxied User - Match by Username
Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object

dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string

Output Schema

output object

entry object
rawResponse object
headers object
statusCode integer

Generate Password

Generates a new password and sets it on an entry

Properties

DN textField required

The DN to perform the operation on.

Perform Operation As dropDown required

The user that will perform this operation.

Gateway Service Account (Default)
Proxied User - Match by Username
Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object

dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string

Output Schema

output object

password string
rawResponse object
headers object
statusCode integer

Modify DN

Changes the DN of an entry

Properties

DN textField required

The DN to perform the operation on.

New DN textField required

The new DN of the entry.

Perform Operation As dropDown required

The user that will perform this operation.

Gateway Service Account (Default)
Proxied User - Match by Username
Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object

dn string required
newDn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string

Output Schema

output object

entry object

properties object

dn string
attributes object

rawResponse object

headers object

statusCode integer

Replace Attributes

Replaces attribute values on an entry with the provided values

Properties

DN textField required

The DN to perform the operation on.

Input attributes as JSON? toggleSwitch

Attributes variableInputList

Attributes codeEditor

Input attributes as a JSON object with the attribute names as the keys and the attribute values as the values. Multi-valued attributes may be provided as an array.

Perform Operation As dropDown required

The user that will perform this operation.

Gateway Service Account (Default)
Proxied User - Match by Username
Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object

dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string

Output Schema

output object

entry object
rawResponse object
headers object
statusCode integer

Reset Password

Sets a given password on an entry

Properties

DN textField required

The DN to perform the operation on.

New Password textField required

The password to set on an entry.

Perform Operation As dropDown required

The user that will perform this operation.

Gateway Service Account (Default)
Proxied User - Match by Username
Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object

dn string required
newPassword string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string

Output Schema

output object

rawResponse object
headers object
statusCode integer

Search Entries

Search for entries

Properties

Base DN textField required

The base distinguished name of the search.

Filter textField required

The criteria for defining matching entries in a search.

Scope dropDown required

The set of entries at or below the BaseDN that may be considered potential matches in a search.

Whole Subtree
Base Object
Single Level

Entry Attributes multipleTextFields

The attributes that should be retrieved. All attributes will be retrieved if this is unset.

Retrieve Operational Attributes? toggleSwitch

Operational attributes will be retrieved when this is enabled.

Size Limit textField

The maximum number of entries to retrieve.

Time Limit textField

The maximum amount of time allowed for the search in seconds.

Types only toggleSwitch

Only the attribute names but not values will be returned when this is enabled.

Perform Operation As dropDown required

The user that will perform this operation.

Gateway Service Account (Default)
Proxied User - Match by Username
Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object

proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string

Output Schema

output object

entries array

items array

type object
properties

references array

items array

type object
properties

rawResponse object

headers object

statusCode integer

Delete Entry

Delete an entry

Properties

DN textField required

The DN to perform the operation on.

Perform Operation As dropDown required

The user that will perform this operation.

Gateway Service Account (Default)
Proxied User - Match by Username
Proxied User - Match by Distinguished Name (DN)

Proxied Authorization Username textField

The user to perform this operation as.

Proxied Authorization DN textField

The Distinguished Name of the user to perform this operation as.

Input Schema

default object

dn string required
proxyAuthzUser string
proxyAuthzUsername string
proxyAuthzDn string

Output Schema

output object

rawResponse object
headers object
statusCode integer