createDirectoryProvider
Creates a new Active Directory or LDAP directory provider.
You must specify a providerName
.
Arguments | Descriptions | ||
---|---|---|---|
providerName |
Name for a LDAP directory provider that must be unique. This human-readable name appears in the user interface to identify users and groups from this provider. Argument type: String |
||
allowNestedGroupsApprovers |
(Optional) <Boolean flag - Determines whether users in nested LDAP groups should be allowed to approve a manual task when a parent LDAP group is assigned as an approver for the task and recursive traversal of group hierarchy is enabled for the directory provider. Argument type: Boolean |
||
commonGroupNameAttribute |
(Optional) The attribute in a group record that contains the common group name. If specified, this name is used only when searching for groups from an external provider. Use this argument if the Argument type: String |
||
description |
(Optional) A plain text or HTML description for this object. If using HTML, you must surround your text with Argument type: String |
||
domainName |
(Optional) The domain name from which Active Directory servers are automatically discovered. Argument type: String |
||
emailAttribute |
(Optional) The attribute in an LDAP user record that contains the user’s email address. If the attribute is not specified, the account name and domain name are concatenated to form an email address. Argument type: String |
||
enableGroups |
(Optional) <Boolean flag - Argument type: Boolean |
||
fullUserNameAttribute |
(Optional) The attribute in a user record that contains the user’s full name (first and last) to display in the UI. If this attribute is not specified or the resulting value is empty, the user’s account name is used instead. Argument type: String |
||
groupBase |
(Optional) The string is prepended to the Argument type: String |
||
groupMemberAttributes |
(Optional) A comma-separated attribute name list that identifies a group member. Most LDAP configurations only specify a single value, but if there is a mixture of POSIX and LDAP style groups in the directory, multiple attributes may be required. Argument type: String |
||
groupMemberFilter |
(Optional) This LDAP query is performed in the groups directory context to identify groups containing a specific user as a member. Two common forms of group record in LDAP directories: POSIX style groups where members are identified by account name, and Argument type: String |
||
groupNameAttribute |
(Optional) The attribute in a group record that contains the name of the group. Argument type: String |
||
groupSearchFilter |
(Optional) This LDAP query is performed in the context of the groups directory to enumerate group records. Argument type: String |
||
managerDn |
(Optional) The domain name (DN) of a user who has read-only access to LDAP user and group directories. If this property is not specified, the server attempts to connect as an unauthenticated user. Not all servers allow anonymous read-only access.
Argument type: String |
||
managerPassword |
(Optional) If the Argument type: String |
||
membershipAttribute |
(Optional) Attribute defined on an LDAP user or group entry used by the LDAP provider to specify the group membership. Argument type: String |
||
membershipFilter |
(Optional) LDAP filter to search for groups to which an LDAP user or group belongs. Argument type: String |
||
nestedGroupDepthLimit |
(Optional) Maximum number of group hierarchy levels that will be traversed for retrieving nested group membership information. Argument type: Integer |
||
notifyUsersInNestedGroups |
(Optional) <Boolean flag - Determines whether users in nested LDAP groups should be included when notifications for a parent LDAP group are sent and recursive traversal of group hierarchy is enabled for the directory provider. Argument type: Boolean |
||
providerType |
(Optional) Type string for a directory provider: Argument type: ProviderType |
||
realm |
(Optional) This is an identifier (string) used for LDAP directory providers so users and groups (within LDAP) can be uniquely identified in "same name" collisions across multiple directory providers. The realm is appended to the user or group name when stored in the CloudBees CD/RO server. For example, < user >@dir (where the realm is set to "dir"). Argument type: String |
||
traverseHierarchy |
(Optional) <Boolean flag - Argument type: Boolean |
||
url |
(Optional) The server URL is in the form
Argument type: String |
||
useSSL |
(Optional) <Boolean flag -
Argument type: Boolean |
||
userBase |
(Optional) This string is prepended to the Argument type: String |
||
userNameAttribute |
(Optional) The attribute in a user record that contains the user’s account name. Argument type: String |
||
userSearchFilter |
(Optional) This LDAP query is performed in the context of the user directory to search for a user by account name. The string “{0}” is replaced with the user’s login ID. Typically, the query compares a user record attribute with the substituted user login ID. Argument type: String |
||
userSearchSubtree |
(Optional) < Boolean flag — If Argument type: Boolean |
deleteDirectoryProvider
getDirectoryProvider
Retrieves a directory provider by name.
You must specify a providerName
.
Arguments | Descriptions |
---|---|
providerName |
The name of the directory provider that must be unique. Argument Type: String |
Response
One directoryProvider
element.
Note: For security reasons, the managerPassword
field is never returned.
modifyDirectoryProvider
Modifies an existing LDAP directory provider.
You must specify the providerName
.
Arguments | Descriptions | ||
---|---|---|---|
providerName |
The name of the directory provider that must be unique. Argument Type: String |
||
allowNestedGroupsApprovers |
(Optional) <Boolean flag - Determines whether users in nested LDAP groups should be allowed to approve a manual task when a parent LDAP group is assigned as an approver for the task and recursive traversal of group hierarchy is enabled for the directory provider. Argument type: Boolean |
||
commonGroupNameAttribute |
(Optional) The attribute in a group record that contains the common group name. If specified, this name is used only when searching for groups from an external provider. Use this argument if the Argument Type: String |
||
description |
(Optional) A plain text or HTML description for this object. If using HTML, you must surround your text with Argument Type: String |
||
domainName |
(Optional) The domain from which Active Directory servers are automatically discovered. Argument Type: String |
||
emailAttribute |
(Optional) The attribute in a user record that contains the user’s email address. If the attribute is not specified, the account name and domain name are concatenated to form an email address. Argument Type: String |
||
enableGroups |
(Optional) < Boolean flag— This determines whether or not to enable external groups for the directory provider. Defaults to Argument Type: Boolean |
||
fullUserNameAttribute |
(Optional) The attribute in a user record that contains the user’s full name (first and last) for display in the UI. If this attribute is not specified or the resulting value is empty, the user’s account name is used instead. Argument Type: String |
||
groupBase |
(Optional) This string is prepended to the Argument Type: String |
||
groupMemberAttributes |
(Optional) A comma-separated attribute name list that identifies a group member. Most LDAP configurations only specify a single value, but if there is a mixture of POSIX and LDAP style groups in the directory, multiple attributes might be required. Argument Type: String |
||
groupMemberFilter |
(Optional) This LDAP query is performed in the group directory context to identify groups containing a specific user as a member. Two common forms of group record in LDAP directories: POSIX style groups where members are identified by account name, and Argument Type: String |
||
groupNameAttribute |
(Optional) The group record attribute that contains the name of the group. Argument Type: String |
||
groupSearchFilter |
(Optional) A filter name: this LDAP query is performed in the context of the groups directory to enumerate group records. Argument Type: String |
||
managerDn |
(Optional) The DN of a user who has read access to LDAP user and group directories. If this property is not specified, the server attempts to connect as an unauthenticated user. Not all servers allow anonymous read-only access.
Argument Type: String |
||
managerPassword |
(Optional) If the Argument Type: String |
||
membershipAttribute |
(Optional) Attribute defined on an LDAP user or group entry used by the LDAP provider to specify the group membership. Argument type: String |
||
membershipFilter |
(Optional) LDAP filter to search for groups to which an LDAP user or group belongs. Argument type: String |
||
nestedGroupDepthLimit |
(Optional) Maximum number of group hierarchy levels that will be traversed for retrieving nested group membership information. Argument type: Integer |
||
newName |
(Optional) New name of the directory provider. Argument Type: String |
||
notifyUsersInNestedGroups |
(Optional) <Boolean flag - Determines whether users in nested LDAP groups should be included when notifications for a parent LDAP group are sent and recursive traversal of group hierarchy is enabled for the directory provider. Argument type: Boolean |
||
providerType |
(Optional) Type string for a directory provider: < Argument Type: DirectoryType |
||
realm |
(Optional) This is an identifier (string) used for LDAP directory providers so users and groups (within LDAP) can be uniquely identified in "same name" collisions across multiple directory providers. The Argument Type: String |
||
traverseHierarchy |
(Optional) <Boolean flag - Argument type: Boolean |
||
url |
(Optional) The LDAP server URL is in the form
Argument Type: String |
||
useSSL |
(Optional) < Boolean flag— If this is set to Argument Type: Boolean |
||
userBase |
(Optional) This string is prepended to the Argument Type: String |
||
userNameAttribute |
(Optional) The attribute in a user record that contains the user’s account name. Argument Type: String |
||
userSearchFilter |
(Optional) This LDAP query is performed in the context of the user directory to search for a user by account name. The string Argument Type: String |
||
userSearchSubtree |
(Optional) < Boolean flag— If this is set to Argument Type: Boolean |
||
useSSL |
< Boolean flag—
Argument Type: Boolean |
moveDirectoryProvider
Moves an Active Directory or LDAP directory provider in front of another specified provider or to the end of the list.
You must specify a providerName
.
Arguments | Descriptions |
---|---|
providerName |
The name of the directory provider that must be unique. Argument Type: String |
beforeProviderName |
Moves this directory provider ( Argument Type: String |
testDirectoryProvider
Tests that a specific user name and password combination work with the specified directory provider settings.
You must specify userName
and password
(the command will prompt for the password if it is omitted).
Arguments | Descriptions | ||
---|---|---|---|
userName |
The name of the user you are testing for this provider. Argument Type: String |
||
password |
The password for the user that you are testing for this provider. The command will prompt for the password if it is omitted. Argument Type: String |
||
allowNestedGroupsApprovers |
(Optional) <Boolean flag - Determines whether users in nested LDAP groups should be allowed to approve a manual task when a parent LDAP group is assigned as an approver for the task and recursive traversal of group hierarchy is enabled for the directory provider. Argument type: Boolean |
||
commonGroupNameAttribute |
(Optional) The attribute in a group record that contains the common group name. If specified, this name is used only when searching for groups from an external provider. Use this argument if the Argument Type: String |
||
description |
(Optional) A plain text or HTML description for this object. If using HTML, you must surround your text with Argument Type: String |
||
domainName |
(Optional) The domain from which Active Directory servers are automatically discovered. Argument Type: String |
||
emailAttribute |
(Optional) The attribute in a user record that contains the user’s email address. If the attribute is not specified, the account name and domain name are concatenated to form an email address. Argument Type: String |
||
enableGroups |
(Optional) < Boolean flag— Argument Type: Boolean |
||
fullUserNameAttribute |
(Optional) The attribute in a user record that contains the user’s full name (first and last) for display in the UI. If this attribute is not specified or the resulting value is empty, the user’s account name is used instead. Argument Type: String |
||
groupBase |
(Optional) This string is prepended to the Argument Type: String |
||
groupMemberAttributes |
(Optional) A comma separated attribute name list that identifies a group member. Most LDAP configurations only specify a single value, but if there is a mixture of POSIX and LDAP style groups in the directory, multiple attributes might be required. Argument Type: String |
||
groupMemberFilter |
(Optional) This LDAP query is performed in the groups directory context to identify groups containing a specific user as a member. Two common forms of group record in LDAP directories: POSIX style groups where members are identified by account name, and Argument Type: String |
||
groupNameAttribute |
(Optional) The group record attribute that contains the name of the group. Argument Type: String |
||
groupSearchFilter |
(Optional) This LDAP query is performed in the context of the groups directory to enumerate group records. Argument Type: String |
||
managerDn |
(Optional) The DN of a user who has read-only access to LDAP user and group directories. If this property is not specified, the server attempts to connect as an unauthenticated user. Not all servers allow anonymous read-only access.
Argument Type: String |
||
managerPassword |
(Optional) If the Argument Type: String |
||
membershipAttribute |
(Optional) Attribute defined on an LDAP user or group entry used by the LDAP provider to specify the group membership. Argument type: String |
||
membershipFilter |
(Optional) LDAP filter to search for groups to which an LDAP user or group belongs. Argument type: String |
||
nestedGroupDepthLimit |
(Optional) Maximum number of group hierarchy levels that will be traversed for retrieving nested group membership information. Argument type: Integer |
||
notifyUsersInNestedGroups |
(Optional) <Boolean flag - Determines whether users in nested LDAP groups should be included when notifications for a parent LDAP group are sent and recursive traversal of group hierarchy is enabled for the directory provider. Argument type: Boolean |
||
providerType |
(Optional) Type string for a directory provider: Argument Type: DirectoryType |
||
realm |
(Optional) This is an identifier (string) used for LDAP directory providers so users and groups (within LDAP) can be uniquely identified in "same name" collisions across multiple directory providers. The realm is appended to the user or group name when stored in the CloudBees CD/RO server. For example, < user >@dir (where the realm is set to "dir"). Argument Type: String |
||
traverseHierarchy |
(Optional) <Boolean flag - Argument type: Boolean |
||
url |
(Optional) The LDAP server URL is in the form
Argument Type: String |
||
useDefaults |
(Optional) < Boolean flag - ` 0|1|true|false` > If this argument is set to Argument Type: Boolean |
||
useSSL |
(Optional) < Boolean flag - ` 0|1|true|false` > If this argument is set to Argument Type: Boolean |
||
userBase |
(Optional) This string is prepended to the base DN to construct the directory DN that contains user records. Argument Type: String |
||
userNameAttribute |
(Optional) The attribute in a user record that contains the user’s account name. Argument Type: String |
||
userSearchFilter |
(Optional) A filter name. This LDAP query is performed in the context of the user directory to search for a user by account name. The string Argument Type: String |
||
userSearchSubtree |
(Optional) < Boolean flag - ` 0|1|true|false` > If "true", recursively search the subtree below the user base. Argument Type: Boolean |
||
useSSL |
(Optional) < Boolean flag - ` 0|1|true|false` > Use this flag to define whether or not SSL is used for server-agent communication, or if you need to use SSL to communicate with your Active Directory servers. Default is "true".
Argument Type: Boolean |
Response
Three queries are returned: One query authenticates the user userAuthenticationTest
, one query retrieves information about the user findUserTest
, and one shows the results of finding groups where the user is a member findGroupsTest
.