Directory provider

7 minute readReference

createDirectoryProvider

Creates a new Active Directory or LDAP directory provider.

Arguments

Argument Name Type Description

providerName

String

(Required) Name for a LDAP directory provider; must be unique.

allowNestedGroupsApprovers

Boolean

Specifies if users in nested LDAP groups should be allowed to approve a manual task when a parent LDAP group is assigned as an approver for the task and recursive traversal of group hierarchy is enabled for the directory provider.

commonGroupNameAttribute

String

The attribute in a group record that contains the common name of the group. If specified, it is only used when searching for groups from an external provider. Typically used when the group name attribute is set to distinguishedName, because that field is not searchable.

description

String

Comment text describing this object that is not interpreted at all by CloudBees CD/RO.

domainName

String

The domain from which the Active Directory server(s) are automatically discovered.

emailAttribute

String

The attribute in a LDAP user record that contains the user’s email.

enableGroups

Boolean

Determines whether or not to enable external groups for the directory provider.

fullUserNameAttribute

String

The attribute in a user record that contains the user’s full name (first and last).

groupBase

String

String prepended to the base DN to construct the DN of the directory that contains group records.

groupMemberAttributes

String

Comma separated list of attribute names that can identify a member of a group.

groupMemberFilter

String

LDAP query string for the groups directory to find groups that contain a given user as a member.

groupNameAttribute

String

The attribute in a group record that contains the name of the group.

groupSearchFilter

String

LDAP query string used in group directory to enumerate group records.

managerDn

String

The name of a user who has read-only access to the LDAP or Active Directory server. Typically a DN (distinguished name). A simple name may be used when the Active Directory server’s URL is being auto-discovered via DNS.

managerPassword

String

Secret value used to identify the account for the query user.

membershipAttribute

String

Attribute defined on an LDAP user or group entry used by the LDAP provider for specifying the group membership.

membershipFilter

String

LDAP filter to search for groups that an LDAP user or group belongs to.

nestedGroupDepthLimit

Integer

Maximum number of group hierarchy levels that will be traversed for retrieving nested group membership information.

notifyUsersInNestedGroups

Boolean

Whether users in nested LDAP groups should be included when sending notifications for a parent LDAP group and recursive traversal of group hierarchy is enabled for the directory provider.

providerType

DirectoryType

Type string for a directory provider. Should be ldap or activedirectory.

realm

String

The realm of the LDAP directory provider. This is used to create unique user names when there are multiple providers.

traverseHierarchy

Boolean

Whether or not to enable recursive traversal of group hierarchy for nested group membership information.

url

String

The url of the LDAP Directory Provider server.

useSSL

Boolean

True means SSL is used for communication.

userBase

String

Used to construct the DN of the directory that contain user records.

userNameAttribute

String

The attribute in a user record that contains the user’s account name.

userSearchFilter

String

RFC 2254 LDAP query to search for a user by name.

userSearchSubtree

Boolean

If true recursively search the subtree below the user base.

Positional arguments

providerName

Usage

ec-perl

$cmdr->createDirectoryProvider(<providerName>, {<optionals>});

ectool

ectool createDirectoryProvider providerName, [optionals]

deleteDirectoryProvider

Deletes an Active Directory or LDAP directory provider.

Arguments

Argument Name Type Description

providerName

String

(Required) Name for a LDAP directory provider; must be unique.

Positional arguments

providerName

Usage

ec-perl

$cmdr->deleteDirectoryProvider(<providerName>);

ectool

ectool deleteDirectoryProvider providerName

getDirectoryProvider

Retrieves a directory provider by name.

Arguments

Argument Name Type Description

providerName

String

(Required) Name for a LDAP directory provider; must be unique.

Positional arguments

providerName

Usage

ec-perl

$cmdr->getDirectoryProvider(<providerName>);

ectool

ectool getDirectoryProvider providerName

getDirectoryProviders

Retrieves all directory providers.

Arguments

None.

Positional arguments

None.

Usage

ec-perl

$cmdr->getDirectoryProviders();

ectool

ectool getDirectoryProviders

modifyDirectoryProvider

Modifies an existing LDAP directory provider.

Arguments

Argument Name Type Description

providerName

String

(Required) Name for a LDAP directory provider; must be unique.

allowNestedGroupsApprovers

Boolean

Specifies if users in nested LDAP groups should be allowed to approve a manual task when a parent LDAP group is assigned as an approver for the task and recursive traversal of group hierarchy is enabled for the directory provider.

commonGroupNameAttribute

String

The attribute in a group record that contains the common name of the group. If specified, it is only used when searching for groups from an external provider. Typically used when the group name attribute is set to distinguishedName, because that field is not searchable.

description

String

Comment text describing this object that is not interpreted at all by CloudBees CD/RO.

domainName

String

The domain from which the Active Directory server(s) are automatically discovered.

emailAttribute

String

The attribute in a LDAP user record that contains the user’s email.

enableGroups

Boolean

Determines whether or not to enable external groups for the directory provider.

fullUserNameAttribute

String

The attribute in a user record that contains the user’s full name (first and last).

groupBase

String

String prepended to the base DN to construct the DN of the directory that contains group records.

groupMemberAttributes

String

Comma separated list of attribute names that can identify a member of a group.

groupMemberFilter

String

LDAP query string for the groups directory to find groups that contain a given user as a member.

groupNameAttribute

String

The attribute in a group record that contains the name of the group.

groupSearchFilter

String

LDAP query string used in group directory to enumerate group records.

managerDn

String

The name of a user who has read-only access to the LDAP or Active Directory server. Typically a DN (distinguished name). A simple name may be used when the Active Directory server’s URL is being auto-discovered via DNS.

managerPassword

String

Secret value used to identify the account for the query user.

membershipAttribute

String

Attribute defined on an LDAP user or group entry used by the LDAP provider for specifying the group membership.

membershipFilter

String

LDAP filter to search for groups that an LDAP user or group belongs to.

nestedGroupDepthLimit

Integer

Maximum number of group hierarchy levels that will be traversed for retrieving nested group membership information.

newName

String

The new name for an existing object that is being renamed.

notifyUsersInNestedGroups

Boolean

Whether users in nested LDAP groups should be included when sending notifications for a parent LDAP group and recursive traversal of group hierarchy is enabled for the directory provider.

providerType

DirectoryType

Type string for a directory provider. Should be ldap or activedirectory.

realm

String

The realm of the LDAP directory provider. This is used to create unique user names when there are multiple providers.

traverseHierarchy

Boolean

Whether or not to enable recursive traversal of group hierarchy for nested group membership information.

url

String

The url of the LDAP Directory Provider server.

useSSL

Boolean

True means SSL is used for communication.

userBase

String

Used to construct the DN of the directory that contain user records.

userNameAttribute

String

The attribute in a user record that contains the user’s account name.

userSearchFilter

String

RFC 2254 LDAP query to search for a user by name.

userSearchSubtree

Boolean

If true recursively search the subtree below the user base.

Positional arguments

providerName

Usage

ec-perl

$cmdr->modifyDirectoryProvider(<providerName>, {<optionals>});

ectool

ectool modifyDirectoryProvider providerName, [optionals]

moveDirectoryProvider

Moves an Active Directory or LDAP directory provider in front of another specified provider or to the end of the list.

Arguments

Argument Name Type Description

providerName

String

(Required) Name for a LDAP directory provider; must be unique.

beforeProviderName

String

Used when reordering the directory providers: the provider is moved to a position just before this provider. Blank means move the provider to the end of the provider list.

Positional arguments

providerName

Usage

ec-perl

$cmdr->moveDirectoryProvider(<providerName>, {<optionals>});

ectool

ectool moveDirectoryProvider providerName, [optionals]

testDirectoryProvider

Tests that a specific user name and password combination work with the specified directory provider settings.

Arguments

Argument Name Type Description

userName

String

(Required) The name of the user to be used for LDAP testing.

password

String

(Required) User’s password for the user name to be used for LDAP testing.

allowNestedGroupsApprovers

Boolean

Specifies if users in nested LDAP groups should be allowed to approve a manual task when a parent LDAP group is assigned as an approver for the task and recursive traversal of group hierarchy is enabled for the directory provider.

commonGroupNameAttribute

String

The attribute in a group record that contains the common name of the group. If specified, it is only used when searching for groups from an external provider. Typically used when the group name attribute is set to distinguishedName, because that field is not searchable.

domainName

String

The domain from which the Active Directory server(s) are automatically discovered.

emailAttribute

String

The attribute in a LDAP user record that contains the user’s email.

enableGroups

Boolean

Determines whether or not to enable external groups for the directory provider.

fullUserNameAttribute

String

The attribute in a user record that contains the user’s full name (first and last).

groupBase

String

String prepended to the base DN to construct the DN of the directory that contains group records.

groupMemberAttributes

String

Comma separated list of attribute names that can identify a member of a group.

groupMemberFilter

String

LDAP query string for the groups directory to find groups that contain a given user as a member.

groupNameAttribute

String

The attribute in a group record that contains the name of the group.

groupSearchFilter

String

LDAP query string used in group directory to enumerate group records.

managerDn

String

The name of a user who has read-only access to the LDAP or Active Directory server. Typically a DN (distinguished name). A simple name may be used when the Active Directory server’s URL is being auto-discovered via DNS.

managerPassword

String

Secret value used to identify the account for the query user.

membershipAttribute

String

Attribute defined on an LDAP user or group entry used by the LDAP provider for specifying the group membership.

membershipFilter

String

LDAP filter to search for groups that an LDAP user or group belongs to.

nestedGroupDepthLimit

Integer

Maximum number of group hierarchy levels that will be traversed for retrieving nested group membership information.

notifyUsersInNestedGroups

Boolean

Whether users in nested LDAP groups should be included when sending notifications for a parent LDAP group and recursive traversal of group hierarchy is enabled for the directory provider.

providerType

DirectoryType

Type string for a directory provider. Should be ldap or activedirectory.

realm

String

The realm of the LDAP directory provider. This is used to create unique user names when there are multiple providers.

traverseHierarchy

Boolean

Whether or not to enable recursive traversal of group hierarchy for nested group membership information.

url

String

The url of the LDAP Directory Provider server.

useDefaults

Boolean

Used for testing active directory providers and determines whether defaults will be used for fields that remain blank.

useSSL

Boolean

True means SSL is used for communication.

userBase

String

Used to construct the DN of the directory that contain user records.

userNameAttribute

String

The attribute in a user record that contains the user’s account name.

userSearchFilter

String

RFC 2254 LDAP query to search for a user by name.

userSearchSubtree

Boolean

If true recursively search the subtree below the user base.

Positional arguments

userName, password

Usage

ec-perl

$cmdr->testDirectoryProvider(<userName>, <password>, {<optionals>});

ectool

ectool testDirectoryProvider userName, password, [optionals]