You are here:

Search for Active Directory users

{ searchAdUsers }

Find users on the Active Directory.

Method

/API2/access/searchAdUsers

API Section: /API2/access

API Version: 2.0

From Release: 2018.5

Method operates via POST actions only.

Input Parameters

Name

ldapUsersSearch

Object Type

LdapUsersSearchObject

Description

The LDAP search object used to find users in teh LDAP directory.

Output Response

Successful Result Code

200

Response List Type

LdapUserObject[]

Description of Response Type

LDAP response object with details of each user found in the search. Note that the response is returned as a list of items of this object type.

Notes

Use this function with Active Directory Authentication provider. Build the search object to define the search parameters.

Examples

Create new Active Directory user (JavaScript):

This example demonstrates how to find and add a new user and roles in Pyramid, when using Active Directory authentication.

The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.

// URL of the Pyramid installation and the path to the API 2.0 REST methods
var pyramidURL = "http://mysite.com/api2/";

// step 1: authenticate admin account and get token. 
//This assumes authentication with Windows Authentication SSO. Therefore the account logging on is an admin account.
// NOTE: callApi method is a generic REST method shown below. And inside it, xhttp.withCredentials = true;
				
let token = callApi("auth/authenticateUserWindows",{},false); 
log("got token "+token);

//step 2: Get the defult tenant.
let defaultTenantResult = callApi("access/getDefaultTenant",{
	"auth": token // admin token generated above
});
let tenantId = defaultTenantResult.data;
log("default tenant, id= "+tenantId);

//step 3: search for an active directory user in the AD itself
let searchUsers=callApi("access/searchAdUsers",{
	"ldapUsersSearch":{
		"domainNetBios":"myAdDomain",
		"searchValue":"Smith",
		"ldapSearchType": 0, //search type enumeriation. 0 = exact
	},
	"auth": token // admin token generated above
});


let adUser = searchUsers.data[0];
log("adUser = "+adUser.firstName);

//step 4: creating a user using the results from the search in step 3
let createUser = callApi("access/createAdUser",{
	"newLdapUser": {
	"userName": adUser.userName, //using the search result from step 3 above
	"adminType": 0, //admin type
	"clientLicenseType": 100,//ClientLicenseType.Viewer
	"statusID": 1,
	"tenantId": tenantId, //tenant Id from above
	"adDomainName":"myAdDomain" 
	},
	"auth": token // admin token generated above
});
let userId = createUser.data.modifiedList[0].id;
log("created user "+userId);


//step 5: optional, changing the user from Viewer to Professional
let updateUser=callApi("access/updateAdUsers",{
	"updateLdapUser":[{
		"userName": adUser.userName,
		"adDomainName":"myAdDomain",
		"clientLicenseType": 200,//ClientLicenseType.Professional
	}],
	"auth": token
});


//step 6: creating 2 roles
let createRole=callApi("access/createRoles",{
	"data": [{
		"roleName": "role1",
		"tenantId": tenantId,
		"isGroupRole": false
	},{
		"roleName": "role2",
		"tenantId": tenantId,
		"isGroupRole": false
	}],
	"auth": token
});

let role1 = createRole.data.modifiedList[0].id;
let role2 = createRole.data.modifiedList[1].id;
log("created roles "+role1+","+role2);

//step 7: binding user to role1 from step 6
let addUserToRole=callApi("access/addUserToRole",{
	"addUserRoleData": {
		"userId":userId,
		"roleId":role1
	},
	"auth": token
});


//step 8: searchAdGroupsForUser, searching for AD groups of the given user in the given domain
let groups=callApi("access/searchAdGroupsForUser",{
	"searchData": {
		"domainNetBios":"myAdDomain",
		"userName":adUser.userName
	},
	"auth": token
});
log("groups of " + adUser.userName" + "+JSON.stringify(groups.data));
let selectedGroup=groups.data[0];


//step 9: add role2 to the AD security group from step 8
let addRoleToAdGroup=callApi("access/changeRoleAdGroupMembership",{
	"roleAdGroups": {
		"roleId":role2,
		"groupsToAdd":[{
			"domainNetBios":selectedGroup.domainAddress,
			"groupName":selectedGroup.name
		}]
	},
	"auth": token
});
log("addRoleToAdGroup "+JSON.stringify(addRoleToAdGroup));

//step 10: optional get all groups by role - this will find the selected Group from step 9
let groupsFound=callApi("access/getGroupsByRole",{
	"roleId":role2,
	"auth": token
});
log("found group "+groupsFound.data[0].name);

// ##### optional generic logging method for debugging ##############
function log(msg){
	document.write(msg);
	console.log(msg);
}

// ##### generic REST API calling method ##############
function callApi(path,data,parseResult=true){
	var xhttp = new XMLHttpRequest();
	
	//notice we changed callApi and added xhttp.withCredentials = true; to pass the windows credentials
	xhttp.withCredentials = true;
	
	xhttp.open("POST", pyramidURL+path, false);
	xhttp.send(JSON.stringify(data));
	if(parseResult){
		return JSON.parse(xhttp.responseText);
	}else{
		return xhttp.responseText;
	}
}

Feedback

Couldn't find what I was looking for

Help was confusing, unclear or incomplete

Instructions didn't work