Create directory mapping

This method creates a directory mapping in the Vault.

To run this web service, the user must be a member of the Vault Admins group and have the following permissions:

Audit Users
Add/Update users
Manage Directory Mapping

URL

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

https://<IIS_Server_Ip>/PasswordVault/API/Configuration/LDAP/Directories/{DirectoryUID}/Mappings/

Resource Information

HTTP method	POST
Content type	application/json

Header parameter

Parameter	Authorization
Type	String
Description	The token that identifies the session.
Valid values	A session token that was returned from the “Logon” method.

Body parameters

{
"MappingName": "string",
"LDAPBranch": "string",
"DomainGroups": [
"string"
],
"MappingAuthorizations": [
],
"UserActivityLogPeriod": <1-3650>
}

Parameter	MappingName
Type	String
Description	The name of the PAM - Self-Hosted role that will be created. For example: Vault Admins, Safe Managers.
Mandatory	Yes
Parameter	LDAPBranch
Type	String
Description	The LDAP branch that will be used for external directory queries.
Mandatory	Yes
Parameter	DirectoryMappingOrder
Type	Int
Description	The order of the Maps in the Directory Mapping window is the order in which the Maps are matched with users and groups from the External Directory to determine if they can be created in the Vault.
Default Value	Will be added as last.
Mandatory	No
Parameter	DomainGroups
Type	List of Strings
Description	Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAM - Self-Hosted system.
Mandatory	No
Parameter	MappingAuthorization
Type	List of Strings
Description	The security attributes and authorizations that will be applied when an LDAP User Account is created in the Vault. Possible authorizations: AddSafes AuditUsers AddUpdateUsers ResetUsersPasswords ActivateUsers AddNetworkAreas ManageServerFileCategories BackupAllSafes RestoreAllSafes To apply specific authorizations to a mapping, the user must have the same authorizations.
Mandatory	No
Parameter	Location
Type	String
Description	The mapped users will be added under the specific Vault's location.
Mandatory	No
Parameter	Groups
Type	List of Strings
Description	The mapped users will be added to one or more built-in Vault's groups.
Mandatory	No
Parameter	UserActivityLogPeriod
Type	Number
Description	The number of days that activity records are stored for users in the current mapping before they can be deleted.
Valid values	1-3650

Result

{
"MappingName": "string",
"LDAPBranch": "string",
"DomainGroups": [
"string"
],
"MappingAuthorizations": [
1
],
"DirectoryMappingOrder": 0
}

Parameter	MappingID
Type	Int
Description	The UID of the specific mapping that was created.
Parameter	DirectoryMappingOrder
Type	Int
Description	The order of the Maps in the Directory Mapping window is the order in which the Maps are matched with users and groups from the External Directory to determine if they can be created in the Vault.
Parameter	MappingName
Type	String
Description	The unique name of the PAM - Self-Hosted role that will be created.
Parameter	LDAPBranch
Type	String
Description	The LDAP branch that will be used for external directory queries.
Parameter	DomainGroups
Type	String
Description	Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAM - Self-Hosted system.
Parameter	MappingAuthorization
Type	String
Description	The security attributes and authorizations that will be applied when an LDAP User Account is created in the Vault.
Parameter	Location
Type	String
Description	The specific Vault's location that the mapped users will be added under.
Parameter	VaultGroups
Type	String
Description	The mapped users will be added to one or more built-in Vault's groups.

Return codes

For a complete list of return codes, see Return Codes.