Create directory mapping

This method creates a directory mapping in the Vault.

To run this web service, the user must be a member of the Vault Admins group and have the following permissions:

  • Audit Users

  • Add/Update users

  • Manage Directory Mapping

URL

 

The following characters are not supported in URL values: + & %

 

 

https://<IIS_Server_Ip>/PasswordVault/api/Configuration/LDAP/Directories/{DirectoryUID}/Mappings

Resource Information

HTTP method

POST

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Valid values

A session token that was returned from the “Logon” method.

Body parameters

 
{
"MappingName": "string",
"LDAPBranch": "string",
"DomainGroups": [
"string"
],
"MappingAuthorizations": [
],
"UserActivityLogPeriod": <1-3650>
}

 

Parameter

MappingName

Type

String

Description

The name of the PAS role that will be created. For example: Vault Admins, Safe Managers.

Mandatory

Yes

Parameter

LDAPBranch

Type

String

Description

The LDAP branch that will be used for external directory queries.

Mandatory

Yes

Parameter

DirectoryMappingOrder

Type

Int

Description

The order of the Maps in the Directory Mapping window is the order in which the Maps are matched with users and groups from the External Directory to determine if they can be created in the Vault.

Default Value

Will be added as last.

Mandatory

No

Parameter

DomainGroups

Type

List of Strings

Description

Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system.

Mandatory

No

Parameter

MappingAuthorization

Type

List of Strings

Description

The security attributes and authorizations that will be applied when an LDAP User Account is created in the Vault.

Possible authorizations:

  • AddSafes
  • AuditUsers
  • AddUpdateUsers
  • ResetUsersPasswords
  • ActivateUsers
  • AddNetworkAreas
  • ManageServerFileCategories
  • BackupAllSafes
  • RestoreAllSafes

To apply specific authorizations to a mapping, the user must have the same authorizations.

Mandatory

No

Parameter

Location

Type

String

Description

The mapped users will be added under the specific Vault's location.

Mandatory

No

Parameter

Groups

Type

List of Strings

Description

The mapped users will be added to one or more built-in Vault's groups.

Mandatory

No

Parameter

UserActivityLogPeriod

Type

Number

Description

The number of days that activity records are stored for users in the current mapping before they can be deleted.

Valid values

1-3650

Result

 
{
"MappingName": "string",
"LDAPBranch": "string",
"DomainGroups": [
"string"
],
"MappingAuthorizations": [
1
],
"DirectoryMappingOrder": 0
}

 

Parameter

MappingID

Type

Int

Description

The UID of the specific mapping that was created.

Parameter

DirectoryMappingOrder

Type

Int

Description

The order of the Maps in the Directory Mapping window is the order in which the Maps are matched with users and groups from the External Directory to determine if they can be created in the Vault.

Parameter

MappingName

Type

String

Description

The unique name of the PAS role that will be created.

Parameter

LDAPBranch

Type

String

Description

The LDAP branch that will be used for external directory queries.

Parameter

DomainGroups

Type

String

Description

Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system.

Parameter

MappingAuthorization

Type

String

Description

The security attributes and authorizations that will be applied when an LDAP User Account is created in the Vault.

Parameter

Location

Type

String

Description

The specific Vault's location that the mapped users will be added under.

Parameter

Groups

Type

String

Description

The mapped users will be added to one or more built-in Vault's groups.

Return codes

For a complete list of return codes, see Return Codes.