Get directory details

This method returns all the details of a specific directory in the Vault. Each directory will be returned with its own data.

To run this web service, the user must be a member of the Vault Admins group and have the following permission:

  • Audit Users

URL

 

https://<IIS_Server_Ip>/PasswordVault/api/Configuration/LDAP/Directories/{id}/
 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

Resource information

HTTP method

Content type

GET

application/json

Header parameter

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64.

Type: String

Mandatory: Yes

Default value: None

URL parameter

Parameter

Description

id

The unique ID of the directory.

Type: String

Mandatory: Yes

Default value: None

 

Make sure you add '/' at the end of the URL of this web service.

Body parameters

None.

Result

Parameter

Description

directoryType

The name of the directory profile file that represents the profile the Vault should use when working with the specified LDAP directory.

Taken from a list of predefined directory profiles.

Specify an .INI file, including the extension. For example, MicrosoftADProfile.ini.

Mandatory: Yes

Type: String

domainName

The address of the domain.

Mandatory: Yes

Type: String

bindUsername

The full Distinguished Name of the Bind user. For Microsoft Active Directory, you can specify the Windows user name instead of the full Distinguished Name. This user must be a member of the same AD Domain group(s) as the external users and groups that will be defined in the Vault.

Mandatory: Yes

Type: String

bindPassword

The password for the user specified in the Bind User field.

Mandatory: Yes

Type: String

hostAddresses

The list of IP addresses of the host server/s where the external directories exist.

If the Vaultuses an SSL connection to connect to the external directory, this name must match the subject that appears in the directory certificate.

Mandatory: Yes

Type: String

domainBaseContext

The base context of the external directory.

Mandatory: Yes

Type: String

Port

The port used to access the specified server.

Standard ports:

  • For SSL LDAP connections - 636

  • For non-SSL LDAP connections - 389

Mandatory: Yes

Type: Integer

sslConnect

Whether or not to connect to the external directory with SSL.

Mandatory: Yes

Type: Boolean

ldapDirectoryName

The name of the LDAP directory where users and groups are listed.

 

After external users and groups from this directory have been created inthe Vault, this parameter must not be changed.

Mandatory: Yes

Type: String

ldapDirectoryQueryOrder

The order in which the Vault searches directories for users before creating a corresponding user account or group in the Vault.

Mandatory: Yes

Type: Integer

ldapDirectoryDescription

A short description of the LDAP directory.

Mandatory: Yes

Type: String

vaultObjectNamesPrefix

The text that is used as a prefix for external users and groups in the Vault created from the specified directory.

This parameter is ignored if the AddDomainToUserName parameter is set to True.

Mandatory: No

Type: String

passwordObjectPath

The location of the bind password in the Vault Internal Safe.

Mandatory: Yes

Type: String

ldapDirectoryGroupsBaseContext

The base context that is used for external directory queries for groups only.

Mandatory: No

Type: String

ldapDirectoryUsage

Whether you can create external objects from this external directory, browse it, authenticate users, or do all three.

Possible values: ClientBrowsing, ExternalObjectsCreation, Authentication.

The user is able to set one value, or multiple values separated by comma.

Mandatory: Yes

Type: String

referralsChasingHopLimit

The number of recursive LDAP referrals that are chased.

Mandatory: Yes

Default value: -1

Type: Integer

requireReferredDirectoryDefinition

Whether or not LDAP referrals are supported when an external directory parameter has been defined in the Vault for the referred directory.

Mandatory: Yes

Default value: No

Type: Boolean

appendFriendlyDomainNameToGroup

Whether or not to add active directory domain names to the group names provisioned by the Vault.

 

If you enable this parameter, you must ensure that the AddDomainToUserName parameter is disabled.

Mandatory: Yes

Type: Boolean

referralsDNSLookup

Enables referrals to be specified as domain names.

 

 If this parameter is not enabled, in an SSL or High-availabilty implementation, a directory file must be created for each domain that will be supported by the Vault. The domain name specified in each parameter file must be mapped in the DomainDNSName parameter in the referred directory. In addition, each referral directory must be defined in the Windows\System32\Etc\Hosts file.

Mandatory: Yes

Default value: False

Type: Boolean

disableUserEnumeration

If set to True, prevents enumerating users from the directory for Safe ownership lockups.

Mandatory: Yes

Type: Boolean

additionalQueryFilterOptimize

Run an additional query filter for a specific user.

Mandatory: Yes

Type: Boolean

clientBrowsing

Whether or not to use this directory for PKI certificate browsing.

Mandatory: Yes

Type: Boolean

externalObjectsCreation

Whether or not to use this directory for user provisioning.

Mandatory: Yes

Type: Boolean

authentication

Whether or not to use this directory for authentication.

Mandatory: Yes

Type: Boolean

useLDAPCertificatesOnly

Determines whether the user certificate domain name can be set manually, or taken from the directory.

Mandatory: Yes

Type: Boolean

disablePaging

Determines whether or not to use page mode search while searching in the LDAP directory.

Mandatory: No

Type: Boolean

provisionDisabledUsers

Whether or not LDAP disabled users are created in the Vault.

Mandatory: Yes

Type: Boolean

dcList (A list of host servers for External Directory)

Parameter

Description

Name

The name of the server where the external directory is installed.

Type: String

Port

The port through which the external directory is accessed.

Type: Integer

SSLConnect

Whether or not to connect to the external directory using SSL.

Type: Boolean

Return codes

For a complete list of return codes, see Return Codes.