Edit directory mapping

This method edits an existing directory mapping.

To run this web service, the user must be a member of the Vault Admins group and have the following permissions:

  • Audit users

  • Add/Update users

  • Manage Directory Mapping

URL

 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

 

https://<IIS_Server_Ip>/PasswordVault/api/Configuration/LDAP/Directories/{DomainName}/Mappings/{id}

The following mandatory value is required in the URL:

Parameter

DomainName

Type

String

Description

The URL of the domain.

Parameter

id

Type

Integer

Description

Unique ID of the directory mapping

Resource Information

HTTP method

PUT

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The token that identifies the session.

Valid values

A session token that was returned from the “Logon” method, encoded in BASE 64.

Body parameters

 
{
"LDAPBranch": "string",
"MappingAuthorizations": [
],
"MappingName": "string",
"LDAPQuery": "string",
"DomainGroups": [
"string"
],
"UserActivityLogPeriod": <1-3650>
}

 

Parameter

mappingName (mandatory)

Type

String

Description

The name of the PAS role.
For example: Vault Admins, Safe Managers.

Valid values

Body

Parameter

ldapBranch (mandatory)

Type

String

Description

The LDAP branch that is used for external directory queries.

Valid values

Body

Parameter

ldapQuery

Type

String

Description

The filter that will be applied to the users in the specified branch to ensure that only certain users will have access to the Vault

Valid values

Body

Parameter

domainGroups

Type

List of Strings

Description

Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system.

Valid values

Body

Parameter

mappingAuthorization

Type

List of Strings

Description

The security attributes and permissions that are applied when an LDAP user account is created in the Vault.

Possible permissions :

  • AddSafes

  • AuditUsers

  • AddUpdateUsers

  • ResetUsersPasswords

  • ActivateUsers

  • AddNetworkAreas

  • ManageServerFileCategories

  • BackupAllSafes

  • RestoreAllSafes

To apply specific permissions to a mapping, the user must have the same permissions.

Valid values

Body

Parameter

UserActivityLogPeriod

Type

Number

Description

The number of days that activity records are stored for users in the current mapping before they can be deleted.

Valid values

1-3650

Result

 
{
"LDAPBranch": "string",
"VaultGroups": [
"string"
],
"MappingAuthorizations": [
"AddUpdateUsers"
],
"Location": "string",
"AuthenticationMethod": [
"AuthTypePass"
],
"UserType": "string",
"DisableUser": true,
"UserActivityLogPeriod": 0,
"UserExpiration": 0,
"LogonFromHour": 0,
"LogonToHour": 0,
"MappingID": 0,
"DirectoryMappingOrder": 0,
"MappingName": "string",
"LDAPQuery": "string",
"DomainGroups": [
"string"
]
}

 

Parameter

authenticationMethod

Type

String

Description

The authentication method used by users created by this map to log onto the Vault.

Parameter

userExpiration

Type

Integer

Description

The date in Unix time after which user accounts in the current mapping are no longer accessible. '0' (zero) indicates never.

Parameter

userType

Type

String

Description

The interfaces that users in the current mapping can use to access the Vault.
This is only available to users with "Add/Update users" permissions.

Parameter

ldapBranch

Type

String

Description

The LDAP branch that is used for external directory queries.

Parameter

userActivityLogPeriod

Type

Integer

Description

The number of days that activity records for users in the current mapping are stored before they can be deleted.

Parameter

directoryMappingOrder

Type

Integer

Description

The order of the Maps in the Directory Mapping window is the order in which the Maps are matched with users and groups from the External Directory to determin if they can be created in the Vault.

Parameter

mappingAuthorization

Type

String

Description

Security attributes and permissions that are applied when LDAP user accounts in the current mapping are created in the Vault.

For example: mappingAuthorization: AddSafes , AddUpdateUsers , ActivateUsers

Parameter

location

Type

String

Description

The Vault location where users in the current mapping are added.

Parameter

mappingID

Type

Integer

Description

The UID of the specific mapping being updated.

Parameter

mappingName

Type

String

Description

The unique name of the PAS role being updated.

Parameter

ldapQuery

Type

String

Description

Filter applied to users in the specified branch to ensure that only certain users will have access to the Vault.

Parameter

domainGroups

Type

String

Description

Users who belong to these LDAP groups will be automatically assigned to the relevant roles in the PAS system.

Parameter

disableUser

Type

Boolean

Description

Whether or not users in the current mapping are temporarily inaccessible.

Parameter

logonFromHour

Type

Integer

Description

The time from when users in the current mapping can log onto the Vault. If this parameter is not returned, users can log onto the Vault at any time.

Parameter

logonToHour

Type

Integer

Description

The time until when users in the current mapping can log onto the Vault. If this parameter is not returned, users can log onto the Vault at any time.

Return Codes

For a complete list of return codes, see Return Codes.