LDAP

To get the list of defined LDAPs, use the following command:

./iem get ldapdirectories

The command returns the list of LDAP in XML format as follows:

<?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xsi:noNamespaceSchemaLocation="BESAPI.xsd">
    <LDAPDirectory Resource=" https://nc125058.romelab.it.ibm.com:52311
                                    /ldapdirectory/34">
          <ID>34</ID>
          <Name>AD</Name>
          <IsActiveDirectory>true</IsActiveDirectory>
          <IsGlobalCatalog>true</IsGlobalCatalog>
          <UseSSL>false</UseSSL>
          <BaseDN>DC=tem,DC=test,DC=com</BaseDN>
          <UIDAttribute>userPrincipalName</UIDAttribute>
          <UserFilter>(objectCategory=user)</UserFilter>
          <GroupFilter><![CDATA[(&(objectCategory=group)
                 (groupType:1.2.840.113556.1.4.803:=2147483648))]]></GroupFilter>
          <User>TEM\Administrator</User>
          <Servers>
            <Server>
                <Host>10.43.5.20</Host>
                <Port>3268</Port>
                <Priority>0</Priority>
            </Server>
          </Servers>
    </LDAPDirectory>

To create a new LDAP, use the same XML syntax as ./iem get ldapdirectories and add the following row after the User row in the XML file:

<Password>MyLDAP-Password</Password>

Then create the new LDAP with the following command:

./iem post MyLDAP.xml ldapdirectories

To get the configuration data of a specific LDAP having its ID (in the current example ID=34) run the following command:

./iem get ldapdirectory/34

The command returns the LDAP configuration in XML format as follows:

<?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                   xsi:noNamespaceSchemaLocation="BESAPI.xsd">
      <LDAPDirectory Resource="https://nc125058.romelab.it.ibm.com:52311
                                    /ldapdirectory/34">
             <ID>34</ID>
             <Name>AD</Name>
             <IsActiveDirectory>true</IsActiveDirectory>
             <IsGlobalCatalog>true</IsGlobalCatalog>
             <UseSSL>false</UseSSL>
             <BaseDN>DC=tem,DC=test,DC=com</BaseDN>
             <UIDAttribute>userPrincipalName</UIDAttribute>
             <UserFilter>(objectCategory=user)</UserFilter>
             <GroupFilter><![CDATA[(&(objectCategory=group)
                (groupType:1.2.840.113556.1.4.803:=2147483648))]]></GroupFilter>
             <User>TEM\Administrator</User>
             <Servers>
                     <Server>
                            <Host>10.43.5.20</Host>
                            <Port>3268</Port>
                            <Priority>0</Priority>
                    </Server>
             </Servers>
      </LDAPDirectory>

To remove a specific LDAP having its ID (in the current example ID=34) run the following command:

./iem delete ldapdirectory/34

To convert a local operator into an LDAP operator, run the following command:

   BESAdmin.exe /convertToLDAPOperators [/mappingFile:<file>]

where <file> is the mapping file containing the matching between Windows local operators and LDAP operators. Each line of the file must contain the name of the user to convert, followed by a tab and the name of the user in LDAP or Active Directory. The LDAP name must have the same format used to log into the console, such as domain\user, user@domain, or user. If the file is not available, BESAdmin converts all local users assuming their name in LDAP or Active Directory is the same as their local user name.