This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK

uCMDB Rest API to work with LDAP accounts

Idea ID 1645125

uCMDB Rest API to work with LDAP accounts

Status: Already Offered Submitted by Lieutenant Commander on ‎2018-05-05 00:03

Due to security within the company, we need to be able to use the UCMDB API with AD Authenticated ids, and not local ids only in order to execute the UCMDB API. This appears to be not capable at this time and only works with local accounts. 
We are embarking on significant use of the UCMDB API for a variety of use cases and security does not allow us to use local accounts for such matters.

Labels
Tags (1)
9 Comments
David Gallant
Cadet 3rd Class Cadet 3rd Class
Cadet 3rd Class
‎2018-05-07 16:31
‎2018-05-07 16:31

I think this is a necessary set of functionality to control use and adoption at any company, big or small.   Most corporations do not allow from a security perspective non-AD accounts in order to manipulate, show, or use data so this is critical for those types of companies 

doronorbach
Commodore
Commodore
‎2018-05-08 18:20
‎2018-05-08 18:20
Status changed to: Waiting for Votes

The idea has received an initial review to ensure adherence to our idea submission and community guidelines. We ask the community to help prioritize the idea with comments and community support (votes/kudos).

DominikB
Lieutenant Commander
Lieutenant Commander
‎2018-05-24 15:01
‎2018-05-24 15:01

I think this is a very important and basic feature. This should have been part of the REST API from the beginning. Also I find it nowhere in the documentation that there is this limitation...

doronorbach
Commodore
Commodore
‎2018-05-30 16:02
‎2018-05-30 16:02
Status changed to: Under Consideration

Thank you for the contribution. We will review the available options to implement in a future release.

doronorbach
Commodore
Commodore
‎2018-06-06 16:50
‎2018-06-06 16:50

As I learnt today  UCMDB SDK and REST API are working with LDAP users.

 you will need also set the user repository in order to improve the performance.

 Example:

SDK:

private static final String USER_NAME = "*****";
private static final String PASSWORD = "****";
private static final String USER_REPOSITORY = "myd-vm05190.hpswlabs.adapps.hp.com";
/**
* Creates a UCMDB SDK connection.
*
* @return UcmdbService object with all of the available services
* @throws java.net.MalformedURLException in case of a wrong host/protocol/port input
*/
public static UcmdbService createSDKConnection() throws MalformedURLException {
    //Creating a service provider for a given UCMDB server address
    UcmdbServiceProvider serviceProvider = UcmdbServiceFactory.getServiceProvider(PROTOCOL, HOST, PORT);
    //Creating a client context according to the name of this integration (for auditing)
    ClientContext clientContext = serviceProvider.createClientContext("MyAppName");
    //Creating the credentials for authentication
    Credentials credentials = serviceProvider.createCredentials(USER_NAME, PASSWORD, USER_REPOSITORY);
    // Creating the connection object
    return serviceProvider.connect(credentials, clientContext);
}

 

REST:

POST HTTPS Request on URL: https://<UCMDBServer>:8443/rest-api/authenticate

{

                "username":"****",

                "password":"****",

                "repository": "myd-vm05190.hpswlabs.adapps.hp.com",

                "clientContext": 1

}

 

If the LDAP URL is:

ldap://myd-vm05190.hpswlabs.adapps.hp.com:20507/ou=UCMDBOrganization,dc=hpswlabs,dc=adapps,dc=hp,dc=com

 

The repository for users is: myd-vm05190.hpswlabs.adapps.hp.com

SKAZAL_
Commodore
Commodore
‎2018-06-06 17:37
‎2018-06-06 17:37

Is this version dependent?

doronorbach
Commodore
Commodore
‎2018-06-07 13:52
‎2018-06-07 13:52

10.31+

doronorbach
Commodore
Commodore
‎2018-06-07 13:57
‎2018-06-07 13:57
Status changed to: Already Offered

As we do provide this functionality, please let us know if this is not working as required.

RichardS
Lieutenant Commander Lieutenant Commander
Lieutenant Commander
‎2018-08-24 10:19
‎2018-08-24 10:19
Our security standards also need LDAP authentication to use the Rest API. We have a number of requirements that cannot currently be delivered. We've tested with a UCMDB managed account and the API delivers what is required. We're just not allowed to deploy in Production.
Most "Liked" Contributors
View All ≫
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.