Symantec Access Management

  • Private Community
 View Only

  • 1.  CA Directory - enroll new users  and update existing users

    Posted Oct 29, 2017 03:38 PM

    How to integrate CA Directory with a web a (Java) web application to insert new user details as part of enrollment and update existing users details such as password, email address ? Does CA directory provide any APIs to do this ?



  • 2.  Re: CA Directory - enroll new users  and update existing users

    Posted Oct 29, 2017 11:01 PM

    I don't think there are any API at the moment. But there is a likelihood. Product Management would be better suited to suggest.

     

    However the tasks that are listed can be very easily automated and scripted.

     

     

    Regards

     

    Hubert.



  • 3.  Re: CA Directory - enroll new users  and update existing users

    Posted Oct 30, 2017 07:17 PM

    Thank you Hubert

     

    Surprisingly I cannot find any details around how to insert/update user entries in CA directory thru application. We don't have 'existing' users i.e. cannot import users using LDIF.

     

    As CA Directory is LDAP, can we not use direct LDAP APIs such as Spring LDAP ?



  • 4.  Re: CA Directory - enroll new users  and update existing users
    Best Answer

    Posted Oct 30, 2017 09:52 PM

    CA Directory does provide tools for administration. One such tool is "dxmodify". dxmodify is used if we need to edit entries from CA Directory Server itself. We have CA Directory tools called "DXTools" which can be used by Directory Admins to Manage CA Directory..

     

    However from a client perspective, a Client making LDAP calls should be able to search / add / modify / delete attributes.

     

    Example : This a search I am running against a CA Directory running as a Policy Store using two tools i.e. One is a LDAP Client and other is from CA Directory Server using DXTools (dxsearch).

     

    LDAP ClientDX Tools (from CA Directory Server)
    ldapsearch -h cadir-ssodemo.ca.com -p 7771 -b "o=ca,c=us" -D "cn=smadmin,ou=admins,o=ca,c=us" -w - '(&(objectclass=smagent5)(cn=wa_test))' smAgentOID4

    dxsearch -h cadir-ssodemo.ca.com -p 7771 -b "o=ca,c=us" -D "cn=smadmin,ou=admins,o=ca,c=us" -W '(&(objectclass=smagent5)(cn=wa_test))' smAgentOID4

     

     

    Thus as long as the Client is making legit LDAP Read / Write calls and CA Directory has the underlying schematics defined correctly, this should work fine.

     

    Here is more reference material on "Connecting to Directory using LDAP".

     

    Regards

    Hubert



  • 5.  Re: CA Directory - enroll new users  and update existing users

    Posted Nov 08, 2017 09:45 PM

    The access protocol for CA Directory is LDAP, this is a protocol rather than an API. There are a number of SDKs that provide this access but these are maintained externally to CA Directory.

     

    Here is a list, not sure why they are referred to as API's as they are really SDKs that provide LDAP access : LDAP Java API — Apache Directory 

     

    We have had requests for a data API as well as LDAP support for simpler integration with newer applications that a RESTful API-based. We are currently working on a SCIMv2.0 offering in our next release which will provide basic CRUD operations.