Web Services to set LDAP attirbutes for an Organization

Document ID : KB000123215
Last Modified Date : 20/12/2018
Show Technical Document Details
Introduction:
1. In the example as depicted by the screenshot below the already mapped attributes are 

a. EMAILADDR=mail
b. USERNAME=uid 
c. FNAME=cn 


User-added image

2. Say we need to map a new attribute - TELEPHONENUMER=telephoneNumber and retain all the mapped attributes that exist., then the request will look like this: 

SOAP Request 
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:msgs="http://ws.arcot.com/ArcotUserRegistryMgmtSvc/1.0/msgs" xmlns:ns="http://ws.arcot.com/UserSchema/1.0">
   <soap:Header/>
   <soap:Body>
      <msgs:updateOrgRequest>
         <orgName>LDAP ORGANIZATION</orgName>
         <repositoryDetails repositoryType="LDAP">
            <!--Optional:-->
            <ns:ldapDetails>
               <ns:host>sudaw01-u160488.ca.com</ns:host>
               <ns:port>4567</ns:port>
               <ns:schemaName>inetorgperson</ns:schemaName>
               <ns:baseDN>
                  <!--1 or more repetitions:-->
                  <ns:dnEntry name="dc" value="ca"></ns:dnEntry>
                  <ns:dnEntry name="dc" value="com"></ns:dnEntry>
               </ns:baseDN>
               <ns:connectionCredential ssl="NONE">
                  <ns:loginName>cn=admin,dc=ca,dc=com</ns:loginName>
                  <ns:loginPassword>examplepwd</ns:loginPassword>
               </ns:connectionCredential>
            </ns:ldapDetails>
         </repositoryDetails>
         <!--Optional:-->
         <mappingDetails>
            <!--1 or more repetitions:-->
            <ns:mapping repositoryattribute="telephoneNumber" arcotattribute="TELEPHONENUMBER"></ns:mapping> 
            <ns:mapping repositoryattribute="mail" arcotattribute="EMAILADDR"></ns:mapping>
            <ns:mapping repositoryattribute="cn" arcotattribute="FNAME"></ns:mapping>

         </mappingDetails>
      </msgs:updateOrgRequest>
   </soap:Body>
</soap:Envelope>

Soap Response
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header>
      <udsTransactionID xmlns="http://ws.arcot.com/UDSTransaction/1.0">97a85a04-5126-40cc-8130-66f9f0392db8</udsTransactionID>
      <authToken xmlns="http://ws.arcot.com/UDSTransaction/1.0"/>
   </soapenv:Header>
   <soapenv:Body>
      <ns2:updateOrgResponse xmlns:ns2="http://ws.arcot.com/ArcotUserRegistryMgmtSvc/1.0/msgs">
         <return>
            <ns1:message xmlns:ns1="http://ws.arcot.com/UserSchema/1.0">The operation was successful!</ns1:message>
         </return>
      </ns2:updateOrgResponse>
   </soapenv:Body>
</soapenv:Envelope>

*** Note that the update replaces existing set of attributes with the new set of attributes. Hence to maintain all all existing mapped attributes all attributes will have to be provided in the request except "USERNAME=uid" (which is a primary attribute and is retained).Review the bold text in "mappingDetails" section for the attributes provided in this example*** 

*** Note that post a successful request a UDS cache refresh is required. A restart of UDS server will also serve to refresh the cache such that the newly mapped attributes will pull up in the Admin UI ****

Post cache refresh or post a UDS restart, the Global Admin UI screen below will show the newly mapped attributes as shown in the screen shot below: 

User-added image




 
Background:
Sometime a customer may need to dynamically (via a SOAP UI call or a Curl command) update the LDAP Oganization's mapping. This documents details the Web Service call and also shares the the response when the request is successful. 
Environment:
CA Strong Authentication Server/CA Risk Authentication Server/CA Strong Authentication Admin UI and UDS
Instructions:
A SOAP request like such will be needed for such an update and followed by a cache refresh or a UDS restart.  A more detailed example can be found in the "Introduction" section above. 

SOAP Request 
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" 
xmlns:msgs="http://ws.arcot.com/ArcotUserRegistryMgmtSvc/1.0/msgs" 
xmlns:ns="http://ws.arcot.com/UserSchema/1.0"> 
<soap:Header/> 
<soap:Body> 
<msgs:updateOrgRequest> 
<orgName>CADIR</orgName> 
<repositoryDetails repositoryType="LDAP"> 
<ns:ldapDetails> 
<ns:host>win2k12-cadir.ca.com</ns:host> 
<ns:port>1589</ns:port> 
<ns:schemaName>inetOrgPerson</ns:schemaName> 
<ns:baseDN> 
<ns:dnEntry name="o" value="caorg"></ns:dnEntry> 
<ns:dnEntry name="c" value="in"></ns:dnEntry> 
</ns:baseDN> 
<ns:connectionCredential ssl="NONE"> 
<ns:loginName>cn=cadiruser1,o=caorg,c=in</ns:loginName> 
<ns:loginPassword>examplepwd</ns:loginPassword> 
</ns:connectionCredential> 
</ns:ldapDetails> 
</repositoryDetails> 
<mappingDetails> 
<ns:mapping repositoryattribute="displayName" arcotattribute="LNAME"></ns:mapping> 
</mappingDetails> 
</msgs:updateOrgRequest> 
</soap:Body> 
</soap:Envelope> 

SOAP Response 
soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> 
<soapenv:Header> 
<udsTransactionID xmlns="http://ws.arcot.com/UDSTransaction/1.0">81ec2b4e-a4b8-4379-84ba-4ea436f6a3e8</udsTransactionID> 
<authToken xmlns="http://ws.arcot.com/UDSTransaction/1.0"/> 
</soapenv:Header> 
<soapenv:Body> 
<ns2:updateOrgResponse xmlns:ns2="http://ws.arcot.com/ArcotUserRegistryMgmtSvc/1.0/msgs"> 
<return> 
<ns1:message xmlns:ns1="http://ws.arcot.com/UserSchema/1.0">The operation was successful!</ns1:message> 
</return> 
</ns2:updateOrgResponse> 
</soapenv:Body> 
</soapenv:Envelope> 

 
Additional Information:
Here is a related documentation link to refer to. 

https://docops.ca.com/ca-advanced-authentication/9-0/en/building/ca-risk-authentication-web-services-developers-information/managing-organizations-for-ca-risk-authentication/updating-organizations