RiskMinder Web Services Developer's Guide › Managing Organizations › Fetching Directory Service Attributes
Fetching Directory Service Attributes
The listRepositoryAttributes operation is used to fetch the directory service user attributes that are mapped to RiskMinder-supported user attributes.
This section walks you through the following steps for fetching the user attributes that the directory service supports:
- Preparing the Request Message
- Invoking the Web Service
- Interpreting the Response Message
Preparing the Request Message
The listRepositoryAttributesRequest message is used to fetch directory service user attributes that are mapped to RiskMinder-supported user attributes. The following table lists the elements of this request message.
|
Element
|
Mandatory
|
Description
|
|
repositoryType
|
Yes
|
The directory service where the user information resides:
- ARUSER: For organizations that are created in the RiskMinder database.
- LDAP: For organizations that are mapped with LDAP repository.
|
|
ldapDetails
|
No
|
The details of the directory service where the user information is available:
- host
The host name of the system where your directory service is available.
- port
The port number at which the directory service is listening.
- schemaName
The LDAP schema used by the directory service. This schema specifies the types of objects that a directory service can contain, and specifies the mandatory and optional attributes of each object type.
Typically, the schema name for Active Directory is user and for SunOne Directory, it is inetorgperson.
- baseDN
The name-value key pairs of the base Distinguished Name (DN) of the directory service. This value indicates the starting node in the LDAP hierarchy to search in the directory service.
For example, to search or retrieve a user with a DN of cn=rob laurie, ou=sunnyvale, o=arcot, c=us, you must specify the base DN as the following:
ou=sunnyvale, o=arcot, c=us
Typically, these values are case sensitive and search all sub-nodes under the specified base DN.
|
|
connectionCredential
|
No
|
The information required to connect to the directory service:
- ssl
The type of connection that has to be established with the directory service:
– TCP: Indicates that the directory service will listen to incoming requests on TCP.
\xE2\x80\x93 1WAY: Indicates that the directory service will listen to incoming requests on one-way SSL.
– 2WAY: Indicates that the directory service will listen to incoming requests on two-way SSL.
- loginName
The complete distinguished name of the LDAP repository user who has the privilege to log in to the repository sever and manage the base DN.
For example,
uid=gt,dc=arcot,dc=com
- loginPassword
The password of the user provided in loginName.
- (Optional) serverTrustCert
The base64-encoded trusted root certificate of the server that issued the SSL certificate to the directory service.
This parameter is required only if ssl is set to 1WAY or 2WAY.
- (Optional) clientKeyStore
The password for the client key store and the base64-encoded root certificate of UDS.
This parameter required only if ssl is set to 2WAY.
|
|
redirectSearchSchema
|
No
|
The schema to be used to search for the values whose attributes are in a different node.
|
|
redirectSearchAttribute
|
No
|
The value of the attribute to be searched in the redirectSearchSchema.
|
|
clientTxId
|
No
|
Unique transaction identifier that your calling application can include. This identifier helps in tracking the related transactions.
|
Invoking the Web Service
To fetch the user attributes:
- (Optional) Include the authentication and authorization details in the header of the listRepositoryAttributes operation. See "Managing Web Services Security" for more information on the header elements.
- Use the listRepositoryAttributesRequest elements to set the directory service information, as listed in the table.
- Use the listRepositoryAttributesRequest message and construct the input message by using the details specified in the preceding step.
- Invoke the listRepositoryAttributes operation of the ArcorUserRegistryMgmtSvc service to fetch the user attributes.
This operation returns the listRepositoryAttributesResponse message that includes the transaction identifier, authentication token, and user attributes. See the following section for more information on the response message.
Interpreting the Response Message
The response message, listRepositoryAttributesResponse, returns the transaction identifier and the authentication token in the SOAP envelope header. The SOAP body includes the user attributes for a successful transaction and the Fault response for an error condition.
See the following table for more information on the elements returned for a successful transaction. Refer to appendix, "Exceptions and Error Codes" if there are any errors.
|
|
|
|
Element
|
Description
|
|
Header Elements
|
|
udsTransactionID
|
The unique identifier of the transaction performed by using UDS.
|
|
authToken
|
The authentication token that is returned if the credential verification to access the Web service was successful. This token eliminates the need for you to present the authentication credential for successive access to the Web service.
By default, the authentication token is valid for one day, after which you need to authenticate again.
|
|
Body Elements
|
|
The user attributes used to store user information.
|
Copyright © 2013 CA.
All rights reserved.
|
|