Hi

I'm trying y´to use the group import REST api in ISVA 10.0.

The required JSON payload should be in the POST should be 
{
"admin_id":"sec_master",
"admin_pwd":"xxxxx",
"command":"group import group-DN LDAP-Group-CN"
}

This works fine -- until either the group-DN or the LDAP-GROUP-CN (most likely here) contains a space.

i.e "group import Finance-local cn=economy,ou=sales,o=Branch,dc=top" works fine with curl, wget and Java (httpclient)

but for the life of me I can't get it to work if
" group import Finance-all cn=economy,ou=sales,O=Head Office,dc=top"
unless I use the "Policy Administration" GUI.

"group Import Branch finance cn=economy,ou=sales,o=Branch,dc=top" is impossible (for me at least) to get working.

What should I use in the JSON payload to delimit strings in the command?

Thanks in advance

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Hi Anders,

I was able to get this to work by putting " around the field that has spaces in it.  This is how it is done on the command-line.
The " have to be escaped when using them in JSON so the command ends up looking like this:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":"group create test \"cn=test group,dc=ibm,dc=com\" test"
}

I was also able to get the command to work by switching to using ' as the string terminator in the JSON. In that case " doesn't have to be escaped:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":'group create test "cn=test group,dc=ibm,dc=com" test'
}

I hope this helps.  In case it matters, I was using Verify Access 10.0.0.1 for this test.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Mon November 09, 2020 12:25 PM
From: Anders Domeij
Subject: group import rest api question

Hi

I'm trying y´to use the group import REST api in ISVA 10.0.

The required JSON payload should be in the POST should be 
{
"admin_id":"sec_master",
"admin_pwd":"xxxxx",
"command":"group import group-DN LDAP-Group-CN"
}

This works fine -- until either the group-DN or the LDAP-GROUP-CN (most likely here) contains a space.

i.e "group import Finance-local cn=economy,ou=sales,o=Branch,dc=top" works fine with curl, wget and Java (httpclient)

but for the life of me I can't get it to work if
" group import Finance-all cn=economy,ou=sales,O=Head Office,dc=top"
unless I use the "Policy Administration" GUI.

"group Import Branch finance cn=economy,ou=sales,o=Branch,dc=top" is impossible (for me at least) to get working.

What should I use in the JSON payload to delimit strings in the command?

Thanks in advance

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Thanks John,

The 2nd option works for me too from the cmd-line with ISVA 10.0.
Now 'all' I have to do is to make it work in a bash script (prferably) or in Java.



Rgds

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Original Message:
Sent: Tue November 10, 2020 07:45 AM
From: Jon Harry
Subject: group import rest api question

Hi Anders,

I was able to get this to work by putting " around the field that has spaces in it.  This is how it is done on the command-line.
The " have to be escaped when using them in JSON so the command ends up looking like this:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":"group create test \"cn=test group,dc=ibm,dc=com\" test"
}

I was also able to get the command to work by switching to using ' as the string terminator in the JSON. In that case " doesn't have to be escaped:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":'group create test "cn=test group,dc=ibm,dc=com" test'
}

I hope this helps.  In case it matters, I was using Verify Access 10.0.0.1 for this test.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 09, 2020 12:25 PM
From: Anders Domeij
Subject: group import rest api question

Hi

I'm trying y´to use the group import REST api in ISVA 10.0.

The required JSON payload should be in the POST should be 
{
"admin_id":"sec_master",
"admin_pwd":"xxxxx",
"command":"group import group-DN LDAP-Group-CN"
}

This works fine -- until either the group-DN or the LDAP-GROUP-CN (most likely here) contains a space.

i.e "group import Finance-local cn=economy,ou=sales,o=Branch,dc=top" works fine with curl, wget and Java (httpclient)

but for the life of me I can't get it to work if
" group import Finance-all cn=economy,ou=sales,O=Head Office,dc=top"
unless I use the "Policy Administration" GUI.

"group Import Branch finance cn=economy,ou=sales,o=Branch,dc=top" is impossible (for me at least) to get working.

What should I use in the JSON payload to delimit strings in the command?

Thanks in advance

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Hi Jon,

I have a question related to this topic.
How many groups can be created within one JSON?
I need to create about 5,000 groups, including a description.
Or is there another way to create groups?

Thank you.
Peter

------------------------------
Petr Němec
------------------------------

Original Message:
Sent: Tue November 10, 2020 07:45 AM
From: Jon Harry
Subject: group import rest api question

Hi Anders,

I was able to get this to work by putting " around the field that has spaces in it.  This is how it is done on the command-line.
The " have to be escaped when using them in JSON so the command ends up looking like this:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":"group create test \"cn=test group,dc=ibm,dc=com\" test"
}

I was also able to get the command to work by switching to using ' as the string terminator in the JSON. In that case " doesn't have to be escaped:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":'group create test "cn=test group,dc=ibm,dc=com" test'
}

I hope this helps.  In case it matters, I was using Verify Access 10.0.0.1 for this test.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 09, 2020 12:25 PM
From: Anders Domeij
Subject: group import rest api question

Hi

I'm trying y´to use the group import REST api in ISVA 10.0.

The required JSON payload should be in the POST should be 
{
"admin_id":"sec_master",
"admin_pwd":"xxxxx",
"command":"group import group-DN LDAP-Group-CN"
}

This works fine -- until either the group-DN or the LDAP-GROUP-CN (most likely here) contains a space.

i.e "group import Finance-local cn=economy,ou=sales,o=Branch,dc=top" works fine with curl, wget and Java (httpclient)

but for the life of me I can't get it to work if
" group import Finance-all cn=economy,ou=sales,O=Head Office,dc=top"
unless I use the "Policy Administration" GUI.

"group Import Branch finance cn=economy,ou=sales,o=Branch,dc=top" is impossible (for me at least) to get working.

What should I use in the JSON payload to delimit strings in the command?

Thanks in advance

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Hi Jon,

I have a question related to this topic.
How many groups can be created within one JSON
I need to create about 5,000 groups including a description.
Or is there another way to create groups?

Thank you.
Peter

------------------------------
Petr Němec
------------------------------

Original Message:
Sent: Tue November 10, 2020 07:45 AM
From: Jon Harry
Subject: group import rest api question

Hi Anders,

I was able to get this to work by putting " around the field that has spaces in it.  This is how it is done on the command-line.
The " have to be escaped when using them in JSON so the command ends up looking like this:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":"group create test \"cn=test group,dc=ibm,dc=com\" test"
}

I was also able to get the command to work by switching to using ' as the string terminator in the JSON. In that case " doesn't have to be escaped:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":'group create test "cn=test group,dc=ibm,dc=com" test'
}

I hope this helps.  In case it matters, I was using Verify Access 10.0.0.1 for this test.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 09, 2020 12:25 PM
From: Anders Domeij
Subject: group import rest api question

Hi

I'm trying y´to use the group import REST api in ISVA 10.0.

The required JSON payload should be in the POST should be 
{
"admin_id":"sec_master",
"admin_pwd":"xxxxx",
"command":"group import group-DN LDAP-Group-CN"
}

This works fine -- until either the group-DN or the LDAP-GROUP-CN (most likely here) contains a space.

i.e "group import Finance-local cn=economy,ou=sales,o=Branch,dc=top" works fine with curl, wget and Java (httpclient)

but for the life of me I can't get it to work if
" group import Finance-all cn=economy,ou=sales,O=Head Office,dc=top"
unless I use the "Policy Administration" GUI.

"group Import Branch finance cn=economy,ou=sales,o=Branch,dc=top" is impossible (for me at least) to get working.

What should I use in the JSON payload to delimit strings in the command?

Thanks in advance

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Hi Petr,

5000 is not a huge number of objects so it is probably easiest to create via the PDADMIN REST API.

You should NOT make individual REST calls for each group - each one would have a connection overhead.  Instead, send a single request with an array of commands:

{
  "admin_id":"sec_master",
  "admin_pwd":"xxxxxx",
  "commands":[
    'group create test1 "cn=test1 group,dc=ibm,dc=com" test1',
    'group modify test1 description "this is group1"',
    'group create test2 "cn=test2 group,dc=ibm,dc=com" test2',
    'group modify test2 description "this is group2"',
    ...
  ]
}​

You can also configure Verify Access for SCIM which would allow you to create groups via SCIM calls to the runtime interface.  I don't know how the performance of that would be relative to the PDADMIN commands above.

For interest and completeness:

• For larger user/group operations, there is the Java "RegistryDirect" API.  This writes the required objects directly to LDAP.
• For very large user/group operations it can be better to generate an LDIF file and load directly to the LDAP server via ldapmodify command.
• For extremely large user/group operations (millions) it can be better to generate LDIF and then use directory-specific "bulkload" tools to ingest.  For IBM Directory Server (for example) this does things like turning off indexing and writing direct to the DB under the LDAP server.

I hope this helps,

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Tue March 09, 2021 06:24 PM
From: Petr Němec
Subject: group import rest api question

Hi Jon,

I have a question related to this topic.
How many groups can be created within one JSON
I need to create about 5,000 groups including a description.
Or is there another way to create groups?

Thank you.
Peter

------------------------------
Petr Němec

Original Message:
Sent: Tue November 10, 2020 07:45 AM
From: Jon Harry
Subject: group import rest api question

Hi Anders,

I was able to get this to work by putting " around the field that has spaces in it.  This is how it is done on the command-line.
The " have to be escaped when using them in JSON so the command ends up looking like this:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":"group create test \"cn=test group,dc=ibm,dc=com\" test"
}

I was also able to get the command to work by switching to using ' as the string terminator in the JSON. In that case " doesn't have to be escaped:

{
"admin_id":"sec_master",
"admin_pwd":"xxxxxx",
"commands":'group create test "cn=test group,dc=ibm,dc=com" test'
}

I hope this helps.  In case it matters, I was using Verify Access 10.0.0.1 for this test.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Mon November 09, 2020 12:25 PM
From: Anders Domeij
Subject: group import rest api question

Hi

I'm trying y´to use the group import REST api in ISVA 10.0.

The required JSON payload should be in the POST should be 
{
"admin_id":"sec_master",
"admin_pwd":"xxxxx",
"command":"group import group-DN LDAP-Group-CN"
}

This works fine -- until either the group-DN or the LDAP-GROUP-CN (most likely here) contains a space.

i.e "group import Finance-local cn=economy,ou=sales,o=Branch,dc=top" works fine with curl, wget and Java (httpclient)

but for the life of me I can't get it to work if
" group import Finance-all cn=economy,ou=sales,O=Head Office,dc=top"
unless I use the "Policy Administration" GUI.

"group Import Branch finance cn=economy,ou=sales,o=Branch,dc=top" is impossible (for me at least) to get working.

What should I use in the JSON payload to delimit strings in the command?

Thanks in advance

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------