A user is a child object of a domain or unit. A user belongs to a domain or unit, and only one domain or unit only. A user can belong to many groups, however. In a way, a group can be seen as one of the parents of a user.
Attribute | type | values | default | mandate | comment |
name | string | true | |||
attribute i | false | ||||
status | string | INACTIVE, | ACTIVE | ||
description | string | false | |||
domain | object | true | the domain it belongs to | ||
unit | object | false | The parent unit | ||
groups | coll | false | Associated groups | ||
roles | coll | false | Assigned roles | ||
tokens | coll | false | Assigned tokens | ||
tokenAssignments | coll | ||||
tempPasses | Coll<TempPass> | false | |||
qnas | coll | false | |||
siteStamps | coll | false | |||
images | coll | false | |||
certificates | Coll<UserCertificate> | ||||
lastLogin | date | ||||
radiusAttributes | coll | ||||
failCount | integer | 0 | |||
mustChangePassword | Boolean | False | |||
passwordNeverExpires | Boolean | False | |||
lastChangePassword | date |
Attribute | type | values | default | mandate | comment |
subjectDn | string | readOnly | |||
serialNumber | integer | readOnly | |||
signature | string | readOnly | |||
issuerDn | string | readOnly | |||
startDate | date | readOnly | |||
expiryDate | date | readOnly | |||
certificatePem | string | readOnly |
To create a new user, we must specify the name of the user and its parent: either a domain or a unit. On success, the method always returns the internal user id of the newly created user.
{
"attrs":
{
"domain.id": "parent domain id",
"loginName": "the login name",
"password": "the password",
"email": "the email",
...
}
} |
{
"error":0,
"result":{"id":"the id of the newly created user"}
} |
Examples:
Search users in a domain
{
"match":
[
[domain.id", "=", "domain id 1"],
],
"return":["id", "loginName", "email"],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
} |
{
"error":0,
"result":
[
{
"id":"user id 1",
"loginName":"John Smith",
"email": "john.smith@acme.com"
},
{
"id":"user id 2",
"loginName":"Alice Smith",
"email": "alice.smith@acme.com"
},
...
]
} |
Search users in a unit
{
"match":
[
[unit.id", "=", "unit id 1"],
],
"return":["id", "loginName", "email"],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
} |
{
"error":0,
"result":
[
{
"id":"user id 1",
"loginName":"John Smith",
"email": "john.smith@acme.com"
},
{
"id":"user id 3",
"loginName":"Bob Smith",
"email": "bob.smith@acme.com"
},
...
]
} |
Search users in a group
{
"match":
[
[group.id", "=", "group id 1"],
],
"return":["id", "loginName", "email"],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
} |
{
"error":0,
"result":
[
{
"id":"user id 1",
"loginName":"John Smith",
"email": "john.smith@acme.com"
},
{
"id":"user id 3",
"loginName":"Bob Smith",
"email": "bob.smith@acme.com"
},
...
]
} |
Method:/user/get
Parameters:
\{
"match":
\[
\["id", "=", 2\],
\],
"return":\["name", "id"\],
\}
Response:
\{
"error":0,
"result":
\{
"name":"Joe Blog",
"id":"2",
\}
\} |
Method:/user/set
Parameters:
{
"id":1,
"attrs":{"email":"john.smith@acme.com"}
}
Response:
{
"error":0
}
Method:/user/delete
Parameters:
{
"id":1
}
Response:
{
"error":0
}
Other methods:
Unit
Group
Method: /user/joinGroup
Parameters:
\{
"user":\{"id":1\},
"groups:
\[
\{"id":5\},
\{"id":6\},
\{"id":7\}
\],
"action":"join | unjoin"
\}
Response:
\{
"error":0
\}
\\
\\
+Role+ |
Token
Method: /user/assignToken
Assign an existing token
Parameters:
{
"user":{
"id":1,
"domain.id":domainId,
"loginName":loginName
},
"token:{
"id":5,
"product.manufactureCode":mc,
"product.productCode":pc,
"serial":xxx,
},
"credential":{ // optional
"otp":xxxx
},
"autoAssign":true|false,
"action":"assign | unassign",
"isOwner":true | false,
"starts":xxx,
"expires":xxx,
"usageLimit":50,
"status":"active | inactive | disabled",
"pin":"the token pin"
}
Response:
{
"error":0,
"id":tokenAssignmentId
}
Method: /user/assignToken
Assign an existing token
Parameters:
{
"id":"user id",
"attrs":
{
"password":"new password",
"userMustChangePassword":true|false
},
}
Response:
{
"error":0
}
Examples:
Method:/user/getMessageTemplate
Parameters:
{
"user":
{
"domain.name":"xxx"
"loginName":"abc"
},
"templateItemName":"SMTP_OTP"
}
Response:
{
"error":0,
"result":"template in json string"
}
\\
+Examples:+
Method:/user/ listProvisioningUrls
\\
Parameters:
\{
"user":
\{
"domain.name":"xxx"
"loginName":"abc"
\}
\}
Response:
\{
"error":0,
"result":
\{
"total":2,
"rows":
\[
"[http://provioning.deepnetsecurity.local:8072|http://provioning.deepnetsecurity.local:8072]",
"http://provioning2.deepnetsecurity.local:8073"
\]
\}
\}
\\ |
This method is a task running in the background
Examples:
Method:/user/import
Parameters:
{
"attrs":
{
"format":"csv or xml",
"data":"...",
"charset":"UTF-8"// optional
}
}
Response:
{
"error":0
}
Method:/user/issueCertificate
Parameters:
{
"user":
{
"loginName":"xxx",
"domain.Name":"somedomain"
},
"csr":"csr data"
"return":
{
"id", "subjectDn"
}
}
Response:
{
"error":0
}
Method:/user/importCertificate
Parameters:
{
"user":
{
"loginName":"xxx",
"domain.Name":"somedomain"
},
"certificate":
{
"data":"..." //PEM format
},
"return":
{
"id", "subjectDn"
}
}
Response:
{
"error":0
}
Method:/user/deleteCertificate
Parameters:
{
"user":
{
"loginName":"xxx",
"domain.Name":"somedomain"
},
"certificate":
{
"id":"cert id"
}
}
Response:
{
"error":0
}
+Examples:+
Method:/user/getPolicy
Parameters:
\{
"user":
\{
"loginName":"login name",
"domain.id":domainid
\},
"category":
\{
"name":"logon"
\},
"return":\["name", "id","options"\]
\}
Response:
\{
"error":0,
"result":
\{
"id":"1",
"name":"System logon policy",
"options":
\{
"key":"value",
...
\}
\}
\}
\\
\\
\\ |