A user is a child object of a domain or unit. A user belongs to a domain or unit, and only one domain or unit only. A user can belong to many groups, however. In a way, a group can be seen as one of the parents of a user.

Attributes

Attribute	type	values	default	mandate	comment
name	string			true
attribute i				false
status	string	INACTIVE, ACTIVE, LOCKED, DISABLED	ACTIVE
description	string			false
domain	object			true	the domain it belongs to
unit	object			false	The parent unit
groups	coll			false	Associated groups
roles	coll			false	Assigned roles
tokens	coll			false	Assigned tokens
tokenAssignments	coll
tempPasses	Coll<TempPass>			false
qnas	coll			false
siteStamps	coll			false
images	coll			false
certificates	Coll<UserCertificate>
lastLogin	date
radiusAttributes	coll
failCount	integer		0
mustChangePassword	Boolean		False
passwordNeverExpires	Boolean		False
lastChangePassword	date

UserCertificate attributes

Attribute	type	values	default	mandate	comment
subjectDn	string				readOnly
serialNumber	integer				readOnly
signature	string				readOnly
issuerDn	string				readOnly
startDate	date				readOnly
expiryDate	date				readOnly
certificatePem	string				readOnly

/user/create

To create a new user, we must specify the name of the user and its parent: either a domain or a user. On success, the method always returns the internal user id of the newly created user.
Parameters:
{
"attrs":{list of attribute value pairs}
}
Response:
{
"error":0,
"result":{"id":the id of the newly created user}
}
Examples:

Creating a user by specifying its parent domain.

Method:/user/create
Parameters:
{
"attrs":
{
"name":"John Smith",
"domain":2
}
}
Response: {"error":0, "result":{"id":1}}

Creating a user specifying its parent unit.

Method:/user/create
Parameters:
{
"attrs":
{
"name":"Joe Blog",
"unit":1
}
}
Response: {"error":0, "result":{"id":2}}

Creating a user with temppass

Method:/user/create
Parameters:
{
"attrs":
{
"name":"Joe Blog",
"unit":1,
"tempPass":
{
"password":"password",
"usageLimit":10
}
}
}
Response:{"error":0, "result":{"id":2}}

/user/search

Examples:

Searchusers in a domain

Method:/user/search
Parameters:
{
"match":
[
[domain.id", "=", "1"]
],
"return":["name", "id"],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
}
Response:
{
"error":0,
"result":
[
{
"name":"John Smith",
"id":"1",
},
{
...
}
]
}

Search users in a unit

Method:/user/search
Parameters:
{
"match":
[
[unit.id", "=", "2"]
],
"return":["name", "id"],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
}
Response:
{
"error":0,
"result":
[
{
"name":"Joe Blog",
"id":"2",
},
{
...
}
]
}

Search users in a group

Method:/user/search
Parameters:
{
"match":
[
[group.id", "=", "2"]
],
"return":["name", "id"],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
}
Response:
{
"error":0,
"result":
[
{
"name":"Joe Blog",
"id":"2",
},
{
...
}
]
}

/user/get

Method:/user/get
Parameters:
{
"match":
[
["id", "=", 2],
],
"return":["name", "id"],
}
Response:
{
"error":0,
"result":
{
"name":"Joe Blog",
"id":"2",
}
}

/user/set

Method:/user/set
Parameters:
{
"id":1,
"attrs":{"email":"john.smith@acme.com"}
}
Response:
{
"error":0
}

/user/delete

Method:/user/delete
Parameters:
{
"id":1
}
Response:
{
"error":0
}
Other methods:
Unit

moveUnit

Group

joinGroup(join/unjoin)

/user/joinGroup

Method: /user/joinGroup
Parameters:
{
"user":{"id":1},
"groups:
[
{"id":5},
{"id":6},
{"id":7}
],
"action":"join | unjoin"
}
Response:
{
"error":0
}

Role

assignRole(assign/unassign)

Token

assignToken(assign/unassign)

/user/assignToken

Method: /user/assignToken
Assign an existing token
Parameters:
{
"user":{
"id":1,
"domain.id":domainId,
"loginName":loginName
},
"token:{
"id":5,
"product.manufactureCode":mc,
"product.productCode":pc,
"serial":xxx,
},
"credential":{ // optional
"otp":xxxx
},
"autoAssign":true|false,
"action":"assign | unassign",
"isOwner":true | false,
"starts":xxx,
"expires":xxx,
"usageLimit":50,
"status":"active | inactive | disabled",
"pin":"the token pin"
}
Response:
{
"error":0,
"id":tokenAssignmentId
}

/user/resetPassword

Method: /user/assignToken
Assign an existing token
Parameters:
{
"id":"user id",
"attrs":
{
"password":"new password",
"userMustChangePassword":true|false
},
}
Response:
{
"error":0
}

/user/getMessageTemplate

Examples:
Method:/user/getMessageTemplate
Parameters:
{
"user":
{
"domain.name":"xxx"
"loginName":"abc"
},
"templateItemName":"SMTP_OTP"
}
Response:
{
"error":0,
"result":"template in json string"
}

/user/ listProvisioningUrls

Examples:
Method:/user/ listProvisioningUrls
Parameters:
{
"user":
{
"domain.name":"xxx"
"loginName":"abc"
}
}
Response:
{
"error":0,
"result":
{
"total":2,
"rows":
[
"http://provioning.deepnetsecurity.local:8072",
"http://provioning2.deepnetsecurity.local:8073"
]
}
}

/user/import

This method is a task running in the background
Examples:
Method:/user/import
Parameters:
{
"attrs":
{
"format":"csv or xml",
"data":"...",
"charset":"UTF-8"// optional
}
}
Response:
{
"error":0
}

/user/issueCertificate

Method:/user/issueCertificate
Parameters:
{
"user":
{
"loginName":"xxx",
"domain.Name":"somedomain"
},
"csr":"csr data"
"return":
{
"id", "subjectDn"
}
}
Response:
{
"error":0
}

/user/importCertificate

Method:/user/importCertificate
Parameters:
{
"user":
{
"loginName":"xxx",
"domain.Name":"somedomain"
},
"certificate":
{
"data":"..." //PEM format
},
"return":
{
"id", "subjectDn"
}
}
Response:
{
"error":0
}

/user/deleteCertificate

Method:/user/deleteCertificate
Parameters:
{
"user":
{
"loginName":"xxx",
"domain.Name":"somedomain"
},
"certificate":
{
"id":"cert id"
}
}
Response:
{
"error":0
}

/user/getPolicy

Examples:
Method:/user/getPolicy
Parameters:
{
"user":
{
"loginName":"login name",
"domain.id":domainid
},
"category":
{
"name":"logon"
},
"return":["name", "id","options"]
}
Response:
{
"error":0,
"result":
{
"id":"1",
"name":"System logon policy",
"options":
{
"key":"value",
...
}
}
}

Page tree

User