LDAP Account and Group Maps Using REST API
Learn how to create account and group maps using LDAP through the DryvIQ REST API.
Written by Andrea Harvey
Updated at April 29th, 2025
Table of Contents
Overview
Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to look up data from a server. Using REST API calls, you can create an account map that integrates with LDAP. You can also query DryvIQ to return the LDAP configuration being used for an account map.
Test LDAP Connection
Use the following call to test the LDAP Connection. Replace the values with the information relevant to your server. This should return a status of 200 when a successful connection is made.
POST {{url}}v1/ldap/test{
"auth_type": "anonymous",
"dn": "string",
"name": "string",
"password": "string",
"port": 0,
"ssl": true,
"username": "string"
}LDAP Configuration Options
Below are the available configuration options for LDAP. The following sections provide examples of how to use the information to create an account map and query it to find an existing account map.
| Field | Type | Description | Example |
|---|---|---|---|
| Security Map Features | |||
| ldap | Boolean | This field indicates if LDAP is being used. | true |
| LDAP Server Definitions | |||
| name | String | This field identifies the DNS name or IP address for the LDAP server. This is a required field. | xx.xx.x.xxx |
| port | Integer | This is the port number that should be used if other than 389 (the default). If you are using SSL set to true, the default port is 636. |
636 |
| dn | String |
This is the location within AD where you want to search for users. It is optional if you are using the DNS name for the server name rather than the IP Address. (The default should be good.)
|
dc=internal,dc=string,dc=com
ou=accounts,dc=internal,dc=string,dc=com |
| username | String | This field identifies the username that needs to be used to log on to the server. | domain\\joe_user |
| password | String | This is the password for the above username. | Pa$$w0RdValu3 |
| ssl | Booloean | Indicates if the LDAP server uses SSL for the connection | true |
| LDAP Search Definitions | |||
| server | LdapServerDefinition | LDAP server name. | |
| filter | String | This is the filter that should be applied when requesting users from LDAP. |
sn=smith
mapid=5f55f55fff5555f5f5f555ff55555555
jobid=1111111111a11a11111aa1aa11a11111 |
| account_exclusion_pattern | String | This field is used to exclude specific accounts based on values in the account name (sAMAccountName). Exclusions are indicated using wild-card patterns. Multiple values must be separated by a semicolon ( ; ). | admin (Excludes accounts that include “admin” in the account name.) |
Create an Account Map Integrated to LDAP
The example code below creates a one-to-one matching map from the LDAP server for the connections. Replace the server and connection ID values with those applicable to your server and the connection IDs with the IDs assigned to the connections you are using.
POST {{url}}v1/account_maps{
"name":"name assigned to the map you are creating",
"type": "account_map",
"unmapped_policy": "warn",
"map_by": {
"ldap": true,
"email": true
},
"ldap": {
"server": {
"name": "00.00.0.00",
"username": "domain\\user",
"password": "password"
}
},
"source": {
"connection": {
"id": "connection ID"
}
},
"destination": {
"connection": {
"id": "connection ID"
}
}
}Query the LDAP Configuration for an Account or Group Map
The example code below shows how to query to return the LDAP configuration being used for an account map.
Basic Query
The example code below is a basic query to view the LDAP configurations being used for an account map.
GET {{url}}v1/ldap/query/accountsThe example code below is a basic query to view the LDAP configurations being used for a group map.
GET {{url}}v1/ldap/query/groupsQuery by Map ID
The example code below shows a query to view the LDAP configuration used for a specific account map or group map.
Account Map
GET {{url}}v1/ldap/query/accounts?mapid=5f55f55fff5555f5f5f555ff55555555Group Map
GET {{url}}v1/ldap/query/groups?mapid=5f55f55fff5555f5f5f555ff55555555Query by Job ID
The example code below shows a query to view the LDAP configuration used for a specific account map or group map in a particular job.
Account Map
GET {{url}}v1/ldap/query/accounts?jobid=1111111111a11a11111aa1aa11a11111Group Map
GET {{url}}v1/ldap/query/groups?jobid=1111111111a11a11111aa1aa11a11111Query Using Filters
The example below shows a query that uses a filter for the surname. Substitute additional filters as needed.
POST: {{url}}v1/ldap/query/accounts{
"filter": "(sn=smith)",
"server": {
"name": "ldap server IP/DNS name",
"port": "636",
"username": "domain\\user",
"password": "password",
"dn": "DC=internal,DC=string,DC=com",
"SSL": "true"
}
}Create a User Job Mapping Job That Uses LDAP
When you want to use LDAP with a User Job Mapping job, you have to create the LDAP map when creating the job. This must be done through the REST API; LDAP mappings cannot be made through the user interface currently. Example code is provided below to show how you can add the LDAP map information to the CREATE job call.
POST: {{url}}v1/jobs{
"name": "User Job Mapping Job",
"kind": "personal_drive",
"transfer": {
"audit_level": "trace",
"transfer_type": "copy",
"source": {
"connection": {
"id": "31de9f3f875247968cf9b4c685334111"
}
},
"destination": {
"connection": {
"id": "e065f176b3014b34b3f2dd12f307a006"
},
"target": {
"path": "/"
}
},
"schedule": {
"mode": "manual"
}
},
"schedule": {
"mode": "manual"
},
"convention": {
"match": "ldap",
"users": "ldap",
"map_by": {
"email": true
},
"path_conventions": [
{
"source": "/"
},
{
"destination": "/"
}
],
"account_map": {
"name": "LDAP Map",
"type": "account_map",
"unmapped_policy": "warn",
"map_by": {
"ldap": true,
"email": true
},
"ldap": {
"server": {
"name": "00.00.0.00",
"username": "nfs\\username",
"password": "password",
"dn": "DC=nfs,dc=local"
},
"attributes": {
"home_directory": "homeDirectory"
}
},
"source": {
"connection": {
"id": "31de9f3f875247968cf9b4c685334111"
}
},
"destination": {
"connection": {
"id": "e065f176b3014b34b3f2dd12f307a006"
}
}
},
"type": "personal_drive"
}
}