The following tables list all examples included in the Capability samples, grouped by Capability.
Operation |
Description |
---|---|
Perform one-level search |
This example illustrates how to obtain a list of the child objects (direct descendants) of the Active Directory container object. In proxy mode, you can use this example to list the domains that are registered with Active Roles (managed domains). To do this, SPML Provider performs the search operation. The request message includes the following XML elements:
The response contains the identifiers (distinguished names) of the objects residing in the container object specified by the <basePsoID> element. |
Perform subtree search |
This example illustrates how to obtain a list of objects that reside below the Active Directory object in the directory tree. You can use this example to list the objects that reside in a given domain. To do this, SPML Provider performs the search operation. The request message includes the following XML elements:
The response contains the identifiers (distinguished names) of the objects that reside in the directory tree below the container object specified by the <basePsoID> element. |
Perform base search |
This example illustrates how to obtain an XML representation of the specific object. To do this, SPML Provider performs the search operation. The request message includes the following XML elements:
The response contains the identifier of the object and the XML representation of the object (as defined in the schema of the target). |
Iterate search results |
This example illustrates how to obtain the next set of objects from the result set that SPML Provider selected for a search operation. In this case, SPML Provider performs the iterate operation. The request message includes the following XML elements:
|
Stop iterating search results |
This example illustrates how to tell SPML Provider that the client has no further need for the search results that a specific iterator represents. In this case, SPML Provider performs the closeIterator operation. The request message includes the following XML elements:
|
Find inactive users |
This example illustrates how to get a list of inactive (disabled or deprovisioned) user accounts found within a specified container. To do this, SPML Provider performs the search operation. The request message includes the following XML elements:
|
Perform complex search |
This example illustrates how to have SPML Provider find all objects that meet certain search criteria and return the values of certain attributes of the objects found. In this case, SPML Provider performs the search operation. The request message includes the following XML elements:
The response contains the identifiers (distinguished names) of the objects found and, for each object, the values of the attributes specified by the <attributes> element in the search request. |
Find only security groups |
This example illustrates how to obtain a list of security groups found in a specified container. In this case, SPML Provider performs the search operation. The request message includes the following XML elements:
The response contains the identifiers (distinguished names) of the security groups that exist in the directory tree below the container object specified by the <basePsoID> element. |
Operation |
Description |
Set user password |
This example illustrates how to set a new password for the specific user account. To set a new password, SPML Provider performs the setPassword operation. The request message includes the following XML elements:
|
Expire user password |
This example illustrates how to force a given user to change the password at next logon. To do this, SPML Provider performs the expirePassword operation. The request message includes the following XML elements:
|
Operation |
Description |
Suspend user account |
This example illustrates how to either disable or deprovision a specified user account, depending on the SPML Provider configuration (see the description of the <suspendAction> element in the “Configuring SPML Provider” section earlier in this document). To do this, SPML Provider performs the suspend operation. The request message includes the following XML elements:
|
Resume user account |
This example illustrates how to enable a disabled user account. This operation requires that the suspend action be set to disable in the SPML Provider configuration file (see the description of the <suspendAction> element in the “Configuring SPML Provider” section earlier in this document). In this case, SPML Provider performs the resume operation in order to enable a disabled user account. The request message includes the following XML elements:
|
Check whether user is active |
This example illustrates how to determine whether a specified user account is active, that is, has not been suspended. A user account is considered to be suspended if the suspend action was performed on that account. The suspend action can be either disable or deprovision, depending on the SPML Provider configuration (see the description of the <suspendAction> element in the “Configuring SPML Provider” section earlier in this document). The request message includes the following XML elements:
The <activeResponse> element in the response message has the active attribute that indicates whether the specified user account is suspended. If the user account is suspended, the active attribute is set to false. Otherwise, the active attribute is set to true. |
In this mode, SPML Provider directly connects to the specified domain or AD LDS instance.
A set of optional, functionally related operations defined in SPML v2.
The minimum set of operations that a provider must implement to conform to the official SPML v2 specification.
A meta-markup language that provides a format for describing structured data. This facilitates more precise declarations of content and more meaningful search results across multiple platforms. In addition, XML enables a new generation of Web-based data viewing and manipulation applications.
An international consortium that drives the development, convergence, and adoption of e-business and Web service standards.
See Provisioning Service Provider.
Represents a data entity or an information object on a target.
A software component that listens for, processes, and returns the results for well-formed SPML requests from a known requestor.
Represents a destination or endpoint that a provider makes available for provisioning actions.
In proxy mode, SPML Provider accesses directory data using the Active Roles proxy service.
A software component that issues well-formed SPML requests to a Provisioning Service Provider.
See Requesting Authority.
An XML/HTTP-based protocol for platform-independent access to objects and services on the Web. SOAP defines a message format in XML that travels over the Internet using HyperText Transfer Protocol (HTTP). By using existing Web protocols (HTTP) and languages (XML), SOAP runs over the existing Internet infrastructure without being tied to any operating system, language, or object model.
An XML-based framework for exchanging user, resource, and service provisioning information between cooperating organizations.
An OASIS standard that provides a means of representing provisioning requests and responses as SPML documents.
See Provisioning Service Target.
Defines the XML structure of the objects (PSO) that the target may contain.
This section briefly discusses some error statements that you may encounter when using SPML Provider.
When sending a request to remove a user from a group (see the example below), the requested operation fails with the error statement “Cannot remove the specified item because it was not found in the specified Collection.”
This error has one of the following causes:
Verify that the <value> element specifies the distinguished name of the user that is the group member. Make sure that the Distinguished Name fields are in upper case.
The following example illustrates how to create a request to remove user Robert Smith from the Sales group.
<?xml version="1.0"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<modifyRequest xmlns="urn:oasis:names:tc:SPML:2:0" returnData="everything">
<psoID ID="CN=Sales,OU=SPML2,DC=Mycompany,DC=com"/>
<modification modificationMode="delete">
<data>
<attr name="member" xmlns="urn:oasis:names:tc:DSML:2:0:core">
<value>CN=Robert Smith,OU=Staff,DC=MyCompany,DC=com</value>
</attr>
</data>
</modification>
</modifyRequest>
</soap:Body>
</soap:Envelope>
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy