topic Re: FTD REST API - LdapAttributeMap v6.7 in Network Security

FTD REST API - LdapAttributeMap v6.7

CraigBelcher80625 — Mon, 09 Aug 2021 08:55:44 GMT

Hey all, I'm sure this question is a longshot but I'm stuck.

See the attached document TAC gave me to create a LdapAttributeMap using the FTD REST API Explorer integrated in FDM.

The first screenshot is the specific body of the LdapAAttributeMap Model. The 2nd is the entire document TAC sent me.

My code (which throws an error) my first guess the API has changed since this document was created?

The Example Values have whole other Model ldapAttributeToGroupPolicyMappings just below where Cisco's Example ends?

Anyone ever pull this off?

My Code:

"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
},
{
"ldapValue": "CA VPN - Staff,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "Anyconnect_CA",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}

Throws a " "description": "InvalidTypeIdException: Missing type id when trying to resolve subtype of [simple type, LdapAttributeMap]: missing type id property 'type'\n at [Source: (UnclosableInputStream); line: 1, column: 3]","

Thanks all,

Re: FTD REST API - LdapAttributeMap v6.7

osanniko — Thu, 11 Nov 2021 15:51:26 GMT

Hello Craig,

were you able to fix the issue? I can see that there was a closing square bracket missing in your snippet. Could the be the reason for the UnclosableInputStream error?

]

Re: FTD REST API - LdapAttributeMap v6.7

christianh98114 — Tue, 25 Jan 2022 00:15:20 GMT

I believe I know the fix to your issue (and thank you to @osanniko for pointing out the missing closing bracket as well).

I had this exact same issue and could not fix it for a while until I double checked the REST API docs and noticed something. You're (understandably) using JUST the LdapAttributeMapping section when in reality, you need to encapsulate LdapAttributeMapping in the broader LdapAttributeMapWrapper for the configuration to work. (Though note that I'm running 6.6.5 so YMMV for different versions).

Currently, from the REST API docs, the following example template is shown for LDAP Attribute Maps:

I'm undoubtedly going to go against best-practices with this config, but at a minimum, this is what worked for me (mapped to your hypothetical config).

{
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
      "ldapName": "memberOf",
      "ciscoName": "GROUP_POLICY",
      "valueMappings": [
          {
   "ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
   "ciscoValue": "VPN_Admins",
             "type": "ldaptociscovaluemapping"
    }
        ],
        "type": "ldapattributemapping"
    }
],
"type": "ldapattributemap",
"links": {
"self": ""
}
}

I've left out optional parameters such as version, ldapAttributeToGroupPolicyMappings, id, and a sub definition within the "self" field, but this worked first try for me. Let me know if you have any questions! 🙂

Re: FTD REST API - LdapAttributeMap v6.7

CraigBelcher80625 — Tue, 25 Jan 2022 05:31:53 GMT

Thank you