Solved: Re: FTD REST API - LdapAttributeMap v6.7

CraigBelcher80625 · ‎08-09-2021

Hey all, I'm sure this question is a longshot but I'm stuck.

See the attached document TAC gave me to create a LdapAttributeMap using the FTD REST API Explorer integrated in FDM.

The first screenshot is the specific body of the LdapAAttributeMap Model. The 2nd is the entire document TAC sent me.

My code (which throws an error) my first guess the API has changed since this document was created?

The Example Values have whole other Model ldapAttributeToGroupPolicyMappings just below where Cisco's Example ends?

Anyone ever pull this off?

My Code:

"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
},
{
"ldapValue": "CA VPN - Staff,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "Anyconnect_CA",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}

Throws a " "description": "InvalidTypeIdException: Missing type id when trying to resolve subtype of [simple type, LdapAttributeMap]: missing type id property 'type'\n at [Source: (UnclosableInputStream); line: 1, column: 3]","

Thanks all,

osanniko · ‎11-11-2021

Hello Craig,

were you able to fix the issue? I can see that there was a closing square bracket missing in your snippet. Could the be the reason for the UnclosableInputStream error?

"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
},
{
"ldapValue": "CA VPN - Staff,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "Anyconnect_CA",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}

]

View solution in original post

christianh98114 · ‎01-24-2022

I believe I know the fix to your issue (and thank you to @osanniko for pointing out the missing closing bracket as well).

I had this exact same issue and could not fix it for a while until I double checked the REST API docs and noticed something. You're (understandably) using JUST the LdapAttributeMapping section when in reality, you need to encapsulate LdapAttributeMapping in the broader LdapAttributeMapWrapper for the configuration to work. (Though note that I'm running 6.6.5 so YMMV for different versions).

Currently, from the REST API docs, the following example template is shown for LDAP Attribute Maps:

I'm undoubtedly going to go against best-practices with this config, but at a minimum, this is what worked for me (mapped to your hypothetical config).

{
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
      "ldapName": "memberOf",
      "ciscoName": "GROUP_POLICY",
      "valueMappings": [
          {
   "ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
   "ciscoValue": "VPN_Admins",
             "type": "ldaptociscovaluemapping"
    }
        ],
        "type": "ldapattributemapping"
    }
],
"type": "ldapattributemap",
"links": {
"self": ""
}
}

I've left out optional parameters such as version, ldapAttributeToGroupPolicyMappings, id, and a sub definition within the "self" field, but this worked first try for me. Let me know if you have any questions!

View solution in original post

osanniko · ‎11-11-2021

Hello Craig,

were you able to fix the issue? I can see that there was a closing square bracket missing in your snippet. Could the be the reason for the UnclosableInputStream error?

"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
},
{
"ldapValue": "CA VPN - Staff,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "Anyconnect_CA",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}

]

christianh98114 · ‎01-24-2022

I believe I know the fix to your issue (and thank you to @osanniko for pointing out the missing closing bracket as well).

I had this exact same issue and could not fix it for a while until I double checked the REST API docs and noticed something. You're (understandably) using JUST the LdapAttributeMapping section when in reality, you need to encapsulate LdapAttributeMapping in the broader LdapAttributeMapWrapper for the configuration to work. (Though note that I'm running 6.6.5 so YMMV for different versions).

Currently, from the REST API docs, the following example template is shown for LDAP Attribute Maps:

I'm undoubtedly going to go against best-practices with this config, but at a minimum, this is what worked for me (mapped to your hypothetical config).

{
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
      "ldapName": "memberOf",
      "ciscoName": "GROUP_POLICY",
      "valueMappings": [
          {
   "ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
   "ciscoValue": "VPN_Admins",
             "type": "ldaptociscovaluemapping"
    }
        ],
        "type": "ldapattributemapping"
    }
],
"type": "ldapattributemap",
"links": {
"self": ""
}
}

I've left out optional parameters such as version, ldapAttributeToGroupPolicyMappings, id, and a sub definition within the "self" field, but this worked first try for me. Let me know if you have any questions!

CraigBelcher80625 · ‎01-24-2022

Thank you