08-09-2021 01:55 AM
Hey all, I'm sure this question is a longshot but I'm stuck.
See the attached document TAC gave me to create a LdapAttributeMap using the FTD REST API Explorer integrated in FDM.
The first screenshot is the specific body of the LdapAAttributeMap Model. The 2nd is the entire document TAC sent me.
My code (which throws an error) my first guess the API has changed since this document was created?
The Example Values have whole other Model ldapAttributeToGroupPolicyMappings just below where Cisco's Example ends?
Anyone ever pull this off?
My Code:
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
},
{
"ldapValue": "CA VPN - Staff,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "Anyconnect_CA",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}
Throws a " "description": "InvalidTypeIdException: Missing type id when trying to resolve subtype of [simple type, LdapAttributeMap]: missing type id property 'type'\n at [Source: (UnclosableInputStream); line: 1, column: 3]","
Thanks all,
Solved! Go to Solution.
11-11-2021 07:51 AM
Hello Craig,
were you able to fix the issue? I can see that there was a closing square bracket missing in your snippet. Could the be the reason for the UnclosableInputStream error?
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
},
{
"ldapValue": "CA VPN - Staff,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "Anyconnect_CA",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}
]
01-24-2022 04:15 PM
I believe I know the fix to your issue (and thank you to @osanniko for pointing out the missing closing bracket as well).
I had this exact same issue and could not fix it for a while until I double checked the REST API docs and noticed something. You're (understandably) using JUST the LdapAttributeMapping section when in reality, you need to encapsulate LdapAttributeMapping in the broader LdapAttributeMapWrapper for the configuration to work. (Though note that I'm running 6.6.5 so YMMV for different versions).
Currently, from the REST API docs, the following example template is shown for LDAP Attribute Maps:
I'm undoubtedly going to go against best-practices with this config, but at a minimum, this is what worked for me (mapped to your hypothetical config).
{
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}
],
"type": "ldapattributemap",
"links": {
"self": ""
}
}
I've left out optional parameters such as version, ldapAttributeToGroupPolicyMappings, id, and a sub definition within the "self" field, but this worked first try for me. Let me know if you have any questions!
11-11-2021 07:51 AM
Hello Craig,
were you able to fix the issue? I can see that there was a closing square bracket missing in your snippet. Could the be the reason for the UnclosableInputStream error?
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
},
{
"ldapValue": "CA VPN - Staff,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "Anyconnect_CA",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}
]
01-24-2022 04:15 PM
I believe I know the fix to your issue (and thank you to @osanniko for pointing out the missing closing bracket as well).
I had this exact same issue and could not fix it for a while until I double checked the REST API docs and noticed something. You're (understandably) using JUST the LdapAttributeMapping section when in reality, you need to encapsulate LdapAttributeMapping in the broader LdapAttributeMapWrapper for the configuration to work. (Though note that I'm running 6.6.5 so YMMV for different versions).
Currently, from the REST API docs, the following example template is shown for LDAP Attribute Maps:
I'm undoubtedly going to go against best-practices with this config, but at a minimum, this is what worked for me (mapped to your hypothetical config).
{
"name": "BW_Attributes",
"ldapAttributeMaps": [
{
"ldapName": "memberOf",
"ciscoName": "GROUP_POLICY",
"valueMappings": [
{
"ldapValue": "CN=VPN Admins,OU=VPN Groups,OU=Cisco_Accounts,OU=Bobs_World,DC=bobworld,DC=int",
"ciscoValue": "VPN_Admins",
"type": "ldaptociscovaluemapping"
}
],
"type": "ldapattributemapping"
}
],
"type": "ldapattributemap",
"links": {
"self": ""
}
}
I've left out optional parameters such as version, ldapAttributeToGroupPolicyMappings, id, and a sub definition within the "self" field, but this worked first try for me. Let me know if you have any questions!
01-24-2022 09:31 PM
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide