Create Group
Create an Active Directory, Lightweight Directory Access Protocol, or Keystone group.
Request
Security
| Any | Super User | System Admin | Security Admin | Operator |
|---|---|---|---|---|
| superUser | securityAdmin |
HTTP method
POST /manager/api/{apiResponseType}/createGroup.adm HTTP/1.1 HOST:{manager.dsnet}
groupType={ldap|keystone}&distinguishedName={distinguishedNameOfGroup}
Curl method
curl -u {admin}:{password} -k
“https://{manager.dsnet}/manager/api/{apiResponseType}/createGroup.adm” -d
“groupType=ldap&distinguishedName={distinguishedNameOfGroup}”
Parameters
| Parameter | Type | Usage | Default | Description |
|---|---|---|---|---|
| groupType | String | Optional | ldap | ldap/oidc - external group that exists on LDAP server/OIDC provider. |
| distinguishedName | String | groupType=ldap |
The Distinguished Name (DN) is the name that uniquely identifies a group entry in the directory. A DN is made up of attribute=value pairs, which are separated by commas. The order of the component attribute value pairs is important. DNs begin with the most specific attribute (usually some sort of name such as CN [Common Name]), and continue with progressively broader attributes, often ending with a country attribute. It identifies an entry distinctly from any other entries that have the same parent.
|
|
| keystoneType | String | groupType=keystone | project |
|
| keystoneName | String | groupType=keystone |
The name of the group or project that is managed in Keystone. |
|
| keystoneDomain | String | groupType=keystone |
The name of the domain that is associated with the Keystone group or project. |
|
| alias | String | Optional |
Friendly name to give to the group. |
|
| rolesMap | Set[{role}] | Optional |
Key is name of role string including:
An account cannot be assigned with readOnlysystemAdmin/SystemAdmin or readOnlySecurityOfficer/securityOfficer together at the same time. |
|
| vaultUserPermissions | Map[{vaultId}] | Optional | disabled |
With specific vault ID, set vault access permissions to one of four options.
Multiple vaultUserPermission[{vaultId}] parameters can be passed as part of the editGroup call.
|
| defaultDevicePermission | String | Optional | noAccess | Default access permission that can be set on all devices except manager that will enable user
to perform actions using nut interface. Can be 1 of 4 options
|
| managerDevicePermission | String | Optional | noAccess | Manager access permission that is specific to manager devices to enable user to perform actions using nut interface. Can be 1 of 4 options as listed above. |
| siteDevicePermissions | Map[{siteId}] | Optional | noAccess | For specific site ID, device access permission can be set to 1 of 4 options, as listed above. |
| regionDevicePermissions | Map{regionId} | Optional | noAccess | For specific region ID, device access permission can be set to 1 of 4 options, as listed above. |
| claimValue | String | Required if groupType = oidc | The value of the group claim that identifies a group within the configured OIDC provider. |
Response
Success or failure status. On a successful group creation, the generated group ID is returned.
JSON response example
{
“responseData”: {
“id”: 1
},
“responseHeader”: {
“status”: “ok”,
“now”: 1407336578434,
“requestId”: null
},
“responseStatus”: “ok”
}Parameters
None other than the default response parameters shown in Common response parameters.