I am encountering a problem with the API when attempting to check fo the existence of an LDAP user in a vCloud organization. When looking at the users for that organization, the user is not found. When attempting to add it, get the error "
DuplicateNameException: The VCD entity mavlcek already exists."
Turns out the user does exist, but in the Lost & Found folder, and I cannot retrieve its HREF to delete it and then try the add again.
Anyone know how to recover these users via the REST API? In the UI, you can delete the entry, then re-add it, but the API does not seem to provide a method for finding this user.
If anyone has a solution for this, please share as this has been a roadblock to automating our provisioning since we have to manually delete the user entry before we can proceed and try again.
You can use the Query API and there are several packaged queries and one of which supports for finding strandedUsers - http://pubs.vmware.com/vcloud-api-1-5/wwhelp/wwhimpl/js/html/wwhelp.htm#href=api_prog/GUID-9356B99B-...
It'll look something like this:
$ curl -i -k -H "Accept:application/*+xml;version=1.5" -H "x-vcloud-authorization: ........" -X GET https://vcd/api/admin/strandedUsers/query
Thanks for pointing out the packaged query for stranded users. Unfortunately, it does not appear to work. It returns no results. Is there something I’m missing? Perhaps I need to specify an organization somehow (the documentation for the packaged query says “Stranded users in the organization” but it was not clear how to specify it?
<?xml version="1.0" encoding="UTF-8"?>
<QueryResultRecords xmlns="http://www.vmware.com/vcloud/v1.5" total="0" pageSize="25" page="1" name="strandedUser" type="application/vnd.vmware.vcloud.query.records+xml" href="https://my-vcloud.xxx.com/api/admin/strandedUsers/query?page=1&pageSize=25&format=records" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://alln01-vcloud.cisco.com/api/v1.5/schema/master.xsd">
<Link rel="alternate" type="application/vnd.vmware.vcloud.query.references+xml" href="https://my-vcloud.xxx.com/api/admin/strandedUsers/query?page=1&pageSize=25&format=references"/>
<Link rel="alternate" type="application/vnd.vmware.vcloud.query.idrecords+xml" href="https://my-vcloud.xxx.com/api/admin/strandedUsers/query?page=1&pageSize=25&format=idrecords"/>
</QueryResultRecords>
Are you logging in as an Administrator in the System Organization?
That is correct. I am logged in as an admin against the system org.
I don't have LDAP configured in my home lab to repro this, but could you try the same query but logging into the organization that has the stranded user? I have a feeling that it may not work due to the /admin path which signifies this is only available in the Admin API.
Yes, if I log on to the API as an Organization Admin to that organization, the stranded user's HREF is returned. Unfortunately, our use of the API is always done using a "System" user, with the assumption that we have permission to do anything.
But interestingly, as the Org Admin, if I try then to do a GET on the stranded user's HREF, I cannot access it, but if I log on as a system admin, it does return the record and I can delete it.
So it is possible do get rid of the stranded user but it takes 2 sessions (an org admin session to get the HREF and a sys admin to get/delete the user). It seems to me that the system admin should be able to access this information.
If there is any workaround to this, I would really like to get a solution.
Thanks!
As the Org Admin, are you able to delete the user using the vCloud API?
Actually, I am able to GET and DELETE using the Org Administrator logon. Unfortunately, I really need to be able to perform this operation as a System Administrator; otherwise, I will need to have credentials for hundreds of organizations. This is unwieldy for a multi-tenant, cloud provider solution.
So is there any way this can be done as a System Administrator?
It looks like this operation is currently only supported when you're an Org Admin as noted by the documentation - http://pubs.vmware.com/vcloud-api-1-5/wwhelp/wwhimpl/js/html/wwhelp.htm#context=vCloudAPI&file=GUID-...
If you have a support contract, I would recommend filing an SR for this feature request.
Disappointing, but good to know for sure. Will defintely file an SR. Thanks!