I am attempting to import an AD Group using the vRealize Operations API (6.6.1), although the REST API documentation states that the usergroups POST is for creation of a new local user group, the data representation provides an authSourceId fiield, so I decide to send a test to see whether the group would get created and imported. When I send the POST, I receive an error stating that the method is not supported, although it is in the public API documentation
/suite-api/docs/rest/index.html
POST /api/auth/usergroups
Sanitized sample data:
{
"name" : "AD_GROUP",
"description" : "desc",
"authSourceId": "ad-auth-source-id",
"role-permissions" : [ {
"roleName" : "Administrator",
"traversal-spec-instances" : [ {
"adapterKind" : "VMWARE",
"resourceKind" : "vSphere World",
"name" : "vSphere Hosts and Clusters",
"selectAllResources" : true
} ],
"allowAllObjects" : true,
"others" : [ ],
"otherAttributes" : {
}
} ],
"others" : [ ],
"otherAttributes" : {
}
}
HTTP Status 405 – Method Not Allowed
Request method 'POST' not supported
Description: The method received in the request-line is known by the origin server but not supported by the target resource.
Any assistance would be greatly appreciated!
It looks like createUserGroup only works for local groups. There's an 'importUsers' method for importing users from an external auth source... maybe you can use that. It's strange, but I don't think there is a method for importing groups. When I used getUserGroups to list my groups it shows the group name as the full DN, (e.g. CN=My Group,OU=My OU,OU=Groups,DC=mydomain,DC=com) so if you're not already using the full DN maybe try that.
It looks like createUserGroup only works for local groups. There's an 'importUsers' method for importing users from an external auth source... maybe you can use that. It's strange, but I don't think there is a method for importing groups. When I used getUserGroups to list my groups it shows the group name as the full DN, (e.g. CN=My Group,OU=My OU,OU=Groups,DC=mydomain,DC=com) so if you're not already using the full DN maybe try that.
Thank you for the response!
There were two issues here)
1) I actually had copy pasted the url from a previous call, and incorrectly had 'sources' before the usergroups, corrected that
2) I did a get as well, and saw that the full DN was used as the name. I updated my call with the full DN and reposted, it worked!
One thing to note, you get a 500 back:
{
"message": "Internal Server error, cause unknown.",
"httpStatusCode": 500,
"apiErrorCode": 500
}
So you have to do a get and confirm that the group you created exists to confirm (as the status code alone will not be sufficient to confirm the add).
Also, you will need to add the permissions separately using /suite-api/api/auth/usergroups/<group_id>/permissions