Unable to render embedded object: File (Emp18Notice.png) not found.
Skip to end of banner
Go to start of banner

Manipulating Directory Objects

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Home / Identity Administration / Computers / LDAP Virtual Directory / Current: Configuring LDAP Auth for Linux

EmpowerID includes a number of CRUD (create, read, update, delete) workflows for manipulating directory objects via the EmpowerID Virtual Directory. These workflows include the following:

  • LDAPCreateAccount - This workflow creates a new user account object within a directory to which EmpowerID is connected.
  • LDAPCreateOU - This workflow creates a new OU container within a directory to which EmpowerID is connected.
  • LDAPCreateGroup - This workflow creates a new group object within a directory to which EmpowerID is connected.
  • LDAPUpdateAccount - This workflow updates an account object within a directory to which EmpowerID is connected.
  • LDAPUpdateOU - This workflow updates an OU container within a directory to which EmpowerID is connected.
  • LDAPUpdateGroup - This workflow updates a group object within a directory to which EmpowerID is connected.
  • LDAPDeleteAccount - This workflow deletes a user account object within a directory to which EmpowerID is connected.
  • LDAPDeleteOU - This workflow deletes an OU container within a directory to which EmpowerID is connected.
  • LDAPDeleteGroup - This workflow deletes a group within a directory to which EmpowerID is connected.

In this topic, we demonstrate how to create new directory objects by creating a new AD user account from the EmpowerID Virtual Directory.


As with all EmpowerID workflows, the LDAP workflows associated with the EmpowerID LDAP Server are RBAC-trimmed. Users must have the Initiator Access Level for each workflow to initiate that workflow, as well as a Access Level with any necessary operations allowed to execute the workflow without requiring further approval.

If a user initiates one of the LDAP workflows but does not have the needed delegations to perform the task in that workflow (such as creating a new user account), the EmpowerID LDAP Server will display to that user a message indicating that the request failed and then route the request to a delegated approver via email.

The approver can then choose to approve or deny the request. If the approver approves it, the workflow resumes and the user account (in this case) is created. If the approver rejects it, the workflow terminates and the user account is not created. In either case, EmpowerID routes the results of the request to the request initiator via email.


To create a new user account via the EmpowerID Virtual Directory


Depending on the tool you use for managing directory objects, the steps depicted below may differ for you.


  1. From your LDAP management tool, navigate to the EmpowerID root tree node and then expand the o=empowerid and cn=directories nodes.



  2. Expand the the appropriate directory node and locate the OU in which you wish to place the new user account.
  3. Right-click the OU node and select New, then New Entry.



  4. In the Entry Creation Wizard that appears, select Template-Based and then click Next.



  5. Select User and then click Next.



  6. Specify cn as the RDN type, enter the appropriate value for the type and then click Next.



  7. Review the entry and then click Finish.



  8. Wait while the workflow executes.


  • No labels