If an organization defines an LDAP service to use, an organization or system administrator can import user accounts from that service.

Importing a group from LDAP imports all the users in the group. See Import a Group from an LDAP Service. You can also import users individually.

Prerequisites

This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.

Verify that your organization has defined an LDAP service to use.

Procedure
1

Create a User element that identifies the LDAP user account to import.

The name attribute of the User element must match the LDAP user name, as specified in the organization's LDAP properties. You must include the Role element in the request body.

2

POST the User element to the organization's users URL.

The server matches the value of the name attribute in the request body with the value of the LDAP attribute that the organization specified in the value of the UserName element in the UserAttributes of its OrgLdapSettings. LDAP attributes such as userPrincipalName or samAccountName are common choices here. The server imports the user from the organization's LDAP service, and returns an updated User element to the client.

Example: Import a User from an LDAP Database

This example imports a user to the organization created in Example: Create an Organization. The request includes an optional IsEnabled element, so the user is enabled as soon as the import is complete.

The response is a User element, most of which is not shown in the example. The response includes a link that an administrator can use to edit user metadata, and additional elements, such as IsDefaultCached and StoredVmQuota, inherited from organization defaults. It also includes a NameInSource element, which contains the user's name as stored by the LDAP server, using the server's native encoding.

Request: 

POST https://vcloud.example.com/api/admin/org/26/users
Content-Type: application/vnd.vmware.admin.user+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="user@example.com"
   type="application/vnd.vmware.admin.user+xml">
   <IsEnabled>true</IsEnabled>
   <IsExternal>true</IsExternal>
   <Role
      href="https://vcloud.example.com/api/admin/org/26/role/13a69c14-e64c-409f-800f-0ecc470ea42d" />
</User>

Response: 

201 Created
Content-Type: application/vnd.vmware.admin.user+xml
...
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="user@example.com"
   id="urn:vcloud:user:85"
   type="application/vnd.vmware.admin.user+xml"
   href="https://vcloud.example.com/api/admin/user/85">
   <Link
      rel="edit"
      type="application/vnd.vmware.admin.user+xml"
      href="https://vcloud.example.com/api/admin/user/85" />
   <FullName>Imported User Full Name</FullName>
   <EmailAddress>user@example.com</EmailAddress>
   <IsEnabled>true</IsEnabled>
   <ProviderType>INTEGRATED</ProviderType>
   <NameInSource>\F4\D3\42\8E\6A\BC\D3</NameInSource>
   <IsAlertEnabled>false</IsAlertEnabled>
   <IsDefaultCached>false</IsDefaultCached>
   <StoredVmQuota>0</StoredVmQuota>
   <DeployedVmQuota>0</DeployedVmQuota>
   <Role
     type="application/vnd.vmware.admin.role+xml"
     name="vApp Author"
     href="https://vcloud.example.com/api/admin/org/26/role/13a69c14-e64c-409f-800f-0ecc470ea42d" />
   <GroupReferences />
</User>