book
Article ID: 314113
calendar_today
Updated On:
Issue/Introduction
Detail how to add LDAP Groups to the CloudAdminGroup via API Explorer.
Symptoms:
This article lists out the steps to modify group membership of the CloudAdminGroup on the Cloud vCenter in VMware Cloud on AWS
Cause
Customer is missing permissions for a specific LDAP User/Group but
[email protected] account has the required permissions.
Resolution
- Login into https://<Cloud_VC_FQDN>/apiexplorer/ Use the cloudadmin ID to login
- Navigate to hvc/management/administrators and click on Show/Hide
- Use the GET hvc/management/administrators API to find the current members of the CloudAdminGroup
- Click on Execute to run the GET request. The response will be in JSON format.
- To add an AD group use the POST hvc/management/administrators?action=add API
- In the request_body put the AD group name in the format {“group_name”: ”[email protected]”}. You only need to modify the [email protected] section, leave group_name alone.
- Click on Execute. If the Response Code comes as 204 or 200, That means the group has been added.
Note: You can then use the GET API again (mentioned above) to fetch the group list to verify if the group has been added or not.
- If you want to remove an AD group from the CloudAdminGroup
- Use the POST /hvc/management/administrators?action=remove API
- In the request_body put the AD group name in the format “group_name”: ”[email protected]”
- {
"group_name": "[email protected]"
}
- Click on Execute.
- If the Response Code is 204 or 200, that means the group has been removed successfully
- To verify, Do a GET request again to see the current group membership and you will see that the group has been removed.
Workaround:
Use
[email protected].
Additional Information
VMware Developer DocumentationImpact/Risks:
Customers may be blocked from integrating or performing actions with LDAP User/Groups.
This process can only be used to add AD Groups to the CloudAdminGroup, this will not work for adding specific AD Users.