aam authentication server ldap instance¶
LDAP Authentication Server
instance Specification¶
Type
Collection
Object Key(s)
name
Collection Name
Collection URI
/axapi/v3/aam/authentication/server/ldap/instance
Element Name
instance
Element URI
/axapi/v3/aam/authentication/server/ldap/instance/{name}
Element Attributes
instance_attributes
Statistics Data URI
/axapi/v3/aam/authentication/server/ldap/instance/{name}/stats
Schema
Operations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/aam/authentication/server/ldap/instance | ||
Create List | POST | /axapi/v3/aam/authentication/server/ldap/instance | ||
Get Object | GET | /axapi/v3/aam/authentication/server/ldap/instance/{name} | ||
Get List | GET | /axapi/v3/aam/authentication/server/ldap/instance | ||
Modify Object | POST | /axapi/v3/aam/authentication/server/ldap/instance/{name} | ||
Replace Object | PUT | /axapi/v3/aam/authentication/server/ldap/instance/{name} | ||
Replace List | PUT | /axapi/v3/aam/authentication/server/ldap/instance | ||
Delete Object | DELETE | /axapi/v3/aam/authentication/server/ldap/instance/{name} |
instance-list¶
instance-list is JSON List of instance attributes
instance-list : [
]
instance attributes¶
admin-dn
Description The LDAP server’s admin DN
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
admin-secret
Description Specify the LDAP server’s admin secret password
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-type
Description ‘ad’: Active Directory. Default; ‘open-ldap’: OpenLDAP;
Type: string
Supported Values: ad, open-ldap
base
Description Specify the LDAP server’s search base
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
bind-with-dn
Description Enforce using DN for LDAP binding(All user input name will be used to create DN)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ca-cert
Description Specify the LDAPS CA cert filename (Trusted LDAPS CA cert filename)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
default-domain
Description Specify default domain for LDAP
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
derive-bind-dn
Description: derive-bind-dn is a JSON Block. Please see below for derive-bind-dn
Type: Object
dn-attribute
Description Specify Distinguished Name attribute, default is CN
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
Default: cn
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)
health-check
Description Check server’s health status
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
health-check-disable
Description Disable configured health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
health-check-string
Description Health monitor name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/health/monitor
host
Description: host is a JSON Block. Please see below for host
Type: Object
ldaps-conn-reuse-idle-timeout
Description Specify LDAPS connection reuse idle timeout value (in seconds) (Specify idle timeout value (in seconds), default is 0 (not reuse LDAPS connection))
Type: number
Range: 0-86400
Default: 0
name
Description Specify LDAP authentication server name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port
Description Specify the LDAP server’s authentication port, default is 389
Type: number
Range: 1-65534
Default: 389
port-hm
Description Check port’s health status
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: port-hm and port-hm-disable are mutually exclusive
Refernce Object: /axapi/v3/health/monitor
port-hm-disable
Description Disable configured port health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: port-hm-disable and port-hm are mutually exclusive
prompt-pw-change-before-exp
Description Prompt user to change password before expiration in N days. This option only takes effect when server type is AD (Prompt user to change password before expiration in N days, default is not to prompt the user)
Type: number
Range: 1-999
protocol
Description ‘ldap’: Use LDAP (default); ‘ldaps’: Use LDAP over SSL; ‘starttls’: Use LDAP StartTLS;
Type: string
Supported Values: ldap, ldaps, starttls
Default: ldap
pwdmaxage
Description Specify the LDAP server’s default password expiration time (in seconds) (The LDAP server’s default password expiration time (in seconds), default is 0 (no expiration))
Type: number
Range: 0-4294967295
Default: 0
secret-string
Description secret password
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
timeout
Description Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds)
Type: number
Range: 1-255
Default: 10
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
derive-bind-dn¶
Specification
Type
object
username-attr
Description Specify attribute name of username
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
host¶
Specification
Type
object
hostip
Description Server’s hostname(Length 1-31) or IP address
Type: string
Format: host
Maximum Length: 31 characters
Maximum Length: 1 characters
Mutual Exclusion: hostip and hostipv6 are mutually exclusive
hostipv6
Description Server’s IPV6 address
Type: string
Format: ipv6-address
Mutual Exclusion: hostipv6 and hostip are mutually exclusive
stats data¶
Counter |
Size |
Description |
|
|---|---|---|---|
bind-failure |
8 |
User Bind Failure |
|
authorize-failure |
8 |
Authorization Failure |
|
ssl-session-failure |
8 |
TLS/SSL Session Failure |
|
admin-bind-failure |
8 |
Admin Bind Failure |
|
authorize-success |
8 |
Authorization Success |
|
pw_change_success |
8 |
Password change success |
|
timeout-error |
8 |
Timeout |
|
request |
8 |
Request |
|
pw_expiry |
8 |
Password expiry |
|
admin-bind-success |
8 |
Admin Bind Success |
|
search-success |
8 |
Search Success |
|
other-error |
8 |
Other Error |
|
ssl-session-created |
8 |
TLS/SSL Session Created |
|
pw_change_failure |
8 |
Password change failure |
|
bind-success |
8 |
User Bind Success |
|
search-failure |
8 |
Search Failure |