aam authentication server ldap¶
LDAP Authentication Server
ldap Specification¶
Type Configuration Resource Element Name ldap Element URI /axapi/v3/aam/authentication/server/ldap Element Attributes ldap_attributes Statistics Data URI /axapi/v3/aam/authentication/server/ldap/stats Operational Data URI /axapi/v3/aam/authentication/server/ldap/oper Schema ldap schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
| Create Object | POST | /axapi/v3/aam/authentication/server/ldap | ||
| Get Object | GET | /axapi/v3/aam/authentication/server/ldap | ||
| Modify Object | POST | /axapi/v3/aam/authentication/server/ldap | ||
| Replace Object | PUT | /axapi/v3/aam/authentication/server/ldap | ||
| Delete Object | DELETE | /axapi/v3/aam/authentication/server/ldap | ||
ldap attributes¶
instance-list
Type: List
Refernce Object: /axapi/v3/aam/authentication/server/ldap/instance/{name}
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘admin-bind-success’: Total Admin Bind Success; ‘admin-bind-failure’: Total Admin Bind Failure; ‘bind-success’: Total User Bind Success; ‘bind-failure’: Total User Bind Failure; ‘search-success’: Total Search Success; ‘search-failure’: Total Search Failure; ‘authorize-success’: Total Authorization Success; ‘authorize-failure’: Total Authorization Failure; ‘timeout-error’: Total Timeout; ‘other-error’: Total Other Error; ‘request’: Total Request; ‘request-normal’: Total Normal Request; ‘request-dropped’: Total Dropped Request; ‘response-success’: Total Success Response; ‘response-failure’: Total Failure Response; ‘response-error’: Total Error Response; ‘response-timeout’: Total Timeout Response; ‘response-other’: Total Other Response; ‘job-start-error’: Total Job Start Error; ‘polling-control-error’: Total Polling Control Error; ‘ssl-session-created’: TLS/SSL Session Created; ‘ssl-session-failure’: TLS/SSL Session Failure; ‘ldaps-idle-conn-num’: LDAPS Idle Connection Number; ‘ldaps-inuse-conn-num’: LDAPS In-use Connection Number; ‘pw-expiry’: Total Password expiry; ‘pw-change-success’: Total password change success; ‘pw-change-failure’: Total password change failure;
Type: string
Supported Values: all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error, ssl-session-created, ssl-session-failure, ldaps-idle-conn-num, ldaps-inuse-conn-num, pw-expiry, pw-change-success, pw-change-failure
instance-list¶
Specification Type list Block object keys admin-dn
Description The LDAP server’s admin DN
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
admin-secret
Description Specify the LDAP server’s admin secret password
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-type
Description ‘ad’: Active Directory. Default; ‘open-ldap’: OpenLDAP;
Type: string
Supported Values: ad, open-ldap
base
Description Specify the LDAP server’s search base
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
bind-with-dn
Description Enforce using DN for LDAP binding(All user input name will be used to create DN)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ca-cert
Description Specify the LDAPS CA cert filename (Trusted LDAPS CA cert filename)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
default-domain
Description Specify default domain for LDAP
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
derive-bind-dn
Description: derive-bind-dn is a JSON Block. Please see below for instance-list_derive-bind-dn
Type: Object
dn-attribute
Description Specify Distinguished Name attribute, default is CN
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
Default: cn
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)health-check
Description Check server’s health status
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
health-check-disable
Description Disable configured health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
health-check-string
Description Health monitor name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/health/monitor
host
Description: host is a JSON Block. Please see below for instance-list_host
Type: Object
ldaps-conn-reuse-idle-timeout
Description Specify LDAPS connection reuse idle timeout value (in seconds) (Specify idle timeout value (in seconds), default is 0 (not reuse LDAPS connection))
Type: number
Range: 0-86400
Default: 0
name
Description Specify LDAP authentication server name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port
Description Specify the LDAP server’s authentication port, default is 389
Type: number
Range: 1-65534
Default: 389
port-hm
Description Check port’s health status
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: port-hm and port-hm-disable are mutually exclusive
Refernce Object: /axapi/v3/health/monitor
port-hm-disable
Description Disable configured port health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: port-hm-disable and port-hm are mutually exclusive
prompt-pw-change-before-exp
Description Prompt user to change password before expiration in N days. This option only takes effect when server type is AD (Prompt user to change password before expiration in N days, default is not to prompt the user)
Type: number
Range: 1-999
protocol
Description ‘ldap’: Use LDAP (default); ‘ldaps’: Use LDAP over SSL; ‘starttls’: Use LDAP StartTLS;
Type: string
Supported Values: ldap, ldaps, starttls
Default: ldap
pwdmaxage
Description Specify the LDAP server’s default password expiration time (in seconds) (The LDAP server’s default password expiration time (in seconds), default is 0 (no expiration))
Type: number
Range: 0-4294967295
Default: 0
sampling-enable
Type: Listsecret-string
Description secret password
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
timeout
Description Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds)
Type: number
Range: 1-255
Default: 10
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
instance-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘admin-bind-success’: Admin Bind Success; ‘admin-bind-failure’: Admin Bind Failure; ‘bind-success’: User Bind Success; ‘bind-failure’: User Bind Failure; ‘search-success’: Search Success; ‘search-failure’: Search Failure; ‘authorize-success’: Authorization Success; ‘authorize-failure’: Authorization Failure; ‘timeout-error’: Timeout; ‘other-error’: Other Error; ‘request’: Request; ‘ssl-session-created’: TLS/SSL Session Created; ‘ssl-session-failure’: TLS/SSL Session Failure; ‘pw_expiry’: Password expiry; ‘pw_change_success’: Password change success; ‘pw_change_failure’: Password change failure;
Type: string
Supported Values: all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, ssl-session-created, ssl-session-failure, pw_expiry, pw_change_success, pw_change_failure
instance-list_derive-bind-dn¶
Specification Type object username-attr
Description Specify attribute name of username
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
instance-list_host¶
Specification Type object hostip
Description Server’s hostname(Length 1-31) or IP address
Type: string
Format: host
Maximum Length: 31 characters
Maximum Length: 1 characters
Mutual Exclusion: hostip and hostipv6 are mutually exclusive
hostipv6
Description Server’s IPV6 address
Type: string
Format: ipv6-address
Mutual Exclusion: hostipv6 and hostip are mutually exclusive
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| pw-change-success | 8 | Total password change success | |
| admin-bind-success | 8 | Total Admin Bind Success | |
| response-failure | 8 | Total Failure Response | |
| request-dropped | 8 | Total Dropped Request | |
| other-error | 8 | Total Other Error | |
| ssl-session-failure | 8 | TLS/SSL Session Failure | |
| job-start-error | 8 | Total Job Start Error | |
| search-failure | 8 | Total Search Failure | |
| bind-failure | 8 | Total User Bind Failure | |
| request-normal | 8 | Total Normal Request | |
| response-other | 8 | Total Other Response | |
| pw-change-failure | 8 | Total password change failure | |
| ldaps-inuse-conn-num | 8 | LDAPS In-use Connection Number | |
| response-timeout | 8 | Total Timeout Response | |
| authorize-failure | 8 | Total Authorization Failure | |
| timeout-error | 8 | Total Timeout | |
| ldaps-idle-conn-num | 8 | LDAPS Idle Connection Number | |
| search-success | 8 | Total Search Success | |
| ssl-session-created | 8 | TLS/SSL Session Created | |
| bind-success | 8 | Total User Bind Success | |
| admin-bind-failure | 8 | Total Admin Bind Failure | |
| authorize-success | 8 | Total Authorization Success | |
| request | 8 | Total Request | |
| polling-control-error | 8 | Total Polling Control Error | |
| pw-expiry | 8 | Total Password expiry | |
| response-success | 8 | Total Success Response | |
| response-error | 8 | Total Error Response | 
operational data¶
| Counter | Size | Description | |
|---|---|---|---|
| ldaps-server-list | ldaps-server-list |