aam authentication server ldap instance¶
LDAP Authentication Server
instance Specification¶
Type Collection Object Key(s) name Collection Name instance-list Collection URI /axapi/v3/aam/authentication/server/ldap/instance Element Name instance Element URI /axapi/v3/aam/authentication/server/ldap/instance/{name} Element Attributes instance_attributes Statistics Data URI /axapi/v3/aam/authentication/server/ldap/instance/{name}/stats Schema instance schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/aam/authentication/server/ldap/instance | ||
Create List | POST | /axapi/v3/aam/authentication/server/ldap/instance | ||
Get Object | GET | /axapi/v3/aam/authentication/server/ldap/instance/{name} | ||
Get List | GET | /axapi/v3/aam/authentication/server/ldap/instance | ||
Modify Object | POST | /axapi/v3/aam/authentication/server/ldap/instance/{name} | ||
Replace Object | PUT | /axapi/v3/aam/authentication/server/ldap/instance/{name} | ||
Replace List | PUT | /axapi/v3/aam/authentication/server/ldap/instance | ||
Delete Object | DELETE | /axapi/v3/aam/authentication/server/ldap/instance/{name} |
instance-list¶
instance-list is JSON List of instance attributes
instance-list : [
]
instance attributes¶
admin-dn
Description The LDAP server’s admin DN
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
admin-secret
Description Specify the LDAP server’s admin secret password
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-type
Description ‘ad’: Active Directory. Default; ‘open-ldap’: OpenLDAP;
Type: string
Supported Values: ad, open-ldap
base
Description Specify the LDAP server’s search base
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
bind-with-dn
Description Enforce using DN for LDAP binding(All user input name will be used to create DN)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ca-cert
Description Specify the LDAPS CA cert filename (Trusted LDAPS CA cert filename)
Type: string
Maximum Length: 245 characters
Maximum Length: 1 characters
default-domain
Description Specify default domain for LDAP
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
derive-bind-dn
Description: derive-bind-dn is a JSON Block. Please see below for derive-bind-dn
Type: Object
dn-attribute
Description Specify Distinguished Name attribute, default is CN
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
Default: cn
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)health-check
Description Check server’s health status
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
health-check-disable
Description Disable configured health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
health-check-string
Description Health monitor name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/health/monitor
host
Description: host is a JSON Block. Please see below for host
Type: Object
ldaps-conn-reuse-idle-timeout
Description Specify LDAPS connection reuse idle timeout value (in seconds) (Specify idle timeout value (in seconds), default is 0 (not reuse LDAPS connection))
Type: number
Range: 0-86400
Default: 0
name
Description Specify LDAP authentication server name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-ldap-inst-tmpl
port
Description Specify the LDAP server’s authentication port, default is 389
Type: number
Range: 1-65534
Default: 389
port-hm
Description Check port’s health status
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: port-hm and port-hm-disable are mutually exclusive
Reference Object: /axapi/v3/health/monitor
port-hm-disable
Description Disable configured port health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: port-hm-disable and port-hm are mutually exclusive
prompt-pw-change-before-exp
Description Prompt user to change password before expiration in N days. This option only takes effect when server type is AD (Prompt user to change password before expiration in N days, default is not to prompt the user)
Type: number
Range: 1-999
protocol
Description ‘ldap’: Use LDAP (default); ‘ldaps’: Use LDAP over SSL; ‘starttls’: Use LDAP StartTLS;
Type: string
Supported Values: ldap, ldaps, starttls
Default: ldap
pwdmaxage
Description Specify the LDAP server’s default password expiration time (in seconds) (The LDAP server’s default password expiration time (in seconds), default is 0 (no expiration))
Type: number
Range: 0-4294967295
Default: 0
sampling-enable
Type: Listsecret-string
Description secret password
Type: string
Format: password
Maximum Length: 128 characters
Maximum Length: 1 characters
timeout
Description Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds)
Type: number
Range: 1-255
Default: 10
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘admin-bind-success’: Admin Bind Success; ‘admin-bind-failure’: Admin Bind Failure; ‘bind-success’: User Bind Success; ‘bind-failure’: User Bind Failure; ‘search-success’: Search Success; ‘search-failure’: Search Failure; ‘authorize-success’: Authorization Success; ‘authorize-failure’: Authorization Failure; ‘timeout-error’: Timeout; ‘other-error’: Other Error; ‘request’: Request; ‘ssl-session-created’: TLS/SSL Session Created; ‘ssl-session-failure’: TLS/SSL Session Failure; ‘pw_expiry’: Password expiry; ‘pw_change_success’: Password change success; ‘pw_change_failure’: Password change failure;
Type: string
Supported Values: all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, ssl-session-created, ssl-session-failure, pw_expiry, pw_change_success, pw_change_failure
derive-bind-dn¶
Specification Type object username-attr
Description Specify attribute name of username
Type: string
Format: string-rlx
Maximum Length: 31 characters
Maximum Length: 1 characters
host¶
Specification Type object hostip
Description Server’s hostname(Length 1-31) or IP address
Type: string
Format: host
Maximum Length: 31 characters
Maximum Length: 1 characters
Mutual Exclusion: hostip and hostipv6 are mutually exclusive
hostipv6
Description Server’s IPV6 address
Type: string
Format: ipv6-address
Mutual Exclusion: hostipv6 and hostip are mutually exclusive
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| bind-failure | 8 | User Bind Failure | |
| authorize-failure | 8 | Authorization Failure | |
| ssl-session-failure | 8 | TLS/SSL Session Failure | |
| admin-bind-failure | 8 | Admin Bind Failure | |
| authorize-success | 8 | Authorization Success | |
| pw_change_success | 8 | Password change success | |
| timeout-error | 8 | Timeout | |
| request | 8 | Request | |
| pw_expiry | 8 | Password expiry | |
| admin-bind-success | 8 | Admin Bind Success | |
| search-success | 8 | Search Success | |
| other-error | 8 | Other Error | |
| ssl-session-created | 8 | TLS/SSL Session Created | |
| pw_change_failure | 8 | Password change failure | |
| bind-success | 8 | User Bind Success | |
| search-failure | 8 | Search Failure |