.. _aam_authentication_server_ldap: aam authentication server ldap ============================== LDAP Authentication Server ldap Specification ------------------ ===================================== ======================================================================= **Parameter** **Value** ===================================== ======================================================================= **Type** *Configuration Resource* **Element Name** ldap **Element URI** /axapi/v3/aam/authentication/server/ldap **Element Attributes** ldap_attributes **Partition Visibility** shared **Statistics Data URI** /axapi/v3/aam/authentication/server/ldap/stats **Operational Data URI** /axapi/v3/aam/authentication/server/ldap/oper **Schema** :download:`ldap schema ` ===================================== ======================================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authentication/server/ldap .. raw:: html :ref:`84_ldap_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/aam/authentication/server/ldap .. raw:: html :ref:`84_ldap_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authentication/server/ldap .. raw:: html :ref:`84_ldap_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/aam/authentication/server/ldap .. raw:: html :ref:`84_ldap_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/aam/authentication/server/ldap .. raw:: html :ref:`84_ldap_attributes` .. raw:: html
.. _84_ldap_attributes: ldap attributes --------------- **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap/instance/{name} ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _84_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'admin-bind-success': Total Admin Bind Success; 'admin-bind-failure': Total Admin Bind Failure; 'bind-success': Total User Bind Success; 'bind-failure': Total User Bind Failure; 'search-success': Total Search Success; 'search-failure': Total Search Failure; 'authorize-success': Total Authorization Success; 'authorize-failure': Total Authorization Failure; 'timeout-error': Total Timeout; 'other-error': Total Other Error; 'request': Total Request; 'request-normal': Total Normal Request; 'request-dropped': Total Dropped Request; 'response-success': Total Success Response; 'response-failure': Total Failure Response; 'response-error': Total Error Response; 'response-timeout': Total Timeout Response; 'response-other': Total Other Response; 'job-start-error': Total Job Start Error; 'polling-control-error': Total Polling Control Error; 'ssl-session-created': TLS/SSL Session Created; 'ssl-session-failure': TLS/SSL Session Failure; 'ldaps-idle-conn-num': LDAPS Idle Connection Number; 'ldaps-inuse-conn-num': LDAPS In-use Connection Number; 'pw-expiry': Total Password expiry; 'pw-change-success': Total password change success; 'pw-change-failure': Total password change failure; **Type:** string **Supported Values:** all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error, ssl-session-created, ssl-session-failure, ldaps-idle-conn-num, ldaps-inuse-conn-num, pw-expiry, pw-change-success, pw-change-failure .. _84_instance-list: instance-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **admin-dn** **Description** The LDAP server's admin DN **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **admin-secret** **Description** Specify the LDAP server's admin secret password **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-type** **Description** 'ad': Active Directory. Default; 'open-ldap': OpenLDAP; **Type:** string **Supported Values:** ad, open-ldap **base** **Description** Specify the LDAP server's search base **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **bind-with-dn** **Description** Enforce using DN for LDAP binding(All user input name will be used to create DN) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ca-cert** **Description** Specify the LDAPS CA cert filename (Trusted LDAPS CA cert filename) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **default-domain** **Description** Specify default domain for LDAP **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **derive-bind-dn** **Description:** derive-bind-dn is a **JSON Block**. Please see below for :ref:`84_instance-list_derive-bind-dn` **Type:** Object **dn-attribute** **Description** Specify Distinguished Name attribute, default is CN **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Default:** cn **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **health-check** **Description** Check server's health status **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **health-check-string** **Description** Health monitor name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/health/monitor ` **host** **Description:** host is a **JSON Block**. Please see below for :ref:`84_instance-list_host` **Type:** Object **ldaps-conn-reuse-idle-timeout** **Description** Specify LDAPS connection reuse idle timeout value (in seconds) (Specify idle timeout value (in seconds), default is 0 (not reuse LDAPS connection)) **Type:** number **Range:** 0-86400 **Default:** 0 **name** **Description** Specify LDAP authentication server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-ldap-inst-tmpl ` **port** **Description** Specify the LDAP server's authentication port, default is 389 **Type:** number **Range:** 1-65534 **Default:** 389 **port-hm** **Description** Check port's health status **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** port-hm and port-hm-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **port-hm-disable** **Description** Disable configured port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** port-hm-disable and port-hm are mutually exclusive **prompt-pw-change-before-exp** **Description** Prompt user to change password before expiration in N days. This option only takes effect when server type is AD (Prompt user to change password before expiration in N days, default is not to prompt the user) **Type:** number **Range:** 1-999 **protocol** **Description** 'ldap': Use LDAP (default); 'ldaps': Use LDAP over SSL; 'starttls': Use LDAP StartTLS; **Type:** string **Supported Values:** ldap, ldaps, starttls **Default:** ldap **pwdmaxage** **Description** Specify the LDAP server's default password expiration time (in seconds) (The LDAP server's default password expiration time (in seconds), default is 0 (no expiration)) **Type:** number **Range:** 0-4294967295 **Default:** 0 **sampling-enable** **Type:** List **secret-string** **Description** secret password **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **timeout** **Description** Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds) **Type:** number **Range:** 1-255 **Default:** 10 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _84_instance-list_sampling-enable: instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'admin-bind-success': Admin Bind Success; 'admin-bind-failure': Admin Bind Failure; 'bind-success': User Bind Success; 'bind-failure': User Bind Failure; 'search-success': Search Success; 'search-failure': Search Failure; 'authorize-success': Authorization Success; 'authorize-failure': Authorization Failure; 'timeout-error': Timeout; 'other-error': Other Error; 'request': Request; 'ssl-session-created': TLS/SSL Session Created; 'ssl-session-failure': TLS/SSL Session Failure; 'pw_expiry': Password expiry; 'pw_change_success': Password change success; 'pw_change_failure': Password change failure; **Type:** string **Supported Values:** all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, ssl-session-created, ssl-session-failure, pw_expiry, pw_change_success, pw_change_failure .. _84_instance-list_derive-bind-dn: instance-list_derive-bind-dn ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **username-attr** **Description** Specify attribute name of username **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters .. _84_instance-list_host: instance-list_host ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **hostip** **Description** Server's hostname(Length 1-31) or IP address **Type:** string **Format:** host **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Mutual Exclusion:** hostip and hostipv6 are mutually exclusive **hostipv6** **Description** Server's IPV6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** hostipv6 and hostip are mutually exclusive