.. _aam_authentication_server_ldap_instance: aam authentication server ldap instance ======================================= LDAP Authentication Server instance Specification ---------------------- ===================================== ======================================================================================= **Parameter** **Value** ===================================== ======================================================================================= **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`81_instance_list` **Collection URI** /axapi/v3/aam/authentication/server/ldap/instance **Element Name** instance **Element URI** /axapi/v3/aam/authentication/server/ldap/instance/{name} **Element Attributes** instance_attributes **Partition Visibility** shared **Statistics Data URI** /axapi/v3/aam/authentication/server/ldap/instance/{name}/stats **Schema** :download:`instance schema ` ===================================== ======================================================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance .. raw:: html :ref:`81_instance_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance .. raw:: html :ref:`81_instance_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance/{name} .. raw:: html :ref:`81_instance_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance .. raw:: html :ref:`81_instance_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance/{name} .. raw:: html :ref:`81_instance_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance/{name} .. raw:: html :ref:`81_instance_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance .. raw:: html :ref:`81_instance_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/aam/authentication/server/ldap/instance/{name} .. raw:: html :ref:`81_instance_attributes` .. raw:: html
.. _81_instance_list: instance-list ------------- instance-list is **JSON List** of :ref:`81_instance_attributes` instance-list : [ { :ref:`81_instance_attributes` }, { :ref:`81_instance_attributes` }, ... ] .. _81_instance_attributes: instance attributes ------------------- **admin-dn** **Description** The LDAP server's admin DN **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **admin-secret** **Description** Specify the LDAP server's admin secret password **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-type** **Description** 'ad': Active Directory. Default; 'open-ldap': OpenLDAP; **Type:** string **Supported Values:** ad, open-ldap **base** **Description** Specify the LDAP server's search base **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **bind-with-dn** **Description** Enforce using DN for LDAP binding(All user input name will be used to create DN) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ca-cert** **Description** Specify the LDAPS CA cert filename (Trusted LDAPS CA cert filename) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **default-domain** **Description** Specify default domain for LDAP **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **derive-bind-dn** **Description:** derive-bind-dn is a **JSON Block**. Please see below for :ref:`81_derive-bind-dn` **Type:** Object **dn-attribute** **Description** Specify Distinguished Name attribute, default is CN **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Default:** cn **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **health-check** **Description** Check server's health status **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **health-check-string** **Description** Health monitor name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/health/monitor ` **host** **Description:** host is a **JSON Block**. Please see below for :ref:`81_host` **Type:** Object **ldaps-conn-reuse-idle-timeout** **Description** Specify LDAPS connection reuse idle timeout value (in seconds) (Specify idle timeout value (in seconds), default is 0 (not reuse LDAPS connection)) **Type:** number **Range:** 0-86400 **Default:** 0 **name** **Description** Specify LDAP authentication server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-ldap-inst-tmpl ` **port** **Description** Specify the LDAP server's authentication port, default is 389 **Type:** number **Range:** 1-65534 **Default:** 389 **port-hm** **Description** Check port's health status **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** port-hm and port-hm-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **port-hm-disable** **Description** Disable configured port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** port-hm-disable and port-hm are mutually exclusive **prompt-pw-change-before-exp** **Description** Prompt user to change password before expiration in N days. This option only takes effect when server type is AD (Prompt user to change password before expiration in N days, default is not to prompt the user) **Type:** number **Range:** 1-999 **protocol** **Description** 'ldap': Use LDAP (default); 'ldaps': Use LDAP over SSL; 'starttls': Use LDAP StartTLS; **Type:** string **Supported Values:** ldap, ldaps, starttls **Default:** ldap **pwdmaxage** **Description** Specify the LDAP server's default password expiration time (in seconds) (The LDAP server's default password expiration time (in seconds), default is 0 (no expiration)) **Type:** number **Range:** 0-4294967295 **Default:** 0 **sampling-enable** **Type:** List **secret-string** **Description** secret password **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **timeout** **Description** Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds) **Type:** number **Range:** 1-255 **Default:** 10 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _81_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'admin-bind-success': Admin Bind Success; 'admin-bind-failure': Admin Bind Failure; 'bind-success': User Bind Success; 'bind-failure': User Bind Failure; 'search-success': Search Success; 'search-failure': Search Failure; 'authorize-success': Authorization Success; 'authorize-failure': Authorization Failure; 'timeout-error': Timeout; 'other-error': Other Error; 'request': Request; 'ssl-session-created': TLS/SSL Session Created; 'ssl-session-failure': TLS/SSL Session Failure; 'pw_expiry': Password expiry; 'pw_change_success': Password change success; 'pw_change_failure': Password change failure; **Type:** string **Supported Values:** all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, ssl-session-created, ssl-session-failure, pw_expiry, pw_change_success, pw_change_failure .. _81_derive-bind-dn: derive-bind-dn ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **username-attr** **Description** Specify attribute name of username **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters .. _81_host: host ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **hostip** **Description** Server's hostname(Length 1-31) or IP address **Type:** string **Format:** host **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Mutual Exclusion:** hostip and hostipv6 are mutually exclusive **hostipv6** **Description** Server's IPV6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** hostipv6 and hostip are mutually exclusive