Skip to main content

LDAP

Location in GUI: Admin » AAA » Authentication » LDAP

Diagram

Classes

aaa (apic.fabric_policies)

NameTypeConstraintMandatoryDefault Value
ldapClass[ldap]No

ldap (apic.fabric_policies.aaa)

NameTypeConstraintMandatoryDefault Value
providersList[providers]No
group_map_rulesList[group_map_rules]No
group_mapsList[group_maps]No

providers (apic.fabric_policies.aaa.ldap)

NameTypeConstraintMandatoryDefault Value
hostname_ipAnyString[Regex: ^[a-zA-Z0-9:][a-zA-Z0-9.:-]{0,254}$] or IPYes
descriptionStringRegex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$No
portIntegermin: 0, max: 65535No389
bind_dnStringNo
base_dnStringNo
passwordStringNo
timeoutIntegermin: 5, max: 60No30
retriesIntegermin: 0, max: 5No1
enable_sslBooleantrue, falseNofalse
filterStringNo
attributeStringNo
ssl_validation_levelChoicepermissive, strictNostrict
mgmt_epgChoiceinb, oobNoinb
server_monitoringBooleantrue, falseNofalse
monitoring_usernameStringRegex: ^[a-zA-Z0-9][a-zA-Z0-9_.@-]{0,31}$Nodefault
monitoring_passwordStringNo
expected_stateClass[expected_state]No

group_map_rules (apic.fabric_policies.aaa.ldap)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
descriptionStringRegex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$No
group_dnStringNo
security_domainsList[security_domains]No

group_maps (apic.fabric_policies.aaa.ldap)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes
rulesList[rules]No

expected_state (apic.fabric_policies.aaa.ldap.providers)

NameTypeConstraintMandatoryDefault Value
minimum_healthIntegermin: 0, max: 100No
maximum_critical_faultsIntegermin: 0No
maximum_major_faultsIntegermin: 0No
maximum_minor_faultsIntegermin: 0No

security_domains (apic.fabric_policies.aaa.ldap.group_map_rules)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,31}$Yes
rolesList[roles]No

rules (apic.fabric_policies.aaa.ldap.group_maps)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.:-]{1,64}$Yes

roles (apic.fabric_policies.aaa.ldap.group_map_rules.security_domains)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.-]{1,31}$Yes
privilege_typeChoicewrite, readNowrite

Examples

Simple example:

apic:
  fabric_policies:
    aaa:
      ldap:
        providers:
          - hostname_ip: 2.2.2.2
            bind_dn: CN=testuser,OU=Employees,DC=example,DC=com
            base_dn: OU=Employees,DC=example,DC=com
            password: test@1234
            attribute: memberOf
        group_map_rules:
          - name: test-users-rules
            group_dn: CN=test-users,DC=example,DC=com
            security_domains:
              - name: all
                roles:
                  - name: admin
        group_maps:
          - name: test-users-map
            rules:
              - name: test-users-rules

Full example:

apic:
  fabric_policies:
    aaa:
      ldap:
        providers:
          - hostname_ip: 2.2.2.2
            description: descr
            port: 3389
            bind_dn: CN=testuser,OU=Employees,DC=example,DC=com
            base_dn: OU=Employees,DC=example,DC=com
            password: test@1234
            timeout: 10
            retries: 4
            enable_ssl: true 
            filter: cn=$userid
            attribute: memberOf
            ssl_validation_level: permissive
            mgmt_epg: oob
            server_monitoring: true 
            monitoring_username: user1
            monitoring_password: pass1
          - hostname_ip: 2.2.2.3
        group_map_rules:
          - name: test-users-rules
            description: descr
            group_dn: CN=test-users,DC=example,DC=com
            security_domains:
              - name: all
                roles:
                  - name: admin
                    privilege_type: write
              - name: common
        group_maps:
          - name: test-users-map
            rules:
              - name: test-users-rules