LDAP

Location in GUI: Admin » AAA » Authentication » LDAP

Diagram

Classes

aaa (apic.fabric_policies)

Name	Type	Constraint	Mandatory	Default Value
ldap	Class	`[ldap]`	No

ldap (apic.fabric_policies.aaa)

Name	Type	Constraint	Mandatory
providers	List	`[providers]`	No
group_map_rules	List	`[group_map_rules]`	No
group_maps	List	`[group_maps]`	No

providers (apic.fabric_policies.aaa.ldap)

Name	Type	Constraint	Mandatory	Default Value
hostname_ip	Any	String[Regex: `^[a-zA-Z0-9:][a-zA-Z0-9.:-]{0,254}$`] or IP	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
port	Integer	min: `0`, max: `65535`	No	`389`
bind_dn	String		No
base_dn	String		No
password	String		No
timeout	Integer	min: `5`, max: `60`	No	`30`
retries	Integer	min: `0`, max: `5`	No	`1`
enable_ssl	Boolean	`true`, `false`	No	`false`
filter	String		No
attribute	String		No
ssl_validation_level	Choice	`permissive`, `strict`	No	`strict`
mgmt_epg	Choice	`inb`, `oob`	No	`inb`
server_monitoring	Boolean	`true`, `false`	No	`false`
monitoring_username	String	Regex: `^[a-zA-Z0-9][a-zA-Z0-9_.@-]{0,31}$`	No	`default`
monitoring_password	String		No

group_map_rules (apic.fabric_policies.aaa.ldap)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
group_dn	String		No
security_domains	List	`[security_domains]`	No

group_maps (apic.fabric_policies.aaa.ldap)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
rules	List	`[rules]`	No

security_domains (apic.fabric_policies.aaa.ldap.group_map_rules)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,31}$`	Yes
roles	List	`[roles]`	No

rules (apic.fabric_policies.aaa.ldap.group_maps)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes

roles (apic.fabric_policies.aaa.ldap.group_map_rules.security_domains)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.-]{1,31}$`	Yes
privilege_type	Choice	`write`, `read`	No	`write`

Examples

Simple example:

apic:
  fabric_policies:
    aaa:
      ldap:
        providers:
          - hostname_ip: 2.2.2.2
            bind_dn: CN=testuser,OU=Employees,DC=example,DC=com
            base_dn: OU=Employees,DC=example,DC=com
            password: test@1234
            attribute: memberOf
        group_map_rules:
          - name: test-users-rules
            group_dn: CN=test-users,DC=example,DC=com
            security_domains:
              - name: all
                roles:
                  - name: admin
        group_maps:
          - name: test-users-map
            rules:
              - name: test-users-rules

Full example:

apic:
  fabric_policies:
    aaa:
      ldap:
        providers:
          - hostname_ip: 2.2.2.2
            description: descr
            port: 3389
            bind_dn: CN=testuser,OU=Employees,DC=example,DC=com
            base_dn: OU=Employees,DC=example,DC=com
            password: test@1234
            timeout: 10
            retries: 4
            enable_ssl: true
            filter: cn=$userid
            attribute: memberOf
            ssl_validation_level: permissive
            mgmt_epg: oob
            server_monitoring: true
            monitoring_username: user1
            monitoring_password: pass1
          - hostname_ip: 2.2.2.3
        group_map_rules:
          - name: test-users-rules
            description: descr
            group_dn: CN=test-users,DC=example,DC=com
            security_domains:
              - name: all
                roles:
                  - name: admin
                    privilege_type: write
              - name: common
        group_maps:
          - name: test-users-map
            rules:
              - name: test-users-rules