LDAP
Location in GUI: Admin
» AAA
» Authentication
» LDAP
Diagram
Classes
aaa (apic.fabric_policies)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ldap | Class | [ldap] | No |
ldap (apic.fabric_policies.aaa)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
providers | List | [providers] | No | |
group_map_rules | List | [group_map_rules] | No | |
group_maps | List | [group_maps] | No |
providers (apic.fabric_policies.aaa.ldap)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
hostname_ip | Any | String[Regex: ^[a-zA-Z0-9:][a-zA-Z0-9.:-]{0,254}$ ] or IP | Yes | |
description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
port | Integer | min: 0 , max: 65535 | No | 389 |
bind_dn | String | No | ||
base_dn | String | No | ||
password | String | No | ||
timeout | Integer | min: 5 , max: 60 | No | 30 |
retries | Integer | min: 0 , max: 5 | No | 1 |
enable_ssl | Boolean | true , false | No | false |
filter | String | No | ||
attribute | String | No | ||
ssl_validation_level | Choice | permissive , strict | No | strict |
mgmt_epg | Choice | inb , oob | No | inb |
server_monitoring | Boolean | true , false | No | false |
monitoring_username | String | Regex: ^[a-zA-Z0-9][a-zA-Z0-9_.@-]{0,31}$ | No | default |
monitoring_password | String | No |
group_map_rules (apic.fabric_policies.aaa.ldap)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
group_dn | String | No | ||
security_domains | List | [security_domains] | No |
group_maps (apic.fabric_policies.aaa.ldap)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
rules | List | [rules] | No |
security_domains (apic.fabric_policies.aaa.ldap.group_map_rules)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.:-]{1,31}$ | Yes | |
roles | List | [roles] | No |
rules (apic.fabric_policies.aaa.ldap.group_maps)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
roles (apic.fabric_policies.aaa.ldap.group_map_rules.security_domains)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.-]{1,31}$ | Yes | |
privilege_type | Choice | write , read | No | write |
Examples
Simple example:
apic: fabric_policies: aaa: ldap: providers: - hostname_ip: 2.2.2.2 bind_dn: CN=testuser,OU=Employees,DC=example,DC=com base_dn: OU=Employees,DC=example,DC=com password: test@1234 attribute: memberOf group_map_rules: - name: test-users-rules group_dn: CN=test-users,DC=example,DC=com security_domains: - name: all roles: - name: admin group_maps: - name: test-users-map rules: - name: test-users-rules
Full example:
apic: fabric_policies: aaa: ldap: providers: - hostname_ip: 2.2.2.2 description: descr port: 3389 bind_dn: CN=testuser,OU=Employees,DC=example,DC=com base_dn: OU=Employees,DC=example,DC=com password: test@1234 timeout: 10 retries: 4 enable_ssl: true filter: cn=$userid attribute: memberOf ssl_validation_level: permissive mgmt_epg: oob server_monitoring: true monitoring_username: user1 monitoring_password: pass1 - hostname_ip: 2.2.2.3 group_map_rules: - name: test-users-rules description: descr group_dn: CN=test-users,DC=example,DC=com security_domains: - name: all roles: - name: admin privilege_type: write - name: common group_maps: - name: test-users-map rules: - name: test-users-rules