LDAP
Location in GUI: Admin » AAA » Authentication » LDAP
Diagram
Classes
aaa (apic.fabric_policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ldap | Class | [ldap] | No |
ldap (apic.fabric_policies.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| providers | List | [providers] | No | |
| group_map_rules | List | [group_map_rules] | No | |
| group_maps | List | [group_maps] | No |
providers (apic.fabric_policies.aaa.ldap)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hostname_ip | Any | String[Regex: ^[a-zA-Z0-9:][a-zA-Z0-9.:-]{0,254}$] or IP | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| port | Integer | min: 0, max: 65535 | No | 389 |
| bind_dn | String | No | ||
| base_dn | String | No | ||
| password | String | No | ||
| timeout | Integer | min: 5, max: 60 | No | 30 |
| retries | Integer | min: 0, max: 5 | No | 1 |
| enable_ssl | Boolean | true, false | No | false |
| filter | String | No | ||
| attribute | String | No | ||
| ssl_validation_level | Choice | permissive, strict | No | strict |
| mgmt_epg | Choice | inb, oob | No | inb |
| server_monitoring | Boolean | true, false | No | false |
| monitoring_username | String | Regex: ^[a-zA-Z0-9][a-zA-Z0-9_.@-]{0,31}$ | No | default |
| monitoring_password | String | No |
group_map_rules (apic.fabric_policies.aaa.ldap)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| group_dn | String | No | ||
| security_domains | List | [security_domains] | No |
group_maps (apic.fabric_policies.aaa.ldap)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| rules | List | [rules] | No |
security_domains (apic.fabric_policies.aaa.ldap.group_map_rules)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,31}$ | Yes | |
| roles | List | [roles] | No |
rules (apic.fabric_policies.aaa.ldap.group_maps)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
roles (apic.fabric_policies.aaa.ldap.group_map_rules.security_domains)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.-]{1,31}$ | Yes | |
| privilege_type | Choice | write, read | No | write |
Examples
Simple example:
apic: fabric_policies: aaa: ldap: providers: - hostname_ip: 2.2.2.2 bind_dn: CN=testuser,OU=Employees,DC=example,DC=com base_dn: OU=Employees,DC=example,DC=com password: test@1234 attribute: memberOf group_map_rules: - name: test-users-rules group_dn: CN=test-users,DC=example,DC=com security_domains: - name: all roles: - name: admin group_maps: - name: test-users-map rules: - name: test-users-rulesFull example:
apic: fabric_policies: aaa: ldap: providers: - hostname_ip: 2.2.2.2 description: descr port: 3389 bind_dn: CN=testuser,OU=Employees,DC=example,DC=com base_dn: OU=Employees,DC=example,DC=com password: test@1234 timeout: 10 retries: 4 enable_ssl: true filter: cn=$userid attribute: memberOf ssl_validation_level: permissive mgmt_epg: oob server_monitoring: true monitoring_username: user1 monitoring_password: pass1 - hostname_ip: 2.2.2.3 group_map_rules: - name: test-users-rules description: descr group_dn: CN=test-users,DC=example,DC=com security_domains: - name: all roles: - name: admin privilege_type: write - name: common group_maps: - name: test-users-map rules: - name: test-users-rules