Active Directory
Location in GUI: Administration » Identity Management » External Identity Sources » Active Directory
Diagram
Section titled “Diagram”Classes
Section titled “Classes”identity_management (ise)
Section titled “identity_management (ise)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| active_directories | List | [active_directories] | No |
active_directories (ise.identity_management)
Section titled “active_directories (ise.identity_management)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | Yes | |
| description | String | No | ||
| domain | String | Yes | ||
| ad_scopes_names | String | No | Default_Scope | |
| ad_username | String | Yes | ||
| ad_password | String | Yes | ||
| enable_domain_allowed_list | Boolean | true, false | No | true |
| groups | List | String | No | |
| attributes | List | [attributes] | No | |
| rewrite_rules | List | [rewrite_rules] | No | |
| enable_rewrites | Boolean | true, false | No | false |
| enable_pass_change | Boolean | true, false | No | true |
| enable_machine_auth | Boolean | true, false | No | true |
| enable_machine_access | Boolean | true, false | No | true |
| enable_dialin_permission_check | Boolean | true, false | No | false |
| plaintext_auth | Boolean | true, false | No | false |
| aging_time | Integer | min: 1, max: 8760 | No | 5 |
| enable_callback_for_dialin_client | Boolean | true, false | No | false |
| identity_not_in_ad_behaviour | Choice | REJECT, SEARCH_JOINED_FOREST, SEARCH_ALL | No | |
| unreachable_domains_behaviour | Choice | PROCEED, DROP | No | |
| schema | Choice | ACTIVE_DIRECTORY, CUSTOM | No | |
| first_name | String | No | ||
| department | String | No | ||
| last_name | String | No | ||
| organizational_unit | String | No | ||
| job_title | String | No | ||
| locality | String | No | ||
| String | No | |||
| state_or_province | String | No | ||
| telephone | String | No | ||
| country | String | No | ||
| street_address | String | No | ||
| enable_failed_auth_protection | Boolean | true, false | No | false |
| failed_auth_threshold | Integer | min: 1 | No | 5 |
| auth_protection_type | Choice | WIRELESS, WIRED, BOTH | No |
attributes (ise.identity_management.active_directories)
Section titled “attributes (ise.identity_management.active_directories)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[\w\d_\-\.]+$ | Yes | |
| type | Choice | STRING, IP, BOOLEAN, INT, OCTET_STRING | Yes | |
| internal_name | String | Yes | ||
| default_value | String | Yes |
rewrite_rules (ise.identity_management.active_directories)
Section titled “rewrite_rules (ise.identity_management.active_directories)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| row_id | String | Yes | ||
| rewrite_match | String | Yes | ||
| rewrite_result | String | Yes |
Examples
Section titled “Examples”ise: identity_management: active_directories: - name: AD description: My AD join point domain: dcloud.cisco.com ad_scopes_names: Default_Scope ad_username: administrator ad_password: C1sco12345 groups: - dcloud.cisco.com/Builtin/Users - dcloud.cisco.com/Builtin/HELPDESK