Skip to content
Network as Code

Active Directory

Location in GUI: Administration » Identity Management » External Identity Sources » Active Directory

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

identity_management (ise)

Section titled “identity_management (ise)”
NameTypeConstraintMandatoryDefault Value
active_directoriesList[active_directories]No

active_directories (ise.identity_management)

Section titled “active_directories (ise.identity_management)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[\w\d_\-\.]+$Yes
descriptionStringNo
domainStringYes
ad_scopes_namesStringNoDefault_Scope
ad_usernameStringYes
ad_passwordStringYes
enable_domain_allowed_listBooleantrue, falseNotrue
groupsListStringNo
attributesList[attributes]No
rewrite_rulesList[rewrite_rules]No
enable_rewritesBooleantrue, falseNofalse
enable_pass_changeBooleantrue, falseNotrue
enable_machine_authBooleantrue, falseNotrue
enable_machine_accessBooleantrue, falseNotrue
enable_dialin_permission_checkBooleantrue, falseNofalse
plaintext_authBooleantrue, falseNofalse
aging_timeIntegermin: 1, max: 8760No5
enable_callback_for_dialin_clientBooleantrue, falseNofalse
identity_not_in_ad_behaviourChoiceREJECT, SEARCH_JOINED_FOREST, SEARCH_ALLNo
unreachable_domains_behaviourChoicePROCEED, DROPNo
schemaChoiceACTIVE_DIRECTORY, CUSTOMNo
first_nameStringNo
departmentStringNo
last_nameStringNo
organizational_unitStringNo
job_titleStringNo
localityStringNo
emailStringNo
state_or_provinceStringNo
telephoneStringNo
countryStringNo
street_addressStringNo
enable_failed_auth_protectionBooleantrue, falseNofalse
failed_auth_thresholdIntegermin: 1No5
auth_protection_typeChoiceWIRELESS, WIRED, BOTHNo

attributes (ise.identity_management.active_directories)

Section titled “attributes (ise.identity_management.active_directories)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[\w\d_\-\.]+$Yes
typeChoiceSTRING, IP, BOOLEAN, INT, OCTET_STRINGYes
internal_nameStringYes
default_valueStringYes

rewrite_rules (ise.identity_management.active_directories)

Section titled “rewrite_rules (ise.identity_management.active_directories)”
NameTypeConstraintMandatoryDefault Value
row_idStringYes
rewrite_matchStringYes
rewrite_resultStringYes

Examples

Section titled “Examples”
ise:
  identity_management:
    active_directories:
      - name: AD
        description: My AD join point
        domain: dcloud.cisco.com
        ad_scopes_names: Default_Scope
        ad_username: administrator
        ad_password: C1sco12345
        groups:
          - dcloud.cisco.com/Builtin/Users
          - dcloud.cisco.com/Builtin/HELPDESK