Active Directory
Location in GUI: Administration
» Identity Management
» External Identity Sources
» Active Directory
Diagram
Section titled “Diagram”Classes
Section titled “Classes”identity_management (ise)
Section titled “identity_management (ise)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
active_directories | List | [active_directories] | No |
active_directories (ise.identity_management)
Section titled “active_directories (ise.identity_management)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[\w\d_\-\.]+$ | Yes | |
description | String | No | ||
domain | String | Yes | ||
ad_scopes_names | String | No | Default_Scope | |
ad_username | String | Yes | ||
ad_password | String | Yes | ||
enable_domain_allowed_list | Boolean | true , false | No | true |
groups | List | String | No | |
attributes | List | [attributes] | No | |
rewrite_rules | List | [rewrite_rules] | No | |
enable_rewrites | Boolean | true , false | No | false |
enable_pass_change | Boolean | true , false | No | true |
enable_machine_auth | Boolean | true , false | No | true |
enable_machine_access | Boolean | true , false | No | true |
enable_dialin_permission_check | Boolean | true , false | No | false |
plaintext_auth | Boolean | true , false | No | false |
aging_time | Integer | min: 1 , max: 8760 | No | 5 |
enable_callback_for_dialin_client | Boolean | true , false | No | false |
identity_not_in_ad_behaviour | Choice | REJECT , SEARCH_JOINED_FOREST , SEARCH_ALL | No | |
unreachable_domains_behaviour | Choice | PROCEED , DROP | No | |
schema | Choice | ACTIVE_DIRECTORY , CUSTOM | No | |
first_name | String | No | ||
department | String | No | ||
last_name | String | No | ||
organizational_unit | String | No | ||
job_title | String | No | ||
locality | String | No | ||
String | No | |||
state_or_province | String | No | ||
telephone | String | No | ||
country | String | No | ||
street_address | String | No | ||
enable_failed_auth_protection | Boolean | true , false | No | false |
failed_auth_threshold | Integer | min: 1 | No | 5 |
auth_protection_type | Choice | WIRELESS , WIRED , BOTH | No |
attributes (ise.identity_management.active_directories)
Section titled “attributes (ise.identity_management.active_directories)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[\w\d_\-\.]+$ | Yes | |
type | Choice | STRING , IP , BOOLEAN , INT , OCTET_STRING | Yes | |
internal_name | String | Yes | ||
default_value | String | Yes |
rewrite_rules (ise.identity_management.active_directories)
Section titled “rewrite_rules (ise.identity_management.active_directories)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
row_id | String | Yes | ||
rewrite_match | String | Yes | ||
rewrite_result | String | Yes |
Examples
Section titled “Examples”ise: identity_management: active_directories: - name: AD description: My AD join point domain: dcloud.cisco.com ad_scopes_names: Default_Scope ad_username: administrator ad_password: C1sco12345 groups: - dcloud.cisco.com/Builtin/Users - dcloud.cisco.com/Builtin/HELPDESK