Skip to content

Active Directory

Location in GUI: Administration » Identity Management » External Identity Sources » Active Directory

Diagram

Diagram

Classes

identity_management (ise)

Name	Type	Constraint	Mandatory	Default Value
active_directories	List	`[active_directories]`	No

active_directories (ise.identity_management)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[\w\d_\-\.]+$`	Yes
description	String		No
domain	String		Yes
ad_scopes_names	String		No	`Default_Scope`
ad_username	String		Yes
ad_password	String		Yes
enable_domain_allowed_list	Boolean	`true`, `false`	No	`true`
groups	List	String	No
attributes	List	`[attributes]`	No
rewrite_rules	List	`[rewrite_rules]`	No
enable_rewrites	Boolean	`true`, `false`	No	`false`
enable_pass_change	Boolean	`true`, `false`	No	`true`
enable_machine_auth	Boolean	`true`, `false`	No	`true`
enable_machine_access	Boolean	`true`, `false`	No	`true`
enable_dialin_permission_check	Boolean	`true`, `false`	No	`false`
plaintext_auth	Boolean	`true`, `false`	No	`false`
aging_time	Integer	min: `1`, max: `8760`	No	`5`
enable_callback_for_dialin_client	Boolean	`true`, `false`	No	`false`
identity_not_in_ad_behaviour	Choice	`REJECT`, `SEARCH_JOINED_FOREST`, `SEARCH_ALL`	No
unreachable_domains_behaviour	Choice	`PROCEED`, `DROP`	No
schema	Choice	`ACTIVE_DIRECTORY`, `CUSTOM`	No
first_name	String		No
department	String		No
last_name	String		No
organizational_unit	String		No
job_title	String		No
locality	String		No
email	String		No
state_or_province	String		No
telephone	String		No
country	String		No
street_address	String		No
enable_failed_auth_protection	Boolean	`true`, `false`	No	`false`
failed_auth_threshold	Integer	min: `1`	No	`5`
auth_protection_type	Choice	`WIRELESS`, `WIRED`, `BOTH`	No

attributes (ise.identity_management.active_directories)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[\w\d_\-\.]+$`	Yes
type	Choice	`STRING`, `IP`, `BOOLEAN`, `INT`, `OCTET_STRING`	Yes
internal_name	String		Yes
default_value	String		Yes

rewrite_rules (ise.identity_management.active_directories)

Name	Type	Constraint	Mandatory	Default Value
row_id	String		Yes
rewrite_match	String		Yes
rewrite_result	String		Yes

Examples

ise:
  identity_management:
    active_directories:
      - name: AD
        description: My AD join point
        domain: dcloud.cisco.com
        ad_scopes_names: Default_Scope
        ad_username: administrator
        ad_password: C1sco12345
        groups:
          - dcloud.cisco.com/Builtin/Users
          - dcloud.cisco.com/Builtin/HELPDESK

Location in GUI: Administration » Identity Management » External Identity Sources » Active Directory

Diagram

Diagram

Classes

identity_management (ise)

Name	Type	Constraint	Mandatory	Default Value
active_directories	List	`[active_directories]`	No

active_directories (ise.identity_management)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[\w\d_\-\.]+$`	Yes
description	String		No
domain	String		Yes
ad_scopes_names	String		No	`Default_Scope`
ad_username	String		Yes
ad_password	String		Yes
enable_domain_allowed_list	Boolean	`true`, `false`	No	`true`
groups	List	String	No
attributes	List	`[attributes]`	No
rewrite_rules	List	`[rewrite_rules]`	No
enable_rewrites	Boolean	`true`, `false`	No	`false`
enable_pass_change	Boolean	`true`, `false`	No	`true`
enable_machine_auth	Boolean	`true`, `false`	No	`true`
enable_machine_access	Boolean	`true`, `false`	No	`true`
enable_dialin_permission_check	Boolean	`true`, `false`	No	`false`
plaintext_auth	Boolean	`true`, `false`	No	`false`
aging_time	Integer	min: `1`, max: `8760`	No	`5`
enable_callback_for_dialin_client	Boolean	`true`, `false`	No	`false`
identity_not_in_ad_behaviour	Choice	`REJECT`, `SEARCH_JOINED_FOREST`, `SEARCH_ALL`	No
unreachable_domains_behaviour	Choice	`PROCEED`, `DROP`	No
schema	Choice	`ACTIVE_DIRECTORY`, `CUSTOM`	No
first_name	String		No
department	String		No
last_name	String		No
organizational_unit	String		No
job_title	String		No
locality	String		No
email	String		No
state_or_province	String		No
telephone	String		No
country	String		No
street_address	String		No
enable_failed_auth_protection	Boolean	`true`, `false`	No	`false`
failed_auth_threshold	Integer	min: `1`	No	`5`
auth_protection_type	Choice	`WIRELESS`, `WIRED`, `BOTH`	No

attributes (ise.identity_management.active_directories)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[\w\d_\-\.]+$`	Yes
type	Choice	`STRING`, `IP`, `BOOLEAN`, `INT`, `OCTET_STRING`	Yes
internal_name	String		Yes
default_value	String		Yes

rewrite_rules (ise.identity_management.active_directories)

Name	Type	Constraint	Mandatory	Default Value
row_id	String		Yes
rewrite_match	String		Yes
rewrite_result	String		Yes

Examples

ise:
  identity_management:
    active_directories:
      - name: AD
        description: My AD join point
        domain: dcloud.cisco.com
        ad_scopes_names: Default_Scope
        ad_username: administrator
        ad_password: C1sco12345
        groups:
          - dcloud.cisco.com/Builtin/Users
          - dcloud.cisco.com/Builtin/HELPDESK

Location in GUI: Administration » Identity Management » External Identity Sources » Active Directory

Diagram

Diagram

Classes

identity_management (ise)

Name	Type	Constraint	Mandatory	Default Value
active_directories	List	`[active_directories]`	No

active_directories (ise.identity_management)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[\w\d_\-\.]+$`	Yes
description	String		No
domain	String		Yes
ad_scopes_names	String		No	`Default_Scope`
ad_username	String		Yes
ad_password	String		Yes
enable_domain_allowed_list	Boolean	`true`, `false`	No	`true`
groups	List	String	No
attributes	List	`[attributes]`	No
rewrite_rules	List	`[rewrite_rules]`	No
enable_rewrites	Boolean	`true`, `false`	No	`false`
enable_pass_change	Boolean	`true`, `false`	No	`true`
enable_machine_auth	Boolean	`true`, `false`	No	`true`
enable_machine_access	Boolean	`true`, `false`	No	`true`
enable_dialin_permission_check	Boolean	`true`, `false`	No	`false`
plaintext_auth	Boolean	`true`, `false`	No	`false`
aging_time	Integer	min: `1`, max: `8760`	No	`5`
enable_callback_for_dialin_client	Boolean	`true`, `false`	No	`false`
identity_not_in_ad_behaviour	Choice	`REJECT`, `SEARCH_JOINED_FOREST`, `SEARCH_ALL`	No
unreachable_domains_behaviour	Choice	`PROCEED`, `DROP`	No
schema	Choice	`ACTIVE_DIRECTORY`, `CUSTOM`	No
first_name	String		No
department	String		No
last_name	String		No
organizational_unit	String		No
job_title	String		No
locality	String		No
email	String		No
state_or_province	String		No
telephone	String		No
country	String		No
street_address	String		No
enable_failed_auth_protection	Boolean	`true`, `false`	No	`false`
failed_auth_threshold	Integer	min: `1`	No	`5`
auth_protection_type	Choice	`WIRELESS`, `WIRED`, `BOTH`	No

attributes (ise.identity_management.active_directories)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[\w\d_\-\.]+$`	Yes
type	Choice	`STRING`, `IP`, `BOOLEAN`, `INT`, `OCTET_STRING`	Yes
internal_name	String		Yes
default_value	String		Yes

rewrite_rules (ise.identity_management.active_directories)

Name	Type	Constraint	Mandatory	Default Value
row_id	String		Yes
rewrite_match	String		Yes
rewrite_result	String		Yes

Examples

ise:
  identity_management:
    active_directories:
      - name: AD
        description: My AD join point
        domain: dcloud.cisco.com
        ad_scopes_names: Default_Scope
        ad_username: administrator
        ad_password: C1sco12345
        groups:
          - dcloud.cisco.com/Builtin/Users
          - dcloud.cisco.com/Builtin/HELPDESK