APIRef_tm_ltm_auth_ldap¶
mgmt/tm/ltm/auth/ldap
LDAP configuration for remote LDAP client authentication
REST Endpoints
- Collection URI
/mgmt/tm/ltm/auth/ldap
- Collection Methods
OPTIONS, GET
- Resource URI
/mgmt/tm/ltm/auth/ldap/~resource id
- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
- Resource Natural Key
name, partition, subPath
Properties
Name | Type | Default Value | Required | Access | Description |
---|---|---|---|---|---|
appService |
string | optional | read/write | The application service that the object belongs to. | |
bindDn |
string | optional | read/write | Specifies the distinguished name of an account to which to bind, in order to perform searches. This search account is a read-only account used to do searches. The admin account can be used as the search account. If no admin DN is specified, then no bind is attempted. This option is only required when a site does not allow anonymous searches. If the remote server is a Microsoft Windows Active Directory server, the distinguished name must be in the form of an email address. | |
bindPw |
string | optional | read/write | Specifies the password for the search account created on the LDAP server. This option is required if you use a bind DN. | |
bindTimeout |
integer | 30 | optional | read/write | Specifies a bind timeout limit, in seconds. The default value is 30 seconds. |
checkHostAttr |
string | disabled | optional | read/write | Confirms the password for the bind distinguished name. This option is optional. The default value is disabled. |
checkRolesGroup |
string | disabled | optional | read/write | Specifies whether to verify a user’s group membership given in the remote-role definitions, formatted as “*member*of=<group-dn>”. |
debug |
string | disabled | optional | read/write | Enables or disables syslog-ng debugging information at LOG DEBUG level. The default value is disabled. F5 Networks does not recommend using this option for a normal configuration. |
description |
string | optional | read/write | User defined description. | |
filter |
string | optional | read/write | Specifies a filter. Use this option for authorizing client traffic. | |
groupDn |
string | optional | read/write | Specifies the group distinguished name. The system uses this option for authorizing client traffic. | |
groupMemberAttribute |
string | optional | read/write | Specifies a group member attribute. The system uses this option for authorizing client traffic. | |
idleTimeout |
integer | 3600 | optional | read/write | Specifies the idle timeout, in seconds, for connections. The default value is 3600 seconds. |
ignoreAuthInfoUnavail |
string | no | optional | read/write | Specifies whether the system ignores authentication information if it is not available. The default value is disabled. |
ignoreUnknownUser |
string | disabled | optional | read/write | Specifies whether the system ignores an unknown user. The default value is disabled. |
loginAttribute |
string | optional | read/write | Specifies a logon attribute. Normally, the value of this option is uid; however, if the server is a Microsoft Windows Active Directory server, the value must be the account name samaccountname (not case-sensitive). | |
tmPartition |
string | Common | optional | read/write | Displays the partition within which the server resides. |
port |
integer | 389 | optional | read/write | Specifies the port name or number for the LDAP service. Port 389 is typically used for non-SSL and port 636 is used for an SSL-enabled LDAP service. |
scope |
string | sub | optional | read/write | Specifies the search scope. The default value is sub. |
searchBaseDn |
string | optional | read/write | Specifies the search base distinguished name. The default value is none. | |
searchTimeout |
integer | 30 | optional | read/write | Specifies the search timeout, in seconds. The default value is 30 seconds. |
servers |
string | required | read/write | Specifies the LDAP servers that the system must use to obtain authentication information. You must specify a server when you create an LDAP configuration object. | |
ssl |
string | disabled | optional | read/write | Enables or disables SSL. The default value is disabled. Note that when you use the command line interface to enable SSL for an LDAP service, the system does not change the service port number from 389 to 636, as is required. To change the port number from the command line, use the service option for this component, for example, ldap name ssl enabled service 636. |
sslCaCertFile |
string | optional | read/write | Specifies the name of an SSL CA certificate. The default value is none. | |
sslCheckPeer |
string | disabled | optional | read/write | Specifies that the system checks an SSL peer. The default value is disabled. |
sslCiphers |
string | optional | read/write | Specifies SSL ciphers.The default value is none. | |
sslClientCert |
string | optional | read/write | Specifies the name of a SSL client certificate. The default value is none. | |
sslClientKey |
string | optional | read/write | Specifies the name of a SSL client key. The default value is none. | |
userTemplate |
string | optional | read/write | Specifies a user template for the LDAP application to use for authentication. The default value is none. | |
version |
integer | 3 | optional | read/write | Specifies the version number of the LDAP application. The default value is 3. |
warnings |
string | enabled | optional | read/write | Enables or disables warning messages. The default value is enabled. |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.