APIRef_tm_ltm_auth_ssl-cc-ldap¶
mgmt/tm/ltm/auth/ssl-cc-ldap
SSL client certificate configuration, for use with remote SSL-based LDAP authorization
REST Endpoints
- Collection URI
/mgmt/tm/ltm/auth/ssl-cc-ldap- Collection Methods
OPTIONS, GET- Resource URI
/mgmt/tm/ltm/auth/ssl-cc-ldap/~resource id- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST- Resource Natural Key
name, partition, subPath
Properties
| Name | Type | Default Value | Required | Access | Description |
|---|---|---|---|---|---|
adminDn |
string | optional | read/write | Specifies the distinguished name of an account to which to bind, in order to perform searches. This search account is a read-only account used to do searches. The admin account can also be used as the search account. If no admin DN is specified, then no bind is attempted. This parameter is required only when an LDAP database does not allow anonymous searches. Possible values are a user-specified string, and none. | |
adminPassword |
string | optional | read/write | Specifies the password for the admin account. See the admin dn option above. Possible values are a user-specified string, and none. | |
appService |
string | optional | read/write | The application service that the object belongs to. | |
cacheSize |
integer | 20000 | optional | read/write | Specifies the maximum size, in bytes, allowed for the SSL session cache. Setting this value to 0 disallows SSL session caching. The default value is 20000 bytes (that is 20KB). |
cacheTimeout |
integer | 300 | optional | read/write | Specifies the number of usable lifetime seconds of negotiable SSL session IDs. When this time expires, a client must negotiate a new session. Allowed values are: <number>, immediate, and indefinite. The default value is 300 seconds. |
certmapBase |
string | optional | read/write | Specifies the search base for the subtree used by the certmap search method. A typical search base is: ou=people,dc=company,dc=com. Possible values are a user-specified string, and none. | |
certmapKey |
string | optional | read/write | Specifies the name of the certificate map found in the LDAP database. Used by the certmap search method. Possible values are a user-specified string, and none. | |
certmapUserSerial |
string | no | optional | read/write | Specifies whether the system uses the client certificate’s subject or serial number (in conjunction with the certificate’s issuer) when trying to match an entry in the certificate map subtree. A value of yes uses the serial number. A value of no uses the subject. The default value is no. |
description |
string | optional | read/write | User defined description. | |
groupBase |
string | optional | read/write | Specifies the search base for the subtree used by group searches. This parameter is only used when specifying the valid groups option. The typical search base is similar to: ou=groups,dc=company,dc=com. Possible values are a user-specified string, and none. | |
groupKey |
string | optional | read/write | Specifies the name of the attribute in the LDAP database that specifies the group name in the group subtree. An example of a typical key is cn (common name for the group). Possible values are a user-specified string, and none. | |
groupMemberKey |
string | optional | read/write | Specifies the name of the attribute in the LDAP database that specifies members (DNs) of a group. A typical key would be member. Possible values are a user-specified string, and none. | |
tmPartition |
string | Common | optional | read/write | Displays the partition within which the server resides. |
roleKey |
string | optional | read/write | Specifies the name of the attribute in the LDAP database that specifies a user’s authorization roles. This key is used only with the valid roles option. A typical role key might be authorizationRole. Possible values are a user-specified string, and none. | |
searchType |
string | user | optional | read/write | Specifies the type of LDAP search that is performed based on the client’s certificate. |
secure |
string | no | optional | read/write | Enables or disables an attempt to use secure LDAP (LDAP over SSL). The alternative to using secure LDAP is to use insecure (clear text) LDAP. Secure LDAP is a consideration when the connection between the BIG-IP system and the LDAP server cannot be trusted. The default value is disabled. |
servers |
string | required | read/write | Specifies a list of LDAP servers you want to search. Possible values are a user-specified list of servers, and none. You must specify a server when you create an SSL client certificate configuration object. | |
userBase |
string | optional | read/write | Specifies the search base for the subtree used by the user and cert search methods. A typical search base is: ou=people,dc=company,dc=com. Possible values are a user-specified string, and none. You must specify a user base when you create an SSL client certificate configuration object. | |
userClass |
string | optional | read/write | Specifies the object class in the LDAP database to which the user must belong in order to be authenticated. | |
userKey |
string | required | read/write | Specifies the key that denotes a user ID in the LDAP database (for example, the common key for the user option is uid). Possible values are a user-specified string, and none. You must always specify a user key when you create an SSL client certificate configuration object. | |
validGroups |
string | optional | read/write | Specifies a space-delimited list specifying the names of groups that the client must belong to in order to be authorized (matches against the group key in the group subtree). The client needs to be a member of only one of the groups in the list. Possible values are a user-specified string, or none. | |
validRoles |
string | optional | read/write | Specifies a space-delimited list specifying the valid roles that clients must have in order to be authorized. Possible values are a user-specified string, and none. |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.