Management::CertLDAPConfiguration

Introduced : BIG-IP_v11.2.0
The CertLDAPConfiguration interface enables you to manage CertLDAP PAM configuration. This LDAP configuration is specific to Certificate based Single Sign On (SSO) feature support. The key in the create method must be “system-auth”. This key must be used in all other methods as well. Note: The SSO feature requires configuring httpd object attributes in advance. The following httpd attributes must be configured appropriately prior to the creation of the CertLDAP object: sslcacertfile, sslverifyclient, sslverifydepth, sslocspenable, sslocspdefaultresponder and ssloveroverrideresponder. “httpd” is an LTConfig class and class instance, and support is available to configure such objects (through the LTConfig::Field interface and set_values method). Please see the LTConfig module for details.

Methods

Method Description Introduced
add_server Adds/associates servers to the specified CertLDAP configurations. BIG-IP_v11.2.0
create Creates the specified CertLDAP configurations. The key must be specified as “system-auth”. BIG-IP_v11.2.0
create_default_authentication_ad_configuration Creates the default authentication Active Directory configuration. BIG-IP_v11.2.0
create_default_authentication_ldap_configuration Creates the default authentication CertLDAP configuration. BIG-IP_v11.2.0
delete_all_configurations Deletes all CertLDAP configurations. BIG-IP_v11.2.0
delete_configuration Deletes the specified CertLDAP configurations. BIG-IP_v11.2.0
get_bind_distinguished_name Gets the distinguished names used to bind to the servers. Default is to bind anonymously. BIG-IP_v11.2.0
get_bind_password Gets the credentials used to bind to the servers. Default is to bind with no credentials. BIG-IP_v11.2.0
get_bind_time_limit Gets the bind time limits in seconds. This is the time to wait for the bind to complete. BIG-IP_v11.2.0
get_check_host_attribute_state Gets the states indicating whether to check the &aposhost&apos attribute for access control. Default is no; if set to yes, and user has no value for the host attribute, and pam_ldap is configured for account management (authorization) then the user will not be allowed to login. BIG-IP_v11.2.0
get_check_roles_group_state Gets the states indicating whether to check the membership attribute in groups given in remote-role definitions for access control. BIG-IP_v11.2.0
get_debug_state Gets the states indicating whether syslog debugging is enabled/disabled. BIG-IP_v11.2.0
get_description Gets the descriptions for a set of CertLDAP configurations. BIG-IP_v11.2.0
get_filter Gets the filter strings used by the specified CertLDAP configurations. BIG-IP_v11.2.0
get_idle_time_limit Gets the idle time limits in seconds. This client will close connections if the server has not been contacted for the number of seconds specified by this value. BIG-IP_v11.2.0
get_ignore_unavailable_authentication_information_state Gets the states indicating whether to ignore errors when authentication information is unavailable. BIG-IP_v11.2.0
get_ldap_ssl_option Gets the CertLDAP SSL options used by the CertLDAP configurations. BIG-IP_v11.2.0
get_ldap_sso_option Gets the CertLDAP SSO options used by the CertLDAP configurations. BIG-IP_v11.2.0
get_ldap_version Gets the LDAP versions to use by the CertLDAP configurations. BIG-IP_v11.2.0
get_list Gets a list of all CertLDAP configurations. BIG-IP_v11.2.0
get_login_attribute Gets the login attributes used by the specified CertLDAP configurations. BIG-IP_v11.2.0
get_login_filter Gets the SSO login filter attribute used by the specified CertLDAP configurations. BIG-IP_v11.2.0
get_login_name_attribute Gets the SSO login name attribute used by the specified CertLDAP configurations. BIG-IP_v11.2.0
get_port Gets the ports used by the LDAP servers to listen for requests. BIG-IP_v11.2.0
get_search_base_distinguished_name Gets the distinguished names of the search bases used by the CertLDAP configurations. BIG-IP_v11.2.0
get_search_scope Gets the search scopes used by the CertLDAP configurations. BIG-IP_v11.2.0
get_search_time_limit Gets the search time limits in seconds. This is the time to wait for the search to complete. BIG-IP_v11.2.0
get_server Gets the lists of servers the specified CertLDAP configurations are associated with. BIG-IP_v11.2.0
get_ssl_ca_certificate_file Gets the CA certificate file object names used in server certificate verification for a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. BIG-IP_v11.2.0
get_ssl_check_peer_state Gets the states indicating whether to require and verify server certificate. BIG-IP_v11.2.0
get_ssl_cipher Gets the SSL cipher suite used by the CertLDAP configurations. BIG-IP_v11.2.0
get_ssl_client_certificate Gets the client certificate file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. BIG-IP_v11.2.0
get_ssl_client_key Gets the client key file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. BIG-IP_v11.2.0
get_version Gets the version information for this interface. BIG-IP_v11.2.0
get_warning_state Gets the states indicating whether to enable/disable warning messages. BIG-IP_v11.2.0
remove_server Removes servers from the specified CertLDAP configurations. BIG-IP_v11.2.0
set_bind_distinguished_name Sets the distinguished names used to bind to the servers. Default is to bind anonymously. BIG-IP_v11.2.0
set_bind_password Sets the credentials used to bind to the servers. Default is to bind with no credentials. BIG-IP_v11.2.0
set_bind_time_limit Sets the bind time limits in seconds. This is the time to wait for the bind to complete. BIG-IP_v11.2.0
set_check_host_attribute_state Sets the states indicating whether to check the &aposhost&apos attribute for access control. Default is no; if set to yes, and user has no value for the host attribute, and pam_ldap is configured for account management (authorization) then the user will not be allowed to login. BIG-IP_v11.2.0
set_check_roles_group_state Sets the states indicating whether to check the membership attribute in groups given in remote-role definitions for access control. Default is no; if set to yes, and user does not belong to any groups given in the remote-role definitions, and pam_ldap is configured for account management (authorization) then the user will only be able to log in using the default remote-role, which can be set to deny access. BIG-IP_v11.2.0
set_debug_state Sets the states indicating whether syslog debugging is enabled/disabled. BIG-IP_v11.2.0
set_description Sets the description for a set of CertLDAP configurations. This is an arbitrary field which can be used for any purpose. BIG-IP_v11.2.0
set_filter Sets the filter strings used by the specified CertLDAP configurations. BIG-IP_v11.2.0
set_idle_time_limit Sets the idle time limits in seconds. This client will close connections if the server has not been contacted for the number of seconds specified by this value. BIG-IP_v11.2.0
set_ignore_unavailable_authentication_information_state Sets the states indicating whether to ignore errors when authentication information is unavailable. BIG-IP_v11.2.0
set_ldap_ssl_option Sets the CertLDAP SSL options used by the CertLDAP configurations. BIG-IP_v11.2.0
set_ldap_sso_option Sets the CertLDAP SSO options used by the CertLDAP configurations. Enabling SSO modifies the httpd configuration object to enable client certificate validation. Make sure your environment is setup to supply client certificate on request from BIG-IP system, or your client will be unable to access the BIG-IP. BIG-IP_v11.2.0
set_ldap_version Sets the LDAP versions to use by the CertLDAP configurations. BIG-IP_v11.2.0
set_login_attribute Sets the login attributes used by the specified CertLDAP configurations. BIG-IP_v11.2.0
set_login_filter Sets the SSO login filter used by the specified CertLDAP configurations. This filter extracts substring from login name attribute value. BIG-IP_v11.2.0
set_login_name_attribute Sets the SSO login name attribute used by the specified CertLDAP configurations. BIG-IP_v11.2.0
set_port Sets the ports used by the LDAP servers to listen for requests. BIG-IP_v11.2.0
set_search_base_distinguished_name Sets the distinguished names of the search bases used by the CertLDAP configurations. BIG-IP_v11.2.0
set_search_scope Sets the search scopes used by the CertLDAP configurations. BIG-IP_v11.2.0
set_search_time_limit Sets the search time limits in seconds. This is the time to wait for the search to complete. BIG-IP_v11.2.0
set_ssl_ca_certificate_file Sets the CA certificate file objects used in server certificate verification for a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. BIG-IP_v11.2.0
set_ssl_check_peer_state Sets the states indicating whether to require and verify server certificate. BIG-IP_v11.2.0
set_ssl_cipher Sets the SSL cipher suite used by the CertLDAP configurations. BIG-IP_v11.2.0
set_ssl_client_certificate Sets the client certificate file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. BIG-IP_v11.2.0
set_ssl_client_key Sets the client key file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. BIG-IP_v11.2.0
set_warning_state Sets the states indicating whether to enable/disable warning messages. BIG-IP_v11.2.0

Structures

Structure Description

Enumerations

Enumeration Description

Exceptions

Exception Description

Constants

Constant Type Value Description

Aliases

Alias Type Description

See Also

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code


The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.