Management::CertLDAPConfiguration¶
Introduced : BIG-IP_v11.2.0
The CertLDAPConfiguration interface enables you to manage CertLDAP PAM
configuration. This LDAP configuration is specific to Certificate
based Single Sign On (SSO) feature support. The key in the create
method must be “system-auth”. This key must be used in all other
methods as well. Note: The SSO feature requires configuring httpd
object attributes in advance. The following httpd attributes must be
configured appropriately prior to the creation of the CertLDAP object:
sslcacertfile, sslverifyclient, sslverifydepth, sslocspenable,
sslocspdefaultresponder and ssloveroverrideresponder. “httpd” is an
LTConfig class and class instance, and support is available to
configure such objects (through the LTConfig::Field interface and
set_values method). Please see the LTConfig module for details.
Methods¶
Method | Description | Introduced |
add_server | Adds/associates servers to the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
create | Creates the specified CertLDAP configurations. The key must be specified as “system-auth”. | BIG-IP_v11.2.0 |
create_default_authentication_ad_configuration | Creates the default authentication Active Directory configuration. | BIG-IP_v11.2.0 |
create_default_authentication_ldap_configuration | Creates the default authentication CertLDAP configuration. | BIG-IP_v11.2.0 |
delete_all_configurations | Deletes all CertLDAP configurations. | BIG-IP_v11.2.0 |
delete_configuration | Deletes the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
get_bind_distinguished_name | Gets the distinguished names used to bind to the servers. Default is to bind anonymously. | BIG-IP_v11.2.0 |
get_bind_password | Gets the credentials used to bind to the servers. Default is to bind with no credentials. | BIG-IP_v11.2.0 |
get_bind_time_limit | Gets the bind time limits in seconds. This is the time to wait for the bind to complete. | BIG-IP_v11.2.0 |
get_check_host_attribute_state | Gets the states indicating whether to check the &aposhost&apos attribute for access control. Default is no; if set to yes, and user has no value for the host attribute, and pam_ldap is configured for account management (authorization) then the user will not be allowed to login. | BIG-IP_v11.2.0 |
get_check_roles_group_state | Gets the states indicating whether to check the membership attribute in groups given in remote-role definitions for access control. | BIG-IP_v11.2.0 |
get_debug_state | Gets the states indicating whether syslog debugging is enabled/disabled. | BIG-IP_v11.2.0 |
get_description | Gets the descriptions for a set of CertLDAP configurations. | BIG-IP_v11.2.0 |
get_filter | Gets the filter strings used by the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
get_idle_time_limit | Gets the idle time limits in seconds. This client will close connections if the server has not been contacted for the number of seconds specified by this value. | BIG-IP_v11.2.0 |
get_ignore_unavailable_authentication_information_state | Gets the states indicating whether to ignore errors when authentication information is unavailable. | BIG-IP_v11.2.0 |
get_ldap_ssl_option | Gets the CertLDAP SSL options used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
get_ldap_sso_option | Gets the CertLDAP SSO options used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
get_ldap_version | Gets the LDAP versions to use by the CertLDAP configurations. | BIG-IP_v11.2.0 |
get_list | Gets a list of all CertLDAP configurations. | BIG-IP_v11.2.0 |
get_login_attribute | Gets the login attributes used by the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
get_login_filter | Gets the SSO login filter attribute used by the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
get_login_name_attribute | Gets the SSO login name attribute used by the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
get_port | Gets the ports used by the LDAP servers to listen for requests. | BIG-IP_v11.2.0 |
get_search_base_distinguished_name | Gets the distinguished names of the search bases used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
get_search_scope | Gets the search scopes used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
get_search_time_limit | Gets the search time limits in seconds. This is the time to wait for the search to complete. | BIG-IP_v11.2.0 |
get_server | Gets the lists of servers the specified CertLDAP configurations are associated with. | BIG-IP_v11.2.0 |
get_ssl_ca_certificate_file | Gets the CA certificate file object names used in server certificate verification for a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. | BIG-IP_v11.2.0 |
get_ssl_check_peer_state | Gets the states indicating whether to require and verify server certificate. | BIG-IP_v11.2.0 |
get_ssl_cipher | Gets the SSL cipher suite used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
get_ssl_client_certificate | Gets the client certificate file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. | BIG-IP_v11.2.0 |
get_ssl_client_key | Gets the client key file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. | BIG-IP_v11.2.0 |
get_version | Gets the version information for this interface. | BIG-IP_v11.2.0 |
get_warning_state | Gets the states indicating whether to enable/disable warning messages. | BIG-IP_v11.2.0 |
remove_server | Removes servers from the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
set_bind_distinguished_name | Sets the distinguished names used to bind to the servers. Default is to bind anonymously. | BIG-IP_v11.2.0 |
set_bind_password | Sets the credentials used to bind to the servers. Default is to bind with no credentials. | BIG-IP_v11.2.0 |
set_bind_time_limit | Sets the bind time limits in seconds. This is the time to wait for the bind to complete. | BIG-IP_v11.2.0 |
set_check_host_attribute_state | Sets the states indicating whether to check the &aposhost&apos attribute for access control. Default is no; if set to yes, and user has no value for the host attribute, and pam_ldap is configured for account management (authorization) then the user will not be allowed to login. | BIG-IP_v11.2.0 |
set_check_roles_group_state | Sets the states indicating whether to check the membership attribute in groups given in remote-role definitions for access control. Default is no; if set to yes, and user does not belong to any groups given in the remote-role definitions, and pam_ldap is configured for account management (authorization) then the user will only be able to log in using the default remote-role, which can be set to deny access. | BIG-IP_v11.2.0 |
set_debug_state | Sets the states indicating whether syslog debugging is enabled/disabled. | BIG-IP_v11.2.0 |
set_description | Sets the description for a set of CertLDAP configurations. This is an arbitrary field which can be used for any purpose. | BIG-IP_v11.2.0 |
set_filter | Sets the filter strings used by the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
set_idle_time_limit | Sets the idle time limits in seconds. This client will close connections if the server has not been contacted for the number of seconds specified by this value. | BIG-IP_v11.2.0 |
set_ignore_unavailable_authentication_information_state | Sets the states indicating whether to ignore errors when authentication information is unavailable. | BIG-IP_v11.2.0 |
set_ldap_ssl_option | Sets the CertLDAP SSL options used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
set_ldap_sso_option | Sets the CertLDAP SSO options used by the CertLDAP configurations. Enabling SSO modifies the httpd configuration object to enable client certificate validation. Make sure your environment is setup to supply client certificate on request from BIG-IP system, or your client will be unable to access the BIG-IP. | BIG-IP_v11.2.0 |
set_ldap_version | Sets the LDAP versions to use by the CertLDAP configurations. | BIG-IP_v11.2.0 |
set_login_attribute | Sets the login attributes used by the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
set_login_filter | Sets the SSO login filter used by the specified CertLDAP configurations. This filter extracts substring from login name attribute value. | BIG-IP_v11.2.0 |
set_login_name_attribute | Sets the SSO login name attribute used by the specified CertLDAP configurations. | BIG-IP_v11.2.0 |
set_port | Sets the ports used by the LDAP servers to listen for requests. | BIG-IP_v11.2.0 |
set_search_base_distinguished_name | Sets the distinguished names of the search bases used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
set_search_scope | Sets the search scopes used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
set_search_time_limit | Sets the search time limits in seconds. This is the time to wait for the search to complete. | BIG-IP_v11.2.0 |
set_ssl_ca_certificate_file | Sets the CA certificate file objects used in server certificate verification for a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. | BIG-IP_v11.2.0 |
set_ssl_check_peer_state | Sets the states indicating whether to require and verify server certificate. | BIG-IP_v11.2.0 |
set_ssl_cipher | Sets the SSL cipher suite used by the CertLDAP configurations. | BIG-IP_v11.2.0 |
set_ssl_client_certificate | Sets the client certificate file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. | BIG-IP_v11.2.0 |
set_ssl_client_key | Sets the client key file objects used by a set of CertLDAP authentication configurations. See the Management::KeyCertificate interface for certificate file object management. | BIG-IP_v11.2.0 |
set_warning_state | Sets the states indicating whether to enable/disable warning messages. | BIG-IP_v11.2.0 |
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.