apm policy agent aaa-active-directoryΒΆ

apm policy agent aaa-active-directory(1)		BIG-IP TMSH Manual		  apm policy agent aaa-active-directory(1)

NAME
       aaa-active-directory - Manages an AAA Active Directory(r) agent.

MODULE
       apm policy agent

SYNTAX
       Configure the aaa-active-directory component within the policy agent module using the following syntax.

   CREATE/MODIFY
	create aaa-active-directory [name]
	modify aaa-active-directory [name]
	  options
	    app-service [[string] | none]
	    auth-max-logon-attempt [integer]
	    fetch-nested-groups [true | false]
	    fetch-primary-groups [true | false]
	    hints [true | false]
	    query-attrname [[string] | none]
	    query-filter [[string] | none]
	    server [[string] | none]
	    trusted-domains [[string | none]]
	    show-extended-error [true | false]
	    type [query | auth | last]
	    upn [true | false]

   DISPLAY
	list aaa-ldap
	list aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
	show running-config aaa-ldap
	show running-config aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all
	    all-properties
	    current-module
	    non-default-properties
	    one-line
	    app-service
	    partition

   DELETE
	delete aaa-active-directory ([name] | all)

DESCRIPTION
       You can use the aaa-active-directory component to configure an AAA Active Directory agent.

EXAMPLES
       create aaa-active-directory MyADQueryagent {query-filter "(be sAMAccountName=%{session.logon.last.username})" type query
       server "companyAD" }
	    Creates the query type AAA Active Directory agent named MyADQueryagent that uses the (be
	    sAMAccountName=%{session.logon.last.username}) filter and the companyAD AAA AD Server.

       create agent aaa active MyADAuthagent { type auth server "companyAD" }
	    Creates the authorization type AAA Active Directory agent named MyADAuthagent that uses the companyAD AAA AD server.

       list aaa-active-directory all
	    Displays a list of AAA Active Directory agents and their properties.

       delete aaa-active-directory MyADagent
	    Deletes the MyADagent AAA Active Directory agent.

OPTIONS
       app-service
	    Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
	    strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
	    object. Only the application service can modify or delete the object.

       auth-max-logon-attempt
	    Specifies the maximum number of opportunities that users have to re-enter credentials after their first attempt to log
	    in fails. If you set this value to a number from 2 to 5 inclusive, the system allows users the specified number of
	    opportunities to log in after the first attempt to log in fails. If you set the value to 1, the system does not allow
	    a second log in opportunity after a first log in attempt fails. The default value is 3.

       fetch-nested-groups
	    When enabled, the system administrator can retrieve the full list of groups that user belongs to, even if the
	    retrieval privileges are nested through other groups to which the user belongs to directly. The default value is
	    false.

       fetch-primary-groups
	    When enabled, the system administrator can retrieve the primary group of a user, and use that name as a group in
	    access policy item rules. The default value is false.

       hints
	    When enabled, the system offers the user an option to create a hint that assists in remembering a password.  The
	    default value is false.

       query-attrname
	    Specifies the attribute name that you are adding or deleting for the agent.

       query-filter
	    Specifies the search criteria the system uses when querying an AAA Active Directory(r) server for authentication
	    information. The system supports session variables as part of search query string.

       [name]
	    Specifies the name of an AAA Active Directory agent. This setting is required.

       partition
	    Displays the partition within which the component resides.

       server
	    Specifies an AAA Active Directory server the system uses for Active Directory queries and authentication.

       server
	    Specifies an AAA Active Directory Trusted Domains object that the system uses for Active Directory queries and
	    authentication.  This option requires upn option to be enabled

       show-extended-error
	    Specifies to display a verbose error message. The default value is false.

       type Specifies the type of AAA Active Directory agent. The default value is last.

	    query
		 Specifies that the agent makes a query against the AAA Active Directory Server to retrieve information in
		 accordance with the query-filter and query-attributes options.

	    auth Specifies that the agent is an authentication agent only. It uses the AAA Active Directory Server, but only for
		 authentication purposes. APM does not get any information from the Domain.

	    last
       upn  When enabled, APM supports the user principal name (UPN) naming style and process cross-domain authentication
	    requests.  Some examples of UPNs are: user@fqdn.of.domain.com, user@upnsuffix.com, and user@domain. The default value
	    is false.

SEE ALSO
       tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2011-2012. All rights reserved.

BIG-IP							    2013-11-15			  apm policy agent aaa-active-directory(1)