apm policy agent aaa-active-directory
apm policy agent aaa-active-diBIG-IPyTapm policy agent aaa-active-directory(1)
NAME
aaa-active-directory - Manages an AAA Active Directory(r) agent.
MODULE
apm policy agent
SYNTAX
Configure the aaa-active-directory component within the policy agent
module using the following syntax.
CREATE/MODIFY
create aaa-active-directory [name]
modify aaa-active-directory [name]
options
app-service [[string] | none]
auth-max-logon-attempt [integer]
fetch-nested-groups [true | false]
fetch-primary-groups [true | false]
hints [true | false]
query-attrname [[string] | none]
query-filter [[string] | none]
server [[string] | none]
trusted-domains [[string | none]]
show-extended-error [true | false]
type [query | auth | last]
upn [true | false]
DISPLAY
list aaa-ldap
list aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
show running-config aaa-ldap
show running-config aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
current-module
non-default-properties
one-line
app-service
partition
DELETE
delete aaa-active-directory ([name] | all)
DESCRIPTION
You can use the aaa-active-directory component to configure an AAA
Active Directory agent.
EXAMPLES
create aaa-active-directory MyADQueryagent {query-filter "(be
sAMAccountName=%{session.logon.last.username})" type query server
"companyAD" }
Creates the query type AAA Active Directory agent named
MyADQueryagent that uses the (be
sAMAccountName=%{session.logon.last.username}) filter and the
companyAD AAA AD Server.
create agent aaa active MyADAuthagent { type auth server "companyAD" }
Creates the authorization type AAA Active Directory agent named
MyADAuthagent that uses the companyAD AAA AD server.
list aaa-active-directory all
Displays a list of AAA Active Directory agents and their
properties.
delete aaa-active-directory MyADagent
Deletes the MyADagent AAA Active Directory agent.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
auth-max-logon-attempt
Specifies the maximum number of opportunities that users have to
re-enter credentials after their first attempt to log in fails. If
you set this value to a number from 2 to 5 inclusive, the system
allows users the specified number of opportunities to log in after
the first attempt to log in fails. If you set the value to 1, the
system does not allow a second log in opportunity after a first
log in attempt fails. The default value is 3.
fetch-nested-groups
When enabled, the system administrator can retrieve the full list
of groups that user belongs to, even if the retrieval privileges
are nested through other groups to which the user belongs to
directly. The default value is false.
fetch-primary-groups
When enabled, the system administrator can retrieve the primary
group of a user, and use that name as a group in access policy
item rules. The default value is false.
hints
When enabled, the system offers the user an option to create a
hint that assists in remembering a password. The default value is
false.
query-attrname
Specifies the attribute name that you are adding or deleting for
the agent.
query-filter
Specifies the search criteria the system uses when querying an AAA
Active Directory(r) server for authentication information. The
system supports session variables as part of search query string.
[name]
Specifies the name of an AAA Active Directory agent. This setting
is required.
partition
Displays the partition within which the component resides.
server
Specifies an AAA Active Directory server the system uses for
Active Directory queries and authentication.
server
Specifies an AAA Active Directory Trusted Domains object that the
system uses for Active Directory queries and authentication. This
option requires upn option to be enabled
show-extended-error
Specifies to display a verbose error message. The default value is
false.
type Specifies the type of AAA Active Directory agent. The default
value is last.
query
Specifies that the agent makes a query against the AAA Active
Directory Server to retrieve information in accordance with
the query-filter and query-attributes options.
auth Specifies that the agent is an authentication agent only. It
uses the AAA Active Directory Server, but only for
authentication purposes. APM does not get any information
from the Domain.
last
upn When enabled, APM supports the user principal name (UPN) naming
style and process cross-domain authentication requests. Some
examples of UPNs are: user@fqdn.of.domain.com, user@upnsuffix.com,
and user@domain. The default value is false.
SEE ALSO
tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2012. All rights reserved.
BIG-IP 2013apm-policy agent aaa-active-directory(1)