apm policy agent aaa-active-directoryΒΆ

apm policy agent aaa-active-diBIG-IPyTapm policy agent aaa-active-directory(1)



NAME
       aaa-active-directory - Manages an AAA Active Directory(r) agent.

MODULE
       apm policy agent

SYNTAX
       Configure the aaa-active-directory component within the policy agent
       module using the following syntax.

   CREATE/MODIFY
	create aaa-active-directory [name]
	modify aaa-active-directory [name]
	  options
	    app-service [[string] | none]
	    auth-max-logon-attempt [integer]
	    fetch-nested-groups [true | false]
	    fetch-primary-groups [true | false]
	    hints [true | false]
	    query-attrname [[string] | none]
	    query-filter [[string] | none]
	    server [[string] | none]
	    trusted-domains [[string | none]]
	    show-extended-error [true | false]
	    type [query | auth | last]
	    upn [true | false]

   DISPLAY
	list aaa-ldap
	list aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
	show running-config aaa-ldap
	show running-config aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all
	    all-properties
	    current-module
	    non-default-properties
	    one-line
	    app-service
	    partition

   DELETE
	delete aaa-active-directory ([name] | all)

DESCRIPTION
       You can use the aaa-active-directory component to configure an AAA
       Active Directory agent.

EXAMPLES
       create aaa-active-directory MyADQueryagent {query-filter "(be
       sAMAccountName=%{session.logon.last.username})" type query server
       "companyAD" }
	    Creates the query type AAA Active Directory agent named
	    MyADQueryagent that uses the (be
	    sAMAccountName=%{session.logon.last.username}) filter and the
	    companyAD AAA AD Server.

       create agent aaa active MyADAuthagent { type auth server "companyAD" }
	    Creates the authorization type AAA Active Directory agent named
	    MyADAuthagent that uses the companyAD AAA AD server.

       list aaa-active-directory all
	    Displays a list of AAA Active Directory agents and their
	    properties.

       delete aaa-active-directory MyADagent
	    Deletes the MyADagent AAA Active Directory agent.

OPTIONS
       app-service
	    Specifies the name of the application service to which the object
	    belongs. The default value is none. Note: If the strict-updates
	    option is enabled on the application service that owns the object,
	    you cannot modify or delete the object. Only the application
	    service can modify or delete the object.

       auth-max-logon-attempt
	    Specifies the maximum number of opportunities that users have to
	    re-enter credentials after their first attempt to log in fails. If
	    you set this value to a number from 2 to 5 inclusive, the system
	    allows users the specified number of opportunities to log in after
	    the first attempt to log in fails. If you set the value to 1, the
	    system does not allow a second log in opportunity after a first
	    log in attempt fails. The default value is 3.

       fetch-nested-groups
	    When enabled, the system administrator can retrieve the full list
	    of groups that user belongs to, even if the retrieval privileges
	    are nested through other groups to which the user belongs to
	    directly. The default value is false.

       fetch-primary-groups
	    When enabled, the system administrator can retrieve the primary
	    group of a user, and use that name as a group in access policy
	    item rules. The default value is false.

       hints
	    When enabled, the system offers the user an option to create a
	    hint that assists in remembering a password.  The default value is
	    false.

       query-attrname
	    Specifies the attribute name that you are adding or deleting for
	    the agent.

       query-filter
	    Specifies the search criteria the system uses when querying an AAA
	    Active Directory(r) server for authentication information. The
	    system supports session variables as part of search query string.

       [name]
	    Specifies the name of an AAA Active Directory agent. This setting
	    is required.

       partition
	    Displays the partition within which the component resides.

       server
	    Specifies an AAA Active Directory server the system uses for
	    Active Directory queries and authentication.

       server
	    Specifies an AAA Active Directory Trusted Domains object that the
	    system uses for Active Directory queries and authentication.  This
	    option requires upn option to be enabled

       show-extended-error
	    Specifies to display a verbose error message. The default value is
	    false.

       type Specifies the type of AAA Active Directory agent. The default
	    value is last.

	    query
		 Specifies that the agent makes a query against the AAA Active
		 Directory Server to retrieve information in accordance with
		 the query-filter and query-attributes options.

	    auth Specifies that the agent is an authentication agent only. It
		 uses the AAA Active Directory Server, but only for
		 authentication purposes. APM does not get any information
		 from the Domain.

	    last
       upn  When enabled, APM supports the user principal name (UPN) naming
	    style and process cross-domain authentication requests.  Some
	    examples of UPNs are: user@fqdn.of.domain.com, user@upnsuffix.com,
	    and user@domain. The default value is false.

SEE ALSO
       tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2011-2012. All rights reserved.



BIG-IP				  2013apm-policy agent aaa-active-directory(1)