apm policy agent aaa-active-directory
apm policy agent aaa-active-directory(1) BIG-IP TMSH Manual apm policy agent aaa-active-directory(1)
NAME
aaa-active-directory - Manages an AAA Active Directory(r) agent.
MODULE
apm policy agent
SYNTAX
Configure the aaa-active-directory component within the policy agent module using the following syntax.
CREATE/MODIFY
create aaa-active-directory [name]
modify aaa-active-directory [name]
options
app-service [[string] | none]
auth-max-logon-attempt [integer]
fetch-nested-groups [true | false]
fetch-primary-groups [true | false]
hints [true | false]
query-attrname [[string] | none]
query-filter [[string] | none]
server [[string] | none]
trusted-domains [[string | none]]
show-extended-error [true | false]
type [query | auth | last]
upn [true | false]
DISPLAY
list aaa-ldap
list aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
show running-config aaa-ldap
show running-config aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
current-module
non-default-properties
one-line
app-service
partition
DELETE
delete aaa-active-directory ([name] | all)
DESCRIPTION
You can use the aaa-active-directory component to configure an AAA Active Directory agent.
EXAMPLES
create aaa-active-directory MyADQueryagent {query-filter "(be sAMAccountName=%{session.logon.last.username})"
type query server "companyAD" }
Creates the query type AAA Active Directory agent named MyADQueryagent that uses the (be
sAMAccountName=%{session.logon.last.username}) filter and the companyAD AAA AD Server.
create agent aaa active MyADAuthagent { type auth server "companyAD" }
Creates the authorization type AAA Active Directory agent named MyADAuthagent that uses the companyAD AAA
AD server.
list aaa-active-directory all
Displays a list of AAA Active Directory agents and their properties.
delete aaa-active-directory MyADagent
Deletes the MyADagent AAA Active Directory agent.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
auth-max-logon-attempt
Specifies the maximum number of opportunities that users have to re-enter credentials after their first
attempt to log in fails. If you set this value to a number from 2 to 5 inclusive, the system allows users
the specified number of opportunities to log in after the first attempt to log in fails. If you set the
value to 1, the system does not allow a second log in opportunity after a first log in attempt fails. The
default value is 3.
fetch-nested-groups
When enabled, the system administrator can retrieve the full list of groups that user belongs to, even if
the retrieval privileges are nested through other groups to which the user belongs to directly. The
default value is false.
fetch-primary-groups
When enabled, the system administrator can retrieve the primary group of a user, and use that name as a
group in access policy item rules. The default value is false.
hints
When enabled, the system offers the user an option to create a hint that assists in remembering a
password. The default value is false.
query-attrname
Specifies the attribute name that you are adding or deleting for the agent.
query-filter
Specifies the search criteria the system uses when querying an AAA Active Directory(r) server for
authentication information. The system supports session variables as part of search query string.
[name]
Specifies the name of an AAA Active Directory agent. This setting is required.
partition
Displays the partition within which the component resides.
server
Specifies an AAA Active Directory server the system uses for Active Directory queries and authentication.
server
Specifies an AAA Active Directory Trusted Domains object that the system uses for Active Directory
queries and authentication. This option requires upn option to be enabled
show-extended-error
Specifies to display a verbose error message. The default value is false.
type Specifies the type of AAA Active Directory agent. The default value is last.
query
Specifies that the agent makes a query against the AAA Active Directory Server to retrieve
information in accordance with the query-filter and query-attributes options.
auth Specifies that the agent is an authentication agent only. It uses the AAA Active Directory Server,
but only for authentication purposes. APM does not get any information from the Domain.
last
upn When enabled, APM supports the user principal name (UPN) naming style and process cross-domain
authentication requests. Some examples of UPNs are: user@fqdn.of.domain.com, user@upnsuffix.com, and
user@domain. The default value is false.
SEE ALSO
tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2012. All rights reserved.
BIG-IP 2013-11-15 apm policy agent aaa-active-directory(1)