apm policy agent aaa-active-directoryΒΆ

apm policy agent aaa-active-directory(1)	  BIG-IP TMSH Manual	     apm policy agent aaa-active-directory(1)

NAME
       aaa-active-directory - Manages an AAA Active Directory(r) agent.

MODULE
       apm policy agent

SYNTAX
       Configure the aaa-active-directory component within the policy agent module using the following syntax.

   CREATE/MODIFY
	create aaa-active-directory [name]
	modify aaa-active-directory [name]
	  options
	    app-service [[string] | none]
	    auth-max-logon-attempt [integer]
	    fetch-nested-groups [true | false]
	    fetch-primary-groups [true | false]
	    hints [true | false]
	    query-attrname [[string] | none]
	    query-filter [[string] | none]
	    server [[string] | none]
	    trusted-domains [[string | none]]
	    show-extended-error [true | false]
	    type [query | auth | last]
	    upn [true | false]

   DISPLAY
	list aaa-ldap
	list aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
	show running-config aaa-ldap
	show running-config aaa-ldap [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all
	    all-properties
	    current-module
	    non-default-properties
	    one-line
	    app-service
	    partition

   DELETE
	delete aaa-active-directory ([name] | all)

DESCRIPTION
       You can use the aaa-active-directory component to configure an AAA Active Directory agent.

EXAMPLES
       create aaa-active-directory MyADQueryagent {query-filter "(be sAMAccountName=%{session.logon.last.username})"
       type query server "companyAD" }
	    Creates the query type AAA Active Directory agent named MyADQueryagent that uses the (be
	    sAMAccountName=%{session.logon.last.username}) filter and the companyAD AAA AD Server.

       create agent aaa active MyADAuthagent { type auth server "companyAD" }
	    Creates the authorization type AAA Active Directory agent named MyADAuthagent that uses the companyAD AAA
	    AD server.

       list aaa-active-directory all
	    Displays a list of AAA Active Directory agents and their properties.

       delete aaa-active-directory MyADagent
	    Deletes the MyADagent AAA Active Directory agent.

OPTIONS
       app-service
	    Specifies the name of the application service to which the object belongs. The default value is none.
	    Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
	    modify or delete the object. Only the application service can modify or delete the object.

       auth-max-logon-attempt
	    Specifies the maximum number of opportunities that users have to re-enter credentials after their first
	    attempt to log in fails. If you set this value to a number from 2 to 5 inclusive, the system allows users
	    the specified number of opportunities to log in after the first attempt to log in fails. If you set the
	    value to 1, the system does not allow a second log in opportunity after a first log in attempt fails. The
	    default value is 3.

       fetch-nested-groups
	    When enabled, the system administrator can retrieve the full list of groups that user belongs to, even if
	    the retrieval privileges are nested through other groups to which the user belongs to directly. The
	    default value is false.

       fetch-primary-groups
	    When enabled, the system administrator can retrieve the primary group of a user, and use that name as a
	    group in access policy item rules. The default value is false.

       hints
	    When enabled, the system offers the user an option to create a hint that assists in remembering a
	    password.  The default value is false.

       query-attrname
	    Specifies the attribute name that you are adding or deleting for the agent.

       query-filter
	    Specifies the search criteria the system uses when querying an AAA Active Directory(r) server for
	    authentication information. The system supports session variables as part of search query string.

       [name]
	    Specifies the name of an AAA Active Directory agent. This setting is required.

       partition
	    Displays the partition within which the component resides.

       server
	    Specifies an AAA Active Directory server the system uses for Active Directory queries and authentication.

       server
	    Specifies an AAA Active Directory Trusted Domains object that the system uses for Active Directory
	    queries and authentication.  This option requires upn option to be enabled

       show-extended-error
	    Specifies to display a verbose error message. The default value is false.

       type Specifies the type of AAA Active Directory agent. The default value is last.

	    query
		 Specifies that the agent makes a query against the AAA Active Directory Server to retrieve
		 information in accordance with the query-filter and query-attributes options.

	    auth Specifies that the agent is an authentication agent only. It uses the AAA Active Directory Server,
		 but only for authentication purposes. APM does not get any information from the Domain.

	    last
       upn  When enabled, APM supports the user principal name (UPN) naming style and process cross-domain
	    authentication requests.  Some examples of UPNs are: user@fqdn.of.domain.com, user@upnsuffix.com, and
	    user@domain. The default value is false.

SEE ALSO
       tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2011-2012. All rights reserved.

BIG-IP						      2013-11-15	     apm policy agent aaa-active-directory(1)