Active Directory Server¶
Overview¶
This document describes the API to configure AAA Active Directory servers and their properties in BIG-IQ.
REST Endpoint: /mgmt/cm/access/working-config/apm/aaa/active-directory¶
Requests¶
GET /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
usePool | string | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. |
domainController | string | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically, it is device’s hostname. |
machineId | string | Machine ID of the device. |
link | string | URI link for the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group. |
link | string | URI link for the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Trust_Discovery_Import | Yes |
Access_View | Yes |
Access_Edit | Yes |
Access_Manager | Yes |
Access_Deploy | Yes |
POST /mgmt/cm/access/working-config/apm/aaa/active-directory¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
usePool | string | False | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | True | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. | |
domainController | string | False | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | True | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | True | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | True | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | False | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | False | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | True | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | False | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | False | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | True | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | True | Timeout interval (in seconds) for connecting to the AAA server. |
name | string | True | The name of the object. |
partition | string | True | The BIG-IP partition where the object should be placed. |
subPath | string | False | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | False | Reference to the device. |
link | string | False | URI link for the reference. |
isLsoShared | boolean | True | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Reference to the device group. |
link | string | False | URI link for the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
usePool | string | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. |
domainController | string | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically, it is device’s hostname. |
machineId | string | Machine ID of the device. |
link | string | URI link for the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group. |
link | string | URI link for the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | No |
Access_Manager | No |
Access_Deploy | No |
PUT /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
usePool | string | False | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | False | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. | |
domainController | string | False | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | False | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | False | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | False | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | False | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | False | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | False | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | False | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | False | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | False | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | False | Timeout interval (in seconds) for connecting to the AAA server. |
name | string | False | The name of the object. |
partition | string | False | The BIG-IP partition where the object should be placed. |
subPath | string | False | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | False | Reference to the device. |
name | string | False | Device name. Typically, it is device’s hostname. |
machineId | string | False | Machine ID of the device. |
link | string | False | URI link for the reference. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Reference to the device group. |
name | string | False | Name of the device group. |
link | string | False | URI link for the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
usePool | string | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. |
domainController | string | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically, it is device’s hostname. |
machineId | string | Machine ID of the device. |
link | string | URI link for the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group. |
link | string | URI link for the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | No |
Access_Manager | No |
Access_Deploy | No |
PATCH /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
usePool | string | False | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | False | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. | |
domainController | string | False | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | False | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | False | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | False | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | False | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | False | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | False | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | False | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | False | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | False | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | False | Timeout interval (in seconds) for connecting to the AAA server. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
usePool | string | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. |
domainController | string | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically, it is device’s hostname. |
machineId | string | Machine ID of the device. |
link | string | URI link for the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group. |
link | string | URI link for the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | No |
Access_Manager | No |
Access_Deploy | No |
DELETE /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
usePool | string | The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration. |
domain | string | Name of the Windows Domain. |
pool | string | For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property. |
domainController | string | IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected. |
domainControllers | array_of_objects | List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM. |
ip | string | Valid IP address for the domain controllers configuration if UsePool is enabled. |
host | string | Valid hostname for the domain controllers configuration if UsePool is enabled. |
adminName | string | Case-sensitive name for an administrator who has Active Directory administrative permissions. |
adminEncryptedPassword | string | Administrator password that is associated with the administrator name. |
groupCacheTtl | number | Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
padata | string | Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet. |
kdcLockoutDuration | number | Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0. |
psoCacheTtl | number | Number of days to cache password security resources. The default lifetime is 30 days. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically, it is device’s hostname. |
machineId | string | Machine ID of the device. |
link | string | URI link for the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Reference to the device group. |
name | string | Name of the device group. |
link | string | URI link for the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no Permission).
Permissions¶
Role | Allow |
---|---|
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | No |
Access_Manager | No |
Access_Deploy | No |
Examples¶
Get AAA Active Directory Server¶
GET /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>
Response¶
HTTP/1.1 200 OK
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
}
}
Create New AAA Active Directory Server¶
POST /mgmt/cm/access/working-config/apm/aaa/active-directory
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
},
"isLsoShared": false,
"deviceGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
}
}
Response¶
HTTP/1.1 200 OK
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
}
}
Edit AAA Active Directory Server¶
PUT /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
}
}
Response¶
HTTP/1.1 200 OK
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
}
}
Edit AAA Active Directory Server¶
PATCH /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"isLsoShared": false,
}
Response¶
HTTP/1.1 200 OK
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
}
}
Delete AAA Active Directory Server¶
DELETE /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>
Response¶
HTTP/1.1 200 OK
{
"usePool": "disabled",
"domain": "something.something.com",
"domainController": "something.something.com",
"domainControllers": [{
"ip": "1.1.1.18",
"host": "host"
}],
"adminName": "admin",
"adminEncryptedPassword": "admin",
"groupCacheTtl": 30,
"padata": "none",
"kdcLockoutDuration": 0,
"psoCacheTtl": 30,
"timeout": 15,
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
}
}