LDAP Server¶
Overview¶
This document describes the API to configure AAA LDAP servers and their properties in BIG-IQ.
REST Endpoint: /mgmt/cm/access/working-config/apm/aaa/ldap¶
Requests¶
GET /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
adminDn | string | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically it is device’s hostname. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Name of the device group. |
name | string | Name of the Device Group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | Yes |
Service_Catalog_Viewer | Yes |
Service_Catalog_Editor | Yes |
Trust_Discovery_Import | Yes |
Access_View | Yes |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | Yes |
Application_Viewer | Yes |
Trust_Discovery_Import | Yes |
Access_Deploy | Yes |
Access_Policy_Editor | Yes |
POST /mgmt/cm/access/working-config/apm/aaa/ldap¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
isLdaps | string | False | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
usePool | string | True | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | True | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | False | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | True | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | True | Administrator password for your LDAP AAA server. |
adminDn | string | False | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | True | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | False | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | True | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | False | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | False | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | False | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | False | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | False | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | False | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | False | Attribute used to add users to a group. Default value is dn. |
name | string | True | The name of the object. |
partition | string | True | The BIG-IP partition where the object should be placed. |
subPath | string | False | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | False | Reference to the device. |
link | string | False | URI link of the reference. |
isLsoShared | boolean | True | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Name of the device group. |
link | string | False | URI link of the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
adminDn | string | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically it is device’s hostname. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Name of the device group. |
name | string | Name of the Device Group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PUT /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
isLdaps | string | False | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
usePool | string | True | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | False | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | False | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | False | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | False | Administrator password for your LDAP AAA server. |
adminDn | string | False | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | False | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | False | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | False | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | False | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | False | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | False | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | False | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | False | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | False | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | False | Attribute used to add users to a group. Default value is dn. |
name | string | False | The name of the object. |
partition | string | False | The BIG-IP partition where the object should be placed. |
subPath | string | False | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | False | Reference to the device. |
name | string | False | Device name. Typically it is device’s hostname. |
machineId | string | False | The machine ID of the device. |
link | string | False | URI link of the reference. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | False | Name of the device group. |
name | string | False | Name of the Device Group |
link | string | False | URI link of the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
adminDn | string | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically it is device’s hostname. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Name of the device group. |
name | string | Name of the Device Group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
PATCH /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
usePool | string | True | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | False | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | False | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | False | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | False | Administrator password for your LDAP AAA server. |
adminDn | string | False | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | False | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | False | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | False | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | False | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | False | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | False | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | False | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | False | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | False | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | False | Attribute used to add users to a group. Default value is dn. |
isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
adminDn | string | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically it is device’s hostname. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Name of the device group. |
name | string | Name of the Device Group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
DELETE /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
adminDn | string | Distinguished name of the user with administrator rights. |
groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
name | string | The name of the object. |
partition | string | The BIG-IP partition where the object should be placed. |
subPath | string | The BIG-IP partition where the object should be placed. |
lsoDeviceReference | reference | Reference to the device. |
name | string | Device name. Typically it is device’s hostname. |
machineId | string | The machine ID of the device. |
link | string | URI link of the reference. |
isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
deviceGroupReference | reference | Name of the device group. |
name | string | Name of the Device Group |
link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
Role | Allow |
---|---|
Application_Editor | No |
Service_Catalog_Viewer | No |
Service_Catalog_Editor | No |
Trust_Discovery_Import | No |
Access_View | No |
Access_Edit | Yes |
Access_Manager | Yes |
Application_Manager | No |
Application_Viewer | No |
Trust_Discovery_Import | No |
Access_Deploy | No |
Access_Policy_Editor | No |
Examples¶
Get AAA LDAP Server¶
GET /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Create New AAA LDAP Server¶
POST /mgmt/cm/access/working-config/apm/aaa/ldap
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
}
}
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Edit AAA LDAP Server¶
PUT /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Edit AAA LDAP Server¶
PATCH /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
{
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"isLsoShared": false,
}
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
}
}
Delete AAA LDAP Server¶
DELETE /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}