LDAP Server¶
Overview¶
This document describes the API to configure AAA LDAP servers and their properties in BIG-IQ.
REST Endpoint: /mgmt/cm/access/working-config/apm/aaa/ldap¶
Requests¶
GET /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
| usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
| adminDn | string | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
| name | string | The name of the object. |
| partition | string | The BIG-IP partition where the object should be placed. |
| subPath | string | The BIG-IP partition where the object should be placed. |
| lsoDeviceReference | reference | Reference to the device. |
| name | string | Device name. Typically it is device’s hostname. |
| machineId | string | The machine ID of the device. |
| link | string | URI link of the reference. |
| isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
| deviceGroupReference | reference | Name of the device group. |
| name | string | Name of the Device Group |
| link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
| Role | Allow |
|---|---|
| Application_Editor | Yes |
| Service_Catalog_Viewer | Yes |
| Service_Catalog_Editor | Yes |
| Trust_Discovery_Import | Yes |
| Access_View | Yes |
| Access_Edit | Yes |
| Access_Manager | Yes |
| Application_Manager | Yes |
| Application_Viewer | Yes |
| Trust_Discovery_Import | Yes |
| Access_Deploy | Yes |
| Access_Policy_Editor | Yes |
POST /mgmt/cm/access/working-config/apm/aaa/ldap¶
Request Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| isLdaps | string | False | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
| usePool | string | True | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | True | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | False | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | True | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | True | Administrator password for your LDAP AAA server. |
| adminDn | string | False | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | True | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | False | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | True | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | False | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | False | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | False | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | False | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | False | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | False | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | False | Attribute used to add users to a group. Default value is dn. |
| name | string | True | The name of the object. |
| partition | string | True | The BIG-IP partition where the object should be placed. |
| subPath | string | False | The BIG-IP partition where the object should be placed. |
| lsoDeviceReference | reference | False | Reference to the device. |
| link | string | False | URI link of the reference. |
| isLsoShared | boolean | True | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
| deviceGroupReference | reference | False | Name of the device group. |
| link | string | False | URI link of the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
| usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
| adminDn | string | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
| name | string | The name of the object. |
| partition | string | The BIG-IP partition where the object should be placed. |
| subPath | string | The BIG-IP partition where the object should be placed. |
| lsoDeviceReference | reference | Reference to the device. |
| name | string | Device name. Typically it is device’s hostname. |
| machineId | string | The machine ID of the device. |
| link | string | URI link of the reference. |
| isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
| deviceGroupReference | reference | Name of the device group. |
| name | string | Name of the Device Group |
| link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
| Role | Allow |
|---|---|
| Application_Editor | No |
| Service_Catalog_Viewer | No |
| Service_Catalog_Editor | No |
| Trust_Discovery_Import | No |
| Access_View | No |
| Access_Edit | Yes |
| Access_Manager | Yes |
| Application_Manager | No |
| Application_Viewer | No |
| Trust_Discovery_Import | No |
| Access_Deploy | No |
| Access_Policy_Editor | No |
PUT /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| isLdaps | string | False | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
| usePool | string | True | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | False | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | False | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | False | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | False | Administrator password for your LDAP AAA server. |
| adminDn | string | False | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | False | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | False | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | False | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | False | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | False | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | False | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | False | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | False | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | False | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | False | Attribute used to add users to a group. Default value is dn. |
| name | string | False | The name of the object. |
| partition | string | False | The BIG-IP partition where the object should be placed. |
| subPath | string | False | The BIG-IP partition where the object should be placed. |
| lsoDeviceReference | reference | False | Reference to the device. |
| name | string | False | Device name. Typically it is device’s hostname. |
| machineId | string | False | The machine ID of the device. |
| link | string | False | URI link of the reference. |
| isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
| deviceGroupReference | reference | False | Name of the device group. |
| name | string | False | Name of the Device Group |
| link | string | False | URI link of the reference. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
| usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
| adminDn | string | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
| name | string | The name of the object. |
| partition | string | The BIG-IP partition where the object should be placed. |
| subPath | string | The BIG-IP partition where the object should be placed. |
| lsoDeviceReference | reference | Reference to the device. |
| name | string | Device name. Typically it is device’s hostname. |
| machineId | string | The machine ID of the device. |
| link | string | URI link of the reference. |
| isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
| deviceGroupReference | reference | Name of the device group. |
| name | string | Name of the Device Group |
| link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
| Role | Allow |
|---|---|
| Application_Editor | No |
| Service_Catalog_Viewer | No |
| Service_Catalog_Editor | No |
| Trust_Discovery_Import | No |
| Access_View | No |
| Access_Edit | Yes |
| Access_Manager | Yes |
| Application_Manager | No |
| Application_Viewer | No |
| Trust_Discovery_Import | No |
| Access_Deploy | No |
| Access_Policy_Editor | No |
PATCH /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| usePool | string | True | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | False | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | False | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | False | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | False | Administrator password for your LDAP AAA server. |
| adminDn | string | False | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | False | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | False | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | False | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | False | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | False | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | False | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | False | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | False | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | False | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | False | Attribute used to add users to a group. Default value is dn. |
| isLsoShared | boolean | False | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
| usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
| adminDn | string | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
| name | string | The name of the object. |
| partition | string | The BIG-IP partition where the object should be placed. |
| subPath | string | The BIG-IP partition where the object should be placed. |
| lsoDeviceReference | reference | Reference to the device. |
| name | string | Device name. Typically it is device’s hostname. |
| machineId | string | The machine ID of the device. |
| link | string | URI link of the reference. |
| isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
| deviceGroupReference | reference | Name of the device group. |
| name | string | Name of the Device Group |
| link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
| Role | Allow |
|---|---|
| Application_Editor | No |
| Service_Catalog_Viewer | No |
| Service_Catalog_Editor | No |
| Trust_Discovery_Import | No |
| Access_View | No |
| Access_Edit | Yes |
| Access_Manager | Yes |
| Application_Manager | No |
| Application_Viewer | No |
| Trust_Discovery_Import | No |
| Access_Deploy | No |
| Access_Policy_Editor | No |
DELETE /mgmt/cm/access/working-config/apm/aaa/ldap/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| isLdaps | string | On UsePool Enabled, we use two types of modes for LDAP configuration, LDAPS and LDAP. LDAPS is required to securely encrypt authentication messages between Access Policy manager and the LDAP server. |
| usePool | string | To authenticate users using LDAP servers. Use Pool to create a high availability configuration. Use Direct to specify one LDAP server for APM to use to authenticate users. |
| port | number | Port number of the server configuration. The default port is 389 for LDAP and 636 for LDAPS. |
| baseDn | string | Distinguished name (DN) from which to search. The search DN is used to search groups across a whole directory. |
| address | string | IP address for the direct connection. IP address is required if UsePool is enabled. |
| adminEncryptedPassword | string | Administrator password for your LDAP AAA server. |
| adminDn | string | Distinguished name of the user with administrator rights. |
| groupCacheTtl | number | Number of days for the BIG-IP system to cache groups. When the lifetime elapses, APM clears the cache prevents invalid groups from being retained. The default lifetime is 30 days. |
| serversslProfile | string | Select an SSL server profile. Configure if Mode is LDAPS. |
| timeout | number | Timeout interval (in seconds) for connecting to the AAA server. |
| schemaAttr | object | Access Policy Manager provides Active Directory-specific default values for the LDAP schema-specific attribute names. You can change them to reflect your schema. |
| userObjectClass | string | Value of the resourceClass attribute for a user resource. Default value is user. |
| userMemberof | string | User resource maintains a group membership. Specify the value of the membership attribute. Default value is memberOf. |
| groupObjectClass | string | Value of the resourceClass attribute for a group resource. Default value is Group. |
| groupMemberof | string | Group resource maintains membership in other groups, specify the value of the membership attribute. Default value is memberOf |
| groupMember | string | Group resource maintains a list of users that belong to it, specify the value of the attribute that indicates this. Default value is member. |
| groupMemberValue | string | Attribute used to add users to a group. Default value is dn. |
| name | string | The name of the object. |
| partition | string | The BIG-IP partition where the object should be placed. |
| subPath | string | The BIG-IP partition where the object should be placed. |
| lsoDeviceReference | reference | Reference to the device. |
| name | string | Device name. Typically it is device’s hostname. |
| machineId | string | The machine ID of the device. |
| link | string | URI link of the reference. |
| isLsoShared | boolean | Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations. |
| deviceGroupReference | reference | Name of the device group. |
| name | string | Name of the Device Group |
| link | string | URI link of the reference. |
Error Response¶
HTTP/1.1 400 Bad Request
This response status is related to error conditions. A detailed error message displays in the response.
HTTP/1.1 401 Unauthorized
This response happens when access is denied due to invalid credentials (no permission).
Permissions¶
| Role | Allow |
|---|---|
| Application_Editor | No |
| Service_Catalog_Viewer | No |
| Service_Catalog_Editor | No |
| Trust_Discovery_Import | No |
| Access_View | No |
| Access_Edit | Yes |
| Access_Manager | Yes |
| Application_Manager | No |
| Application_Viewer | No |
| Trust_Discovery_Import | No |
| Access_Deploy | No |
| Access_Policy_Editor | No |
Examples¶
Get AAA LDAP Server¶
GET /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Create New AAA LDAP Server¶
POST /mgmt/cm/access/working-config/apm/aaa/ldap
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
}
}
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Edit AAA LDAP Server¶
PUT /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}
Edit AAA LDAP Server¶
PATCH /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
{
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"isLsoShared": false,
}
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
}
}
Delete AAA LDAP Server¶
DELETE /mgmt/cm/access/working-config/apm/aaa/ldap/<id>
Response¶
HTTP/1.1 200 OK
{
"isLdaps": "false",
"usePool": "disabled",
"port": 389,
"baseDn": "CN=Users,DC=example,DC=com",
"address": "1.1.1.1",
"adminEncryptedPassword": "password",
"adminDn": "CN=Users,DC=example,DC=com",
"groupCacheTtl": 30,
"serversslProfile": "/Common/sslProfile",
"timeout": 15,
"schemaAttr": {
"userObjectClass": "user",
"userMemberof": "memberOf",
"groupObjectClass": "group",
"groupMemberof": "memberOf",
"groupMember": "member",
"groupMemberValue": "dn"
},
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"name": "bigip.foo.com",
"machineId": "844dcf8a-4d03-48e4-bb94-bb22a4bc2436",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "dg",
"link": "https://localhost/mgmt/shared/foo/bar/844dcf8a-4d03-48e4-bb94-bb22a4bc2436"
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"kind": "cm:access:working-config:apm:aaa:state",
"selfLink": "https://localhost/mgmt/cm/access/working-config/apm/f0938680-57d5-377f-8c73-da4c2ce561ed"
}