Product Documentation

aaaldapparams

Sep 01, 2016

Configuration for LDAP parameter resource.

Properties (click to see Operations)

Name Data Type Permissions Description
serverip
<String>
Read-write
IP address of your LDAP server.
serverport
<Integer>
Read-write
Port number on which the LDAP server listens for connections.
Default value: 389
Minimum value = 1
authtimeout
<Double>
Read-write
Maximum number of seconds that the NetScaler appliance waits for a response from the LDAP server.
Default value: 3
Minimum value = 1
ldapbase
<String>
Read-write
Base (the server and location) from which LDAP search commands should start.
If the LDAP server is running locally, the default value of base is dc=netscaler, dc=com.
ldapbinddn
<String>
Read-write
Complete distinguished name (DN) string used for binding to the LDAP server.
ldapbinddnpassword
<String>
Read-write
Password for binding to the LDAP server.
Minimum length = 1
ldaploginname
<String>
Read-write
Name attribute that the NetScaler appliance uses to query the external LDAP server or an Active Directory.
searchfilter
<String>
Read-write
String to be combined with the default LDAP user search string to form the value to use when executing an LDAP search.
For example, the following values:
vpnallowed=true,
ldaploginame=""samaccount""
when combined with the user-supplied username ""bob"", yield the following LDAP search string:
""(&(vpnallowed=true)(samaccount=bob)"".
Minimum length = 1
groupattrname
<String>
Read-write
Attribute name used for group extraction from the LDAP server.
subattributename
<String>
Read-write
Subattribute name used for group extraction from the LDAP server.
sectype
<String>
Read-write
Type of security used for communications between the NetScaler appliance and the LDAP server. For the PLAINTEXT setting, no encryption is required.
Default value: PLAINTEXT
Possible values = PLAINTEXT, TLS, SSL
svrtype
<String>
Read-write
The type of LDAP server.
Default value: AAA_LDAP_SERVER_TYPE_DEFAULT
Possible values = AD, NDS
ssonameattribute
<String>
Read-write
Attribute used by the NetScaler appliance to query an external LDAP server or Active Directory for an alternative username.
This alternative username is then used for single sign-on (SSO).
passwdchange
<String>
Read-write
Accept password change requests.
Default value: DISABLED
Possible values = ENABLED, DISABLED
nestedgroupextraction
<String>
Read-write
Queries the external LDAP server to determine whether the specified group belongs to another group.
Default value: OFF
Possible values = ON, OFF
maxnestinglevel
<Double>
Read-write
Number of levels up to which the system can query nested LDAP groups.
Default value: 2
Minimum value = 2
groupnameidentifier
<String>
Read-write
LDAP-group attribute that uniquely identifies the group. No two groups on one LDAP server can have the same group name identifier.
groupsearchattribute
<String>
Read-write
LDAP-group attribute that designates the parent group of the specified group. Use this attribute to search for a group?s parent group.
groupsearchsubattribute
<String>
Read-write
LDAP-group subattribute that designates the parent group of the specified group. Use this attribute to search for a group?s parent group.
groupsearchfilter
<String>
Read-write
Search-expression that can be specified for sending group-search requests to the LDAP server.
defaultauthenticationgroup
<String>
Read-write
This is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Maximum length = 64
groupauthname
<String>
Read-only
To associate AAA users with an AAA group, use the command

"bind AAA group ... -username ...".

You can bind different policies to each AAA group. Use the command

"bind AAA group ... -policy ...".
builtin
<String[]>
Read-only
Indicates that a variable is a built-in (SYSTEM INTERNAL) type.
Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL

Operations (click to see Properties)

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http://<netscaler-ip-address>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

메모

Mandatory parameters are marked in red and placeholder content is marked in <green>.

update

URL: http://<netscaler-ip-address>/nitro/v1/config/aaaldapparams

HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"aaaldapparams":{
      "serverip":<String_value>,
      "serverport":<Integer_value>,
      "authtimeout":<Double_value>,
      "ldapbase":<String_value>,
      "ldapbinddn":<String_value>,
      "ldapbinddnpassword":<String_value>,
      "ldaploginname":<String_value>,
      "searchfilter":<String_value>,
      "groupattrname":<String_value>,
      "subattributename":<String_value>,
      "sectype":<String_value>,
      "svrtype":<String_value>,
      "ssonameattribute":<String_value>,
      "passwdchange":<String_value>,
      "nestedgroupextraction":<String_value>,
      "maxnestinglevel":<Double_value>,
      "groupnameidentifier":<String_value>,
      "groupsearchattribute":<String_value>,
      "groupsearchsubattribute":<String_value>,
      "groupsearchfilter":<String_value>,
      "defaultauthenticationgroup":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL: http://<netscaler-ip-address>/nitro/v1/config/aaaldapparams?action=unset

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Content-Type:application/json

Request Payload:

{"aaaldapparams":{
      "serverip":true,
      "serverport":true,
      "authtimeout":true,
      "ldapbase":true,
      "ldapbinddn":true,
      "ldapbinddnpassword":true,
      "ldaploginname":true,
      "searchfilter":true,
      "groupattrname":true,
      "subattributename":true,
      "sectype":true,
      "svrtype":true,
      "ssonameattribute":true,
      "passwdchange":true,
      "nestedgroupextraction":true,
      "maxnestinglevel":true,
      "groupnameidentifier":true,
      "groupsearchattribute":true,
      "groupsearchsubattribute":true,
      "groupsearchfilter":true,
      "defaultauthenticationgroup":true
}}

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http://<netscaler-ip-address>/nitro/v1/config/aaaldapparams

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Accept:application/json

Response:

HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Headers:

Content-Type:application/json

Response Payload:

{ "aaaldapparams": [ {
      "serverip":<String_value>,
      "serverport":<Integer_value>,
      "authtimeout":<Double_value>,
      "ldapbinddn":<String_value>,
      "ldaploginname":<String_value>,
      "ldapbase":<String_value>,
      "sectype":<String_value>,
      "svrtype":<String_value>,
      "ssonameattribute":<String_value>,
      "searchfilter":<String_value>,
      "groupattrname":<String_value>,
      "subattributename":<String_value>,
      "groupauthname":<String_value>,
      "passwdchange":<String_value>,
      "nestedgroupextraction":<String_value>,
      "maxnestinglevel":<Double_value>,
      "groupnameidentifier":<String_value>,
      "groupsearchattribute":<String_value>,
      "groupsearchsubattribute":<String_value>,
      "groupsearchfilter":<String_value>,
      "defaultauthenticationgroup":<String_value>,
      "builtin":<String[]_value>
}]}