ldap_auth_service : The LDAP authentication service object.

LDAP (Lightweight Directory Access Protocol) is an internet protocol for accessing distributed directory services. The appliance can authenticate admin accounts by verifying user names and passwords against LDAP. This object is used to configure the LDAP authentication service.

Object Reference

References to ldap_auth_service are object references.

The name part of the LDAP authentication service object has following components:

• The name of the LDAP authentication service

Example: ldap_auth_service/ZG5zLm5ldHdvcmtfdmlldyQxMTk:LDAPAuth

Restrictions

The object does not support the following operations:

• Scheduling
• CSV export

The object cannot be managed on Cloud Platform members.

Fields

These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.

The basic version of the object contains the field(s): comment, disable, ldap_user_attribute, mode, name.

The following fields are required to create this object:

Field	Notes
ldap_user_attribute
name
recovery_interval
retries
servers
timeout

comment

comment

The LDAP descriptive comment.

Type

String.

Create

The default value is empty.

Search

The field is available for search via

• ‘:=’ (case insensitive search)
• ‘=’ (exact equality)
• ‘~=’ (regular expression)

Notes

The comment is part of the base object.

disable

disable

Determines if the LDAP authentication service is disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

Notes

The disable is part of the base object.

ea_mapping

ea_mapping

The mapping LDAP fields to extensible attributes.

Type

A/An The LDAP extensible attribute mapping struct array.

Create

The default value is:

empty

Search

The field is not available for search.

ldap_group_attribute

ldap_group_attribute

The name of the LDAP attribute that defines group membership.

Type

String.

Create

The default value is memberOf.

Search

The field is not available for search.

ldap_group_authentication_type

ldap_group_authentication_type

The LDAP group authentication type.

Type

String.

Valid values are:

• GROUP_ATTRIBUTE
• POSIX_GROUP

Create

The default value is GROUP_ATTRIBUTE.

Search

The field is not available for search.

ldap_user_attribute

ldap_user_attribute

The LDAP userid attribute that is used for search.

Type

String.

Create

The field is required on creation.

Search

The field is not available for search.

Notes

The ldap_user_attribute is part of the base object.

mode

mode

The LDAP authentication mode.

Type

String.

Valid values are:

• ORDERED_LIST
• ROUND_ROBIN

Create

The default value is ORDERED_LIST.

Search

The field is available for search via

• ‘=’ (exact equality)

Notes

The mode is part of the base object.

name

name

The LDAP authentication service name.

Type

String.

Create

The field is required on creation.

Search

The field is available for search via

• ‘:=’ (case insensitive search)
• ‘=’ (exact equality)
• ‘~=’ (regular expression)

Notes

The name is part of the base object.

recovery_interval

recovery_interval

The period of time in seconds to wait before trying to contact a LDAP server that has been marked as ‘DOWN’.

Type

Unsigned integer.

Create

The field is required on creation.

Search

The field is not available for search.

retries

retries

The maximum number of LDAP authentication attempts.

Type

Unsigned integer.

Create

The field is required on creation.

Search

The field is not available for search.

search_scope

search_scope

The starting point of the LDAP search.

Type

String.

Valid values are:

• BASE
• ONELEVEL
• SUBTREE

Create

The default value is ONELEVEL.

Search

The field is available for search via

• ‘=’ (exact equality)

servers

servers

The list of LDAP servers used for authentication.

Type

A/An The LDAP server structure struct array.

Create

The field is required on creation.

Search

The field is not available for search.

timeout

timeout

The LDAP authentication timeout in seconds.

Type

Unsigned integer.

Create

The field is required on creation.

Search

The field is not available for search.

Function Calls

check_ldap_server_settings

Test connectivity to LDAP server.

This function does not support multiple object matches when called as part of an atomic insertion operation.

Input fields

ldap_authservice ( String. ) The name of the parent LDAP authentication service.

ldap_server ( A/An The LDAP server structure struct. ). This parameter is mandatory. The LDAP server which will be tested. The ‘disable’ flag is ignored.

timeout ( Unsigned integer. ) The timeout in seconds. The default value is “5”.

Output fields

error_message ( String. ) The detailed description of failure.

overall_status ( String. Valid values are: “SUCCESS”, “FAILED” ) The overall status of the test.

Fields List

Field	Type	Req	R/O	Base	Search
comment	String	N	N	Y	: = ~
disable	Bool	N	N	Y	N/A
ea_mapping	[struct]	N	N	N	N/A
ldap_group_attribute	String	N	N	N	N/A
ldap_group_authentication_type	String	N	N	N	N/A
ldap_user_attribute	String	Y	N	Y	N/A
mode	String	N	N	Y	=
name	String	Y	N	Y	: = ~
recovery_interval	Unsigned int	Y	N	N	N/A
retries	Unsigned int	Y	N	N	N/A
search_scope	String	N	N	N	=
servers	[struct]	Y	N	N	N/A
timeout	Unsigned int	Y	N	N	N/A