Skip to content

aaaldapparams

Configuration for LDAP parameter resource.

Properties

(click to see Operations )

Name Data Type Permissions Description
serverip <String> Read-write IP address of your LDAP server.
serverport <Integer> Read-write Port number on which the LDAP server listens for connections.

Default value: 389

Minimum value = 1
authtimeout <Double> Read-write Maximum number of seconds that the Citrix ADC waits for a response from the LDAP server.

Default value: 3

Minimum value = 1
ldapbase <String> Read-write Base (the server and location) from which LDAP search commands should start.

If the LDAP server is running locally, the default value of base is dc=netscaler, dc=com.
ldapbinddn <String> Read-write Complete distinguished name (DN) string used for binding to the LDAP server.
ldapbinddnpassword <String> Read-write Password for binding to the LDAP server.

Minimum length = 1
ldaploginname <String> Read-write Name attribute that the Citrix ADC uses to query the external LDAP server or an Active Directory.
searchfilter <String> Read-write String to be combined with the default LDAP user search string to form the value to use when executing an LDAP search.

For example, the following values:

vpnallowed=true,

ldaploginame=""samaccount""

when combined with the user-supplied username ""bob"", yield the following LDAP search string:

""(;(vpnallowed=true)(samaccount=bob)"".

Minimum length = 1
groupattrname <String> Read-write Attribute name used for group extraction from the LDAP server.
subattributename <String> Read-write Subattribute name used for group extraction from the LDAP server.
sectype <String> Read-write Type of security used for communications between the Citrix ADC and the LDAP server. For the PLAINTEXT setting, no encryption is required.

Default value: TLS

Possible values = PLAINTEXT, TLS, SSL
svrtype <String> Read-write The type of LDAP server.

Default value: AAA_LDAP_SERVER_TYPE_DEFAULT

Possible values = AD, NDS
ssonameattribute <String> Read-write Attribute used by the Citrix ADC to query an external LDAP server or Active Directory for an alternative username.

This alternative username is then used for single sign-on (SSO).
passwdchange <String> Read-write Accept password change requests.

Default value: DISABLED

Possible values = ENABLED, DISABLED
nestedgroupextraction <String> Read-write Queries the external LDAP server to determine whether the specified group belongs to another group.

Default value: OFF

Possible values = ON, OFF
maxnestinglevel <Double> Read-write Number of levels up to which the system can query nested LDAP groups.

Default value: 2

Minimum value = 2
groupnameidentifier <String> Read-write LDAP-group attribute that uniquely identifies the group. No two groups on one LDAP server can have the same group name identifier.
groupsearchattribute <String> Read-write LDAP-group attribute that designates the parent group of the specified group. Use this attribute to search for a group's parent group.
groupsearchsubattribute <String> Read-write LDAP-group subattribute that designates the parent group of the specified group. Use this attribute to search for a group's parent group.
groupsearchfilter <String> Read-write Search-expression that can be specified for sending group-search requests to the LDAP server.
defaultauthenticationgroup <String> Read-write This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Maximum length = 64
groupauthname <String> Read-only To associate AAA users with an AAA group, use the command



"bind AAA group ... -username ...".



You can bind different policies to each AAA group. Use the command



"bind AAA group ... -policy ...".
builtin <String[]> Read-only Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL
feature <String> Read-only The feature to be checked while applying this config.

Operations

(click to see Properties )

  • UPDATE
  • UNSET
  • GET (ALL)

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Note:

Mandatory parameters are marked in red and placeholder content is marked in green

update

URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaldapparams

HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{"aaaldapparams":{
      "serverip":<String_value>,
      "serverport":<Integer_value>,
      "authtimeout":<Double_value>,
      "ldapbase":<String_value>,
      "ldapbinddn":<String_value>,
      "ldapbinddnpassword":<String_value>,
      "ldaploginname":<String_value>,
      "searchfilter":<String_value>,
      "groupattrname":<String_value>,
      "subattributename":<String_value>,
      "sectype":<String_value>,
      "svrtype":<String_value>,
      "ssonameattribute":<String_value>,
      "passwdchange":<String_value>,
      "nestedgroupextraction":<String_value>,
      "maxnestinglevel":<Double_value>,
      "groupnameidentifier":<String_value>,
      "groupsearchattribute":<String_value>,
      "groupsearchsubattribute":<String_value>,
      "groupsearchfilter":<String_value>,
      "defaultauthenticationgroup":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaldapparams? action=unset

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{"aaaldapparams":{
      "serverip":true,
      "serverport":true,
      "authtimeout":true,
      "ldapbase":true,
      "ldapbinddn":true,
      "ldapbinddnpassword":true,
      "ldaploginname":true,
      "searchfilter":true,
      "groupattrname":true,
      "subattributename":true,
      "sectype":true,
      "svrtype":true,
      "ssonameattribute":true,
      "passwdchange":true,
      "nestedgroupextraction":true,
      "maxnestinglevel":true,
      "groupnameidentifier":true,
      "groupsearchattribute":true,
      "groupsearchsubattribute":true,
      "groupsearchfilter":true,
      "defaultauthenticationgroup":true
}}

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaldapparams

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{ "aaaldapparams": [ {
      "serverip":<String_value>,
      "serverport":<Integer_value>,
      "authtimeout":<Double_value>,
      "ldapbinddn":<String_value>,
      "ldaploginname":<String_value>,
      "ldapbase":<String_value>,
      "sectype":<String_value>,
      "svrtype":<String_value>,
      "ssonameattribute":<String_value>,
      "searchfilter":<String_value>,
      "groupattrname":<String_value>,
      "subattributename":<String_value>,
      "groupauthname":<String_value>,
      "passwdchange":<String_value>,
      "nestedgroupextraction":<String_value>,
      "maxnestinglevel":<Double_value>,
      "groupnameidentifier":<String_value>,
      "groupsearchattribute":<String_value>,
      "groupsearchsubattribute":<String_value>,
      "groupsearchfilter":<String_value>,
      "defaultauthenticationgroup":<String_value>,
      "builtin":<String[]_value>,
      "feature":<String_value>
}]}