Skip to content

aaaldapparams

Configuration for LDAP parameter resource.

Properties

(click to see Operations)

NameData TypePermissionsDescription
serverip<String>Read-writeIP address of your LDAP server.
serverport<Integer>Read-writePort number on which the LDAP server listens for connections.
Default value: 389
Minimum value = 1
authtimeout<Double>Read-writeMaximum number of seconds that the Citrix ADC waits for a response from the LDAP server.
Default value: 3
Minimum value = 1
ldapbase<String>Read-writeBase (the server and location) from which LDAP search commands should start.
If the LDAP server is running locally, the default value of base is dc=netscaler, dc=com.
ldapbinddn<String>Read-writeComplete distinguished name (DN) string used for binding to the LDAP server.
ldapbinddnpassword<String>Read-writePassword for binding to the LDAP server.
Minimum length = 1
ldaploginname<String>Read-writeName attribute that the Citrix ADC uses to query the external LDAP server or an Active Directory.
searchfilter<String>Read-writeString to be combined with the default LDAP user search string to form the value to use when executing an LDAP search.
For example, the following values:
vpnallowed=true,
ldaploginame=""samaccount""
when combined with the user-supplied username ""bob"", yield the following LDAP search string:
""(;(vpnallowed=true)(samaccount=bob)"".
Minimum length = 1
groupattrname<String>Read-writeAttribute name used for group extraction from the LDAP server.
subattributename<String>Read-writeSubattribute name used for group extraction from the LDAP server.
sectype<String>Read-writeType of security used for communications between the Citrix ADC and the LDAP server. For the PLAINTEXT setting, no encryption is required.
Default value: PLAINTEXT
Possible values = PLAINTEXT, TLS, SSL
svrtype<String>Read-writeThe type of LDAP server.
Default value: AAA_LDAP_SERVER_TYPE_DEFAULT
Possible values = AD, NDS
ssonameattribute<String>Read-writeAttribute used by the Citrix ADC to query an external LDAP server or Active Directory for an alternative username.
This alternative username is then used for single sign-on (SSO).
passwdchange<String>Read-writeAccept password change requests.
Default value: DISABLED
Possible values = ENABLED, DISABLED
nestedgroupextraction<String>Read-writeQueries the external LDAP server to determine whether the specified group belongs to another group.
Default value: OFF
Possible values = ON, OFF
maxnestinglevel<Double>Read-writeNumber of levels up to which the system can query nested LDAP groups.
Default value: 2
Minimum value = 2
groupnameidentifier<String>Read-writeLDAP-group attribute that uniquely identifies the group. No two groups on one LDAP server can have the same group name identifier.
groupsearchattribute<String>Read-writeLDAP-group attribute that designates the parent group of the specified group. Use this attribute to search for a group's parent group.
groupsearchsubattribute<String>Read-writeLDAP-group subattribute that designates the parent group of the specified group. Use this attribute to search for a group's parent group.
groupsearchfilter<String>Read-writeSearch-expression that can be specified for sending group-search requests to the LDAP server.
defaultauthenticationgroup<String>Read-writeThis is the default group that is chosen when the authentication succeeds in addition to extracted groups.
Maximum length = 64
groupauthname<String>Read-onlyTo associate AAA users with an AAA group, use the command

"bind AAA group ... -username ...".

You can bind different policies to each AAA group. Use the command

"bind AAA group ... -policy ...".

Operations

(click to see Properties)

UPDATE| UNSET| GET (ALL)

Some options that you can use for each operations:

  • Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:

    http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note:In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Note:

Mandatory parameters are marked in redand placeholder content is marked in <green>.

update

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/aaaldapparams

HTTP Method:PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"aaaldapparams":{
"serverip":<String_value>,
"serverport":<Integer_value>,
"authtimeout":<Double_value>,
"ldapbase":<String_value>,
"ldapbinddn":<String_value>,
"ldapbinddnpassword":<String_value>,
"ldaploginname":<String_value>,
"searchfilter":<String_value>,
"groupattrname":<String_value>,
"subattributename":<String_value>,
"sectype":<String_value>,
"svrtype":<String_value>,
"ssonameattribute":<String_value>,
"passwdchange":<String_value>,
"nestedgroupextraction":<String_value>,
"maxnestinglevel":<Double_value>,
"groupnameidentifier":<String_value>,
"groupsearchattribute":<String_value>,
"groupsearchsubattribute":<String_value>,
"groupsearchfilter":<String_value>,
"defaultauthenticationgroup":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

unset

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/aaaldapparams?action=unset

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"aaaldapparams":{
"serverip":true,
"serverport":true,
"authtimeout":true,
"ldapbase":true,
"ldapbinddn":true,
"ldapbinddnpassword":true,
"ldaploginname":true,
"searchfilter":true,
"groupattrname":true,
"subattributename":true,
"sectype":true,
"svrtype":true,
"ssonameattribute":true,
"passwdchange":true,
"nestedgroupextraction":true,
"maxnestinglevel":true,
"groupnameidentifier":true,
"groupsearchattribute":true,
"groupsearchsubattribute":true,
"groupsearchfilter":true,
"defaultauthenticationgroup":true
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

get (all)

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/aaaldapparams

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "aaaldapparams": [ {
"serverip":<String_value>,
"serverport":<Integer_value>,
"authtimeout":<Double_value>,
"ldapbinddn":<String_value>,
"ldaploginname":<String_value>,
"ldapbase":<String_value>,
"sectype":<String_value>,
"svrtype":<String_value>,
"ssonameattribute":<String_value>,
"searchfilter":<String_value>,
"groupattrname":<String_value>,
"subattributename":<String_value>,
"groupauthname":<String_value>,
"passwdchange":<String_value>,
"nestedgroupextraction":<String_value>,
"maxnestinglevel":<Double_value>,
"groupnameidentifier":<String_value>,
"groupsearchattribute":<String_value>,
"groupsearchsubattribute":<String_value>,
"groupsearchfilter":<String_value>,
"defaultauthenticationgroup":<String_value>
}]}