Class aaa:LdapProvider (CONCRETE)

Class ID:1606
Class Label: LDAP Provider
Encrypted: true - Exportable: true - Persistent: true - Configurable: true - Subject to Quota: Disabled - Abstraction Layer: Ambiguous Placement in the Model
Write Access: [aaa, admin]
Read Access: [aaa, admin]
Creatable/Deletable: yes (see Container Mos for details)
Semantic Scope: Fabric
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: true, HasStats: false, HasFaults: true, HasHealth: true, HasEventRules: false ]

An LDAP provider is a remote server supporting the LDAP protocol that will be used for authentication.

Naming Rules
RN FORMAT: ldapprovider-{name}

    [1] PREFIX=ldapprovider- PROPERTY = name




DN FORMAT: 

[1] uni/userext/ldapext/ldapprovider-{name}

                


Diagram

Super Mo: aaa:AProvider,
Container Mos: aaa:LdapEp (deletable:yes),
Contained Mos: tag:Annotation, tag:Tag,
Relations To: fv:AREpP, fv:ATg,
Relations: aaa:RsProvToEpp, aaa:RsSecProvToEpg,


Containers Hierarchies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] fabric:Topology The root for IFC topology.
 
 ├
[V] fabric:Pod A pod.
 
 
 ├
[V] fabric:Node The root node for the APIC.
 
 
 
 ├
[V] ctx:Local The local Context.
 
 
 
 
 ├
[V] ctx:Application The context application.
 
 
 
 
 
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 
 
 
 
 
 ├
[V] aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control
 
 
 
 
 
 
 
 ├
[V] aaa:LdapEp The global security management properties for LDAP endpoints and LDAP provider groups.
 
 
 
 
 
 
 
 
 ├
[V] aaa:LdapProvider An LDAP provider is a remote server supporting the LDAP protocol that will be used for authentication.
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 ├
[V] aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control
 
 
 ├
[V] aaa:LdapEp The global security management properties for LDAP endpoints and LDAP provider groups.
 
 
 
 ├
[V] aaa:LdapProvider An LDAP provider is a remote server supporting the LDAP protocol that will be used for authentication.


Contained Hierarchy
[V] aaa:LdapProvider An LDAP provider is a remote server supporting the LDAP protocol that will be used for authentication.
 ├
[V] aaa:RsProvToEpp 
 ├
[V] aaa:RsSecProvToEpg A source relation to the endpoint group through which the provider server is reachable.
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 ├
[V] fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] health:Inst A base class for a health score instance.(Switch only)
 ├
[V] tag:Annotation 
 ├
[V] tag:Tag 


Inheritance
[V] naming:NamedObject An abstract base class for an object that contains a name.
 ├
[V] pol:Obj Represents a generic policy object.
 
 ├
[V] pol:Def Represents self-contained policy document.
 
 
 ├
[V] aaa:Definition The AAA policy definition. This is an abstract class and cannot be instantiated.
 
 
 
 ├
[V] aaa:AProvider An abstract class that is the superclass for the Radius/Tacacs/Ldap provider classes.
 
 
 
 
 ├
[V] aaa:LdapProvider An LDAP provider is a remote server supporting the LDAP protocol that will be used for authentication.


Events
                aaa:LdapProvider:creation__aaa_LdapProvider
aaa:LdapProvider:modification__aaa_LdapProvider
aaa:LdapProvider:deletion__aaa_LdapProvider


Faults
                aaa:LdapProvider:ldapProvider_Inoperable
aaa:LdapProvider:ldapProviderInoperable


Fsms
                


Properties Summary
Defined in: aaa:LdapProvider
aaa:LdapSSLStrictnessLevel
          scalar:Enum8
SSLValidationLevel  (aaa:LdapProvider:SSLValidationLevel)
           The LDAP Server SSL Certificate validation level.
mo:Annotation
          string:Basic
annotation  (aaa:LdapProvider:annotation)
           NO COMMENTS
aaa:LdapAttribute
          string:Basic
attribute  (aaa:LdapProvider:attribute)
           The attribute to be downloaded that contains user role and domain information. If specified, this property takes precedence over the value of the LDAP attribute specified in the default LDAP parameters pane (Admin -> AAA -> Ldap Management).
aaa:LdapDn
          string:Basic
basedn  (aaa:LdapProvider:basedn)
           The LDAP base DN to be used in a user search. If specified, this property takes precedence over the value of the LDAP base DN specified in the Default LDAP Authentication Settings pane (Admin > AAA > LDAP Management).
scalar:Bool enableSSL  (aaa:LdapProvider:enableSSL)
           A property for enabling an SSL connection with the LDAP provider.
mo:ExtMngdByType
          scalar:Bitmask32
extMngdBy  (aaa:LdapProvider:extMngdBy)
           NO COMMENTS
aaa:LdapFilter
          string:Basic
filter  (aaa:LdapProvider:filter)
           The LDAP filter to be used in a user search.
reference:BinRef monPolDn  (aaa:LdapProvider:monPolDn)
           The monitoring policy attached to this observable object.
naming:Name
          string:Basic
name  (aaa:LdapProvider:name)
           Overrides:aaa:AProvider:name | aaa:Definition:name | pol:Obj:name | naming:NamedObject:name
           The hostname or IP address of the LDAP provider (read-only). If SSL is enabled, this field must match a Common Name (CN) in the security certificate of the LDAP database. Note that if you use a hostname instead of an IP address, you must configure a DNS server in the VNMC server.
aaa:Port
          scalar:Uint32
port  (aaa:LdapProvider:port)
           The service port number for the LDAP service.
aaa:LdapDn
          string:Basic
rootdn  (aaa:LdapProvider:rootdn)
           The root DN or bind DN of the LDAP provider.
aaa:TimeSec
          scalar:Uint32
timeout  (aaa:LdapProvider:timeout)
           Overrides:aaa:AProvider:timeout
           The timeout for communication with an LDAP provider server.
Defined in: aaa:AProvider
reference:BinRef epgDn  (aaa:AProvider:epgDn)
           Management EpG dn
aaa:Key
          string:Password
key  (aaa:AProvider:key)
           A password for the AAA provider database.
aaa:MonitorServerType
          scalar:Enum8
monitorServer  (aaa:AProvider:monitorServer)
          
aaa:MonitoringPasswordType
          string:Password
monitoringPassword  (aaa:AProvider:monitoringPassword)
          
aaa:MonitoringUserType
          string:Basic
monitoringUser  (aaa:AProvider:monitoringUser)
          
aaa:ProviderState
          scalar:Enum8
operState  (aaa:AProvider:operState)
           The current state of the provider.
aaa:Retries
          scalar:Uint32
retries  (aaa:AProvider:retries)
           null
aaa:ProviderSnmpIndex
          scalar:Uint32
snmpIndex  (aaa:AProvider:snmpIndex)
           null
l3:VrfName
          string:Basic
vrfName  (aaa:AProvider:vrfName)
           The vrf that this client group belongs to
Defined in: pol:Def
naming:Descr
          string:Basic
descr  (pol:Def:descr)
           Specifies a description of the policy definition.
naming:Descr
          string:Basic
ownerKey  (pol:Def:ownerKey)
           The key for enabling clients to own their data for entity correlation.
naming:Descr
          string:Basic
ownerTag  (pol:Def:ownerTag)
           A tag for enabling clients to add their own data. For example, to indicate who created this object.
Defined in: naming:NamedObject
naming:NameAlias
          string:Basic
nameAlias  (naming:NamedObject:nameAlias)
           NO COMMENTS
Defined in: mo:Modifiable
mo:TStamp
          scalar:Date
modTs  (mo:Modifiable:modTs)
           The time when this object was last modified.
Defined in: mo:Ownable
scalar:Uint16 uid  (mo:Ownable:uid)
           A unique identifier for this object.
Defined in: mo:Resolvable
mo:Owner
          scalar:Enum8
lcOwn  (mo:Resolvable:lcOwn)
           A value that indicates how this object was created. For internal use only.
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Properties Detail

SSLValidationLevel

Type: aaa:LdapSSLStrictnessLevel
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
The LDAP Server SSL Certificate validation level.
Constants
strict 0 Strict NO COMMENTS
permissive 1 Permissive NO COMMENTS
DEFAULT strict(0) Strict NO COMMENTS





annotation

Type: mo:Annotation
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+
    Comments:
NO COMMENTS



attribute

Type: aaa:LdapAttribute
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
    Comments:
The attribute to be downloaded that contains user role and domain information. If specified, this property takes precedence over the value of the LDAP attribute specified in the default LDAP parameters pane (Admin -> AAA -> Ldap Management).
Constants
defaultValue "" --- NO COMMENTS





basedn

Type: aaa:LdapDn
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "127"
    Comments:
The LDAP base DN to be used in a user search. If specified, this property takes precedence over the value of the LDAP base DN specified in the Default LDAP Authentication Settings pane (Admin > AAA > LDAP Management).
Constants
defaultValue "" --- NO COMMENTS





childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
Specifies a description of the policy definition.



dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



enableSSL

Type: scalar:Bool

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
A property for enabling an SSL connection with the LDAP provider.
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





epgDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Management EpG dn



extMngdBy

Type: mo:ExtMngdByType
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS
Constants
undefined 0u undefined NO COMMENTS
msc 1u msc NO COMMENTS
DEFAULT undefined(0u) undefined NO COMMENTS





filter

Type: aaa:LdapFilter
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
    Comments:
The LDAP filter to be used in a user search.



key

Type: aaa:Key
Primitive Type: string:Password

Units: null
Encrypted: true
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "32"
        Allowed Chars:
            Regex: .*
    Comments:
A password for the AAA provider database.



lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A value that indicates how this object was created. For internal use only.
Constants
local 0 Local NO COMMENTS
policy 1 Policy NO COMMENTS
replica 2 Replica NO COMMENTS
resolveOnBehalf 3 ResolvedOnBehalf NO COMMENTS
implicit 4 Implicit NO COMMENTS
DEFAULT local(0) Local NO COMMENTS





modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The time when this object was last modified.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





monPolDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The monitoring policy attached to this observable object.



monitorServer

Type: aaa:MonitorServerType
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
Constants
disabled 0 Disabled NO COMMENTS
enabled 1 Enabled NO COMMENTS
DEFAULT disabled(0) Disabled NO COMMENTS





monitoringPassword

Type: aaa:MonitoringPasswordType
Primitive Type: string:Password

Units: null
Encrypted: true
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "32"
        Allowed Chars:
            Regex: .*
    Comments:



monitoringUser

Type: aaa:MonitoringUserType
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Regex: [a-zA-Z0-9][a-zA-Z0-9_.@-]{0,31}
    Comments:



name

Type: naming:Name
Primitive Type: string:Basic

Overrides:aaa:AProvider:name  |  aaa:Definition:name  |  pol:Obj:name  |  naming:NamedObject:name
Units: null Encrypted: false Naming Property -- [NAMING RULES] Access: naming Category: TopLevelRegular Property Validators: Range: min: "1" max: "64" Allowed Chars: Regex: [a-zA-Z0-9_.:-]+
    Comments:
The hostname or IP address of the LDAP provider (read-only). If SSL is enabled, this field must match a Common Name (CN) in the security certificate of the LDAP database. Note that if you use a hostname instead of an IP address, you must configure a DNS server in the VNMC server.



nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.-]+
    Comments:
NO COMMENTS



operState

Type: aaa:ProviderState
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The current state of the provider.
Constants
unknown 0 Unknown NO COMMENTS
operable 1 Operable NO COMMENTS
inoperable 2 Inoperable NO COMMENTS
DEFAULT unknown(0) Unknown NO COMMENTS





ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
The key for enabling clients to own their data for entity correlation.



ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
A tag for enabling clients to add their own data. For example, to indicate who created this object.



port

Type: aaa:Port
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: (long)1l  max: (long)65535l
    Comments:
The service port number for the LDAP service.
Constants
defaultValue 389u --- NO COMMENTS





retries

Type: aaa:Retries
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: (long)0l  max: (long)5l
    Comments:
null
Constants
defaultValue 1u --- NO COMMENTS





rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



rootdn

Type: aaa:LdapDn
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "127"
    Comments:
The root DN or bind DN of the LDAP provider.



snmpIndex

Type: aaa:ProviderSnmpIndex
Primitive Type: scalar:Uint32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
null



status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






timeout

Type: aaa:TimeSec
Primitive Type: scalar:Uint32

Overrides:aaa:AProvider:timeout
Units: sec Encrypted: false Access: admin Category: TopLevelRegular Property Validators: Range: min: (long)5l max: (long)60l
    Comments:
The timeout for communication with an LDAP provider server.
Constants
defaultValue 30u --- NO COMMENTS





uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A unique identifier for this object.



vrfName

Type: l3:VrfName
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The vrf that this client group belongs to