AuthProfile

uuid

Type: string
Category: required
Description: UUID of the Auth Profile.

name

Type: string
Category: required
Description: Name of the Auth Profile.

type

Type: enum
Category: required
Description: Type of the Auth Profile.
Choices: AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS

ldap

Type: LdapAuthSettings
Category: optional
Description: LDAP server and directory settings.

http

Type: AuthProfileHTTPClientParams
Category: optional
Description: HTTP user authentication params.

tacacs_plus

Type: TacacsPlusAuthSettings
Category: optional
Description: TACACS+ settings

description

Type: string
Category: optional
Description

tenant_ref

Type: Reference to Tenant
Category: required
Description

LdapAuthSettings

server

Type: string
Category: repeated
Description: LDAP server IP address

port

Type: uint32
Category: optional
Description: Query the LDAP servers on this port.
Default: 389

security_mode

Type: enum
Category: optional
Description: LDAP connection security mode.
Choices: AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS

base_dn

Type: string
Category: optional
Description: The LDAP base DN. For example, avinetworks,com would be DC=avinetworks,DC=com

bind_as_administrator

Type: bool
Category: optional
Description: LDAP administrator credentials are used to search for users and group memberships.
Default: True

settings

Type: LdapDirectorySettings
Category: optional
Description: LDAP full directory configuration with administrator credentials

user_bind

Type: LdapUserBindSettings
Category: optional
Description: LDAP anonymous bind configuration

email_attribute

Type: string
Category: optional
Description: LDAP attribute that refers to user email
Default: email

full_name_attribute

Type: string
Category: optional
Description: LDAP attribute that refers to user's full name
Default: name

LdapDirectorySettings

admin_bind_dn

Type: string
Category: optional
Description: LDAP Admin User DN. Administrator credentials are required to search for users under user search DN or groups under group search DN.

password

Type: string
Category: optional
Description: LDAP Admin User Password

user_search_dn

Type: string
Category: optional
Description: LDAP user search DN is the root of search for a given user in the LDAP directory. Only user records present in this LDAP directory sub-tree will be validated.

user_search_scope

Type: enum
Category: optional
Description: LDAP user search scope defines how deep to search for the user starting from user search DN.
Default: AUTH_LDAP_SCOPE_ONE
Choices: AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE

user_id_attribute

Type: string
Category: optional
Description: LDAP user id attribute is the login attribute that uniquely identifies a single user record.

user_attributes

Type: string
Category: repeated
Description: LDAP user attributes to fetch on a successful user bind.

group_search_dn

Type: string
Category: optional
Description: LDAP group search DN is the root of search for a given group in the LDAP directory. Only matching groups present in this LDAP directory sub-tree will be checked for user membership.

group_member_attribute

Type: string
Category: optional
Description: LDAP group attribute that identifies each of the group members.
Default: member

group_search_scope

Type: enum
Category: optional
Description: LDAP group search scope defines how deep to search for the group starting from the group search DN.
Default: AUTH_LDAP_SCOPE_SUBTREE
Choices: AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE

group_member_is_full_dn

Type: bool
Category: optional
Description: Group member entries contain full DNs instead of just user id attribute values
Default: True

group_filter

Type: string
Category: optional
Description: Group filter is used to identify groups during search
Default: (objectClass=*)

ignore_referrals

Type: bool
Category: optional
Description: During user or group search, ignore searching referrals.
Default: False

LdapUserBindSettings

dn_template

Type: string
Category: optional
Description: LDAP user DN pattern is used to bind LDAP user after replacing the user token with real username.

token

Type: string
Category: optional
Description: LDAP token is replaced with real user name in the user DN pattern.
Default

user_id_attribute

Type: string
Category: optional
Description: LDAP user id attribute is the login attribute that uniquely identifies a single user record.

user_attributes

Type: string
Category: repeated
Description: LDAP user attributes to fetch on a successful user bind.

AuthProfileHTTPClientParams

request_header

Type: string
Category: optional
Description: Insert an HTTP header. This field is used to define the header name. The value of the header is set to the client's HTTP Auth user ID.

cache_expiration_time

Type: int32
Category: optional
Description: The max allowed length of time a clients authentication is cached
Units: sec
Default: 5

require_user_groups

Type: string
Category: repeated
Description: A user should be a member of these groups. Each group is defined by the DN. For example, CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com

group_member_is_full_dn

Type: bool
Category: optional
Description: Group member entries contain full DNs instead of just user id attribute values
Default: False

TacacsPlusAuthSettings

server

Type: string
Category: repeated
Description: TACACS+ server IP address

port

Type: uint32
Category: optional
Description: TACACS+ server listening port
Default: 49

password

Type: string
Category: optional
Description: TACACS+ server shared secret

service

Type: enum
Category: optional
Description: TACACS+ service
Default: AUTH_TACACS_PLUS_SERVICE_LOGIN
Choices: AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY

authorization_attrs

Type: AuthTacacsPlusAttributeValuePair
Category: repeated
Description: TACACS+ authorization attribute value pairs

AuthTacacsPlusAttributeValuePair

name

Type: string
Category: optional
Description: attribute name

value

Type: string
Category: optional
Description: attribute value

mandatory

Type: bool
Category: optional
Description: mandatory

AuthProfile

Description

API

CLI

Data

AuthProfile

LdapAuthSettings

LdapDirectorySettings

LdapUserBindSettings

AuthProfileHTTPClientParams

TacacsPlusAuthSettings

AuthTacacsPlusAttributeValuePair

References

Sub Objects