Configuring LDAP Server Groups

You can specify one or more remote AAA servers to authenticate users using server groups. All members of a group must be configured to use LDAP. The servers are tried in the same order in which you configure them. You can configure these server groups at any time, but they take effect only when you apply them to an AAA service.

For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring an LDAP Server Group

Configuring an LDAP Server Group

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting an LDAP Server Group

Deleting an LDAP Server Group

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "name": "SampleString_123",
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list xc:operation="delete">
          <name>SampleString_123</name>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

no aaa group server ldap SampleString_123

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Authentication Method to Bind First

Configuring the Authentication Method to Bind First

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "authBaseDnAppendStr": "SampleString_123",
            "enAuthBindFirst": "yes",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <authBaseDnAppendStr>SampleString_123</authBaseDnAppendStr>
          <enAuthBindFirst>true</enAuthBindFirst>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
authentication bind-first append-with-basedn SampleString_123

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Authentication Method to Bind First

Deleting the Authentication Method to Bind First

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "authBaseDnAppendStr": "",
            "enAuthBindFirst": "no",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <authBaseDnAppendStr></authBaseDnAppendStr>
          <enAuthBindFirst>false</enAuthBindFirst>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
no authentication bind-first append-with-basedn SampleString_123

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Default Password

Configuring the Default Password

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "authComparePasswdAttribute": "SampleString_123",
            "enAuthCompare": "yes",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <authComparePasswdAttribute>SampleString_123</authComparePasswdAttribute>
          <enAuthCompare>true</enAuthCompare>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
authentication compare password-attribute SampleString_123

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Default Password

Deleting the Default Password

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "authComparePasswdAttribute": "userPassword",
            "enAuthCompare": "no",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <authComparePasswdAttribute>userPassword</authComparePasswdAttribute>
          <enAuthCompare>false</enAuthCompare>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
no authentication compare password-attribute SampleString_123

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Global LDAP Server Deadtime Period

Configuring the Global LDAP Server Deadtime Period

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "deadtime": "1362",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <deadtime>1362</deadtime>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
deadtime 1362

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Global LDAP Server Deadtime Period

Deleting the Global LDAP Server Deadtime Period

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "deadtime": "0",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <deadtime>0</deadtime>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
no deadtime 1362

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Cert-DN Matching

Configuring Cert-DN Matching

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "enCertDnMatch": "yes",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <enCertDnMatch>true</enCertDnMatch>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
enable Cert-DN-match

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Cert-DN Matching

Deleting Cert-DN Matching

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "enCertDnMatch": "no",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <enCertDnMatch>false</enCertDnMatch>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
no enable Cert-DN-match

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Group Validation

Configuring Group Validation

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "enUserServerGroup": "yes",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <enUserServerGroup>true</enUserServerGroup>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
enable user-server-group

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Group Validation

Deleting Group Validation

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "enUserServerGroup": "no",
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <enUserServerGroup>false</enUserServerGroup>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
no enable user-server-group

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring an AAA Server Group

Configuring an AAA Server Group

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "name": "SampleString_123"
          },
          "children": [
            {
              "aaaProviderRef": {
                "attributes": {
                  "name": "HostName"
}}}]}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <providerref-items>
            <ProviderRef-list>
              <name>HostName</name>
            </ProviderRef-list>
          </providerref-items>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
server HostName

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

aaaProviderRef Properties

The following table contains information about the aaaProviderRef properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}
aaaProviderRef	sys/userext/tacacsext/tacacsplusprovidergroup-{[name]}/providerref-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

aaaProviderRef Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Per-VRF Information

Configuring Per-VRF Information

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "name": "SampleString_123",
            "vrf": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <vrf>SampleString_123</vrf>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
use-vrf SampleString_123

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Per-VRF Information

Deleting Per-VRF Information

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "name": "SampleString_123",
            "vrf": "default"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <vrf>default</vrf>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
no use-vrf SampleString_123

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring an LDAP Search MAP

Configuring an LDAP Search MAP

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "name": "SampleString_123",
            "searchMap": "SampStr"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <searchMap>SampStr</searchMap>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
ldap-search-map SampStr

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting an LDAP Search MAP

Deleting an LDAP Search MAP

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProviderGroup": {
          "attributes": {
            "name": "SampleString_123",
            "searchMap": ""
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovidergroup-items>
        <LdapProviderGroup-list>
          <name>SampleString_123</name>
          <searchMap></searchMap>
        </LdapProviderGroup-list>
      </ldapprovidergroup-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

aaa group server ldap SampleString_123
no ldap-search-map SampStr

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html