Configuring LDAP

The Lightweight Directory Access Protocol (LDAP) provides centralized validation of users attempting to gain access to a Cisco NX-OS device. LDAP services are maintained in a database on an LDAP daemon running typically on a UNIX or Windows NT workstation. You must have access to and must configure an LDAP server before the configured LDAP features on your Cisco NX-OS device are available. LDAP provides for separate authentication and authorization facilities. LDAP allows for a single access control server (the LDAP daemon) to provide each service authentication and authorization independently. Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon.

The LDAP client/server protocol uses TCP (port 389) for transport requirements. Cisco NX-OS devices provide centralized authentication using the LDAP protocol.

For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring the Search Map

Configuring the Search Map

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapSearchMap": {
          "attributes": {
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <searchmap-items>
        <LdapSearchMap-list>
          <name>SampleString_123</name>
        </LdapSearchMap-list>
      </searchmap-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

ldap search-map SampleString_123

aaaLdapSearchMap Properties

The following table contains information about the aaaLdapSearchMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapSearchMap	sys/userext/ldapext/searchmap-{[name]}

aaaLdapSearchMap Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Search Map

Deleting the Search Map

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapSearchMap": {
          "attributes": {
            "name": "SampleString_123",
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <searchmap-items>
        <LdapSearchMap-list xc:operation="delete">
          <name>SampleString_123</name>
        </LdapSearchMap-list>
      </searchmap-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

no ldap search-map SampleString_123

aaaLdapSearchMap Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapSearchMap	sys/userext/ldapext/searchmap-{[name]}

aaaLdapSearchMap Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Global LDAP Server Deadtime Period

Configuring Global LDAP Server Deadtime Period

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLdapEp": {
          "attributes": {
            "deadtime": "15"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <deadtime>15</deadtime>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

ldap-server deadtime 15

aaaLdapEp Properties

The following table contains information about the aaaLdapEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
deadtime	aaa:TimeMin (scalar:Uint32)	LDAP Global Deadtime	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaLdapEp	sys/userext/ldapext

aaaLdapEp Properties

Property Name	Data Type	Description	Values
deadtime	aaa:TimeMin (scalar:Uint32)	LDAP Global Deadtime	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Global LDAP Server Deadtime Period

Deleting Global LDAP Server Deadtime Period

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLdapEp": {
          "attributes": {
            "deadtime": "0"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <deadtime>0</deadtime>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

no ldap-server deadtime 15

aaaLdapEp Properties

Property Name	Data Type	Description	Values
deadtime	aaa:TimeMin (scalar:Uint32)	LDAP Global Deadtime	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaLdapEp	sys/userext/ldapext

aaaLdapEp Properties

Property Name	Data Type	Description	Values
deadtime	aaa:TimeMin (scalar:Uint32)	LDAP Global Deadtime	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling SSL

Enabling SSL

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProvider": {
          "attributes": {
            "enableSSL": "yes",
            "name": "HostName"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovider-items>
        <LdapProvider-list>
          <name>HostName</name>
          <enableSSL>true</enableSSL>
        </LdapProvider-list>
      </ldapprovider-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

ldap-server host HostName enable-ssl

aaaLdapProvider Properties

The following table contains information about the aaaLdapProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enableSSL	scalar:Bool	A property for enabling an SSL connection with the LDAP provider.	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProvider	sys/userext/ldapext/ldapprovider-{[name]}

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
enableSSL	scalar:Bool	A property for enabling an SSL connection with the LDAP provider.	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Disabling SSL

Disabling SSL

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProvider": {
          "attributes": {
            "enableSSL": "no",
            "name": "HostName"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovider-items>
        <LdapProvider-list>
          <name>HostName</name>
          <enableSSL>false</enableSSL>
        </LdapProvider-list>
      </ldapprovider-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

no ldap-server host HostName enable-ssl

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
enableSSL	scalar:Bool	A property for enabling an SSL connection with the LDAP provider.	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProvider	sys/userext/ldapext/ldapprovider-{[name]}

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
enableSSL	scalar:Bool	A property for enabling an SSL connection with the LDAP provider.	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the LDAP Server Timeout Period

Configuring the LDAP Server Timeout Period

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProvider": {
          "attributes": {
            "name": "HostName",
            "port": "19301",
            "pwdEncryptType": "7",
            "rootdn": "SampleString_123",
            "rootdnPwd": "SampleString_123",
            "timeout": "38"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovider-items>
        <LdapProvider-list>
          <name>HostName</name>
          <port>19301</port>
          <pwdEncryptType>7</pwdEncryptType>
          <rootdn>SampleString_123</rootdn>
          <rootdnPwd>SampleString_123</rootdnPwd>
          <timeout>38</timeout>
        </LdapProvider-list>
      </ldapprovider-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

ldap-server host HostName rootDN SampleString_123 password 7 SampleString_123 port 19301 timeout 38

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the LDAP service.	RANGE: [1 , 65535] DEFAULT: 389
pwdEncryptType	aaa:LdapPwdEnc (scalar:Enum8)	Password Encryption Type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
rootdn	aaa:LdapDn (string:Basic)	The root DN or bind DN of the LDAP provider.	MAX SIZE: 127 DEFAULT:
rootdnPwd	aaa:EncKey (string:Basic)	Root DN Password	MAX SIZE: 64 DEFAULT:
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProvider	sys/userext/ldapext/ldapprovider-{[name]}

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the LDAP service.	RANGE: [1 , 65535] DEFAULT: 389
pwdEncryptType	aaa:LdapPwdEnc (scalar:Enum8)	Password Encryption Type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
rootdn	aaa:LdapDn (string:Basic)	The root DN or bind DN of the LDAP provider.	MAX SIZE: 127 DEFAULT:
rootdnPwd	aaa:EncKey (string:Basic)	Root DN Password	MAX SIZE: 64 DEFAULT:
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the LDAP Server Timeout Period

Deleting the LDAP Server Timeout Period

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProvider": {
          "attributes": {
            "name": "HostName",
            "port": "389",
            "pwdEncryptType": "7",
            "rootdn": "",
            "rootdnPwd": "",
            "timeout": "0"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovider-items>
        <LdapProvider-list>
          <name>HostName</name>
          <port>389</port>
          <pwdEncryptType>7</pwdEncryptType>
          <rootdn></rootdn>
          <rootdnPwd></rootdnPwd>
          <timeout>0</timeout>
        </LdapProvider-list>
      </ldapprovider-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

no ldap-server host HostName rootDN SampleString_123 password 7 SampleString_123 port 19301 timeout 38

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the LDAP service.	RANGE: [1 , 65535] DEFAULT: 389
pwdEncryptType	aaa:LdapPwdEnc (scalar:Enum8)	Password Encryption Type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
rootdn	aaa:LdapDn (string:Basic)	The root DN or bind DN of the LDAP provider.	MAX SIZE: 127 DEFAULT:
rootdnPwd	aaa:EncKey (string:Basic)	Root DN Password	MAX SIZE: 64 DEFAULT:
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProvider	sys/userext/ldapext/ldapprovider-{[name]}

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the LDAP service.	RANGE: [1 , 65535] DEFAULT: 389
pwdEncryptType	aaa:LdapPwdEnc (scalar:Enum8)	Password Encryption Type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
rootdn	aaa:LdapDn (string:Basic)	The root DN or bind DN of the LDAP provider.	MAX SIZE: 127 DEFAULT:
rootdnPwd	aaa:EncKey (string:Basic)	Root DN Password	MAX SIZE: 64 DEFAULT:
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Time Interval for Monitoring the Server

Configuring the Time Interval for Monitoring the Server

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProvider": {
          "attributes": {
            "monitoringIdleTime": "1",
            "monitoringPassword": "SampleString_123",
            "monitoringPasswordType": "7",
            "monitoringRootdn": "SampleString_123",
            "monitoringUser": "SampleString_123",
            "name": "HostName"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovider-items>
        <LdapProvider-list>
          <name>HostName</name>
          <monitoringIdleTime>1</monitoringIdleTime>
          <monitoringPassword>SampleString_123</monitoringPassword>
          <monitoringPasswordType>7</monitoringPasswordType>
          <monitoringRootdn>SampleString_123</monitoringRootdn>
          <monitoringUser>SampleString_123</monitoringUser>
        </LdapProvider-list>
      </ldapprovider-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

ldap-server host HostName test rootDN SampleString_123 username SampleString_123 password 7 SampleString_123 idle-time 1

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
monitoringIdleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor ldap server	RANGE: [0 , 1440] DEFAULT: 0
monitoringPassword	aaa:MonitoringPasswordType (aaa:EncKey)	Periodic Server Monitoring Password	RANGE: [1 , 32] DEFAULT: wawy
monitoringPasswordType	aaa:LdapPwdEnc (scalar:Enum8)	Monitoring password encryption type	SELECTION: 0 - 0 7 - 7 DEFAULT: 7
monitoringRootdn	aaa:LdapDn (string:Basic)	Root DN	MAX SIZE: 127 DEFAULT: dc=test,dc=com
monitoringUser	aaa:MonitoringUserType (string:Basic)	Periodic Server Monitoring Username	MAX SIZE: 31 DEFAULT: test
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProvider	sys/userext/ldapext/ldapprovider-{[name]}

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
monitoringIdleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor ldap server	RANGE: [0 , 1440] DEFAULT: 0
monitoringPassword	aaa:MonitoringPasswordType (aaa:EncKey)	Periodic Server Monitoring Password	RANGE: [1 , 32] DEFAULT: wawy
monitoringPasswordType	aaa:LdapPwdEnc (scalar:Enum8)	Monitoring password encryption type	SELECTION: 0 - 0 7 - 7 DEFAULT: 7
monitoringRootdn	aaa:LdapDn (string:Basic)	Root DN	MAX SIZE: 127 DEFAULT: dc=test,dc=com
monitoringUser	aaa:MonitoringUserType (string:Basic)	Periodic Server Monitoring Username	MAX SIZE: 31 DEFAULT: test
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Time Interval for Monitoring the Server

Deleting the Time Interval for Monitoring the Server

POST http://<mgmt0_IP>/api/mo/sys/userext/ldapext.json

{
  "aaaLdapEp": {
    "children": [
      {
        "aaaLdapProvider": {
          "attributes": {
            "monitoringIdleTime": "0",
            "monitoringPassword": "test",
            "monitoringPasswordType": "0",
            "monitoringRootdn": "dc=test,dc=com",
            "monitoringUser": "test",
            "name": "HostName"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <ldapprovider-items>
        <LdapProvider-list>
          <name>HostName</name>
          <monitoringIdleTime>0</monitoringIdleTime>
          <monitoringPassword>test</monitoringPassword>
          <monitoringPasswordType>0</monitoringPasswordType>
          <monitoringRootdn>dc=test,dc=com</monitoringRootdn>
          <monitoringUser>test</monitoringUser>
        </LdapProvider-list>
      </ldapprovider-items>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

no ldap-server host HostName test rootDN SampleString_123 username SampleString_123 password 7 SampleString_123 idle-time 1

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
monitoringIdleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor ldap server	RANGE: [0 , 1440] DEFAULT: 0
monitoringPassword	aaa:MonitoringPasswordType (aaa:EncKey)	Periodic Server Monitoring Password	RANGE: [1 , 32] DEFAULT: wawy
monitoringPasswordType	aaa:LdapPwdEnc (scalar:Enum8)	Monitoring password encryption type	SELECTION: 0 - 0 7 - 7 DEFAULT: 7
monitoringRootdn	aaa:LdapDn (string:Basic)	Root DN	MAX SIZE: 127 DEFAULT: dc=test,dc=com
monitoringUser	aaa:MonitoringUserType (string:Basic)	Periodic Server Monitoring Username	MAX SIZE: 31 DEFAULT: test
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProvider	sys/userext/ldapext/ldapprovider-{[name]}

aaaLdapProvider Properties

Property Name	Data Type	Description	Values
monitoringIdleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor ldap server	RANGE: [0 , 1440] DEFAULT: 0
monitoringPassword	aaa:MonitoringPasswordType (aaa:EncKey)	Periodic Server Monitoring Password	RANGE: [1 , 32] DEFAULT: wawy
monitoringPasswordType	aaa:LdapPwdEnc (scalar:Enum8)	Monitoring password encryption type	SELECTION: 0 - 0 7 - 7 DEFAULT: 7
monitoringRootdn	aaa:LdapDn (string:Basic)	Root DN	MAX SIZE: 127 DEFAULT: dc=test,dc=com
monitoringUser	aaa:MonitoringUserType (string:Basic)	Periodic Server Monitoring Username	MAX SIZE: 31 DEFAULT: test
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the LDAP Server Timeout Period In Seconds

Configuring the LDAP Server Timeout Period In Seconds

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLdapEp": {
          "attributes": {
            "timeout": "16"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <timeout>16</timeout>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

ldap-server timeout 16

aaaLdapEp Properties

Property Name	Data Type	Description	Values
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [1 , 60] DEFAULT: 5

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaLdapEp	sys/userext/ldapext

aaaLdapEp Properties

Property Name	Data Type	Description	Values
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [1 , 60] DEFAULT: 5

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the LDAP Server Timeout Period In Seconds

Deleting the LDAP Server Timeout Period In Seconds

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLdapEp": {
          "attributes": {
            "timeout": "5"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <ldapext-items>
      <timeout>5</timeout>
    </ldapext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(1).

CLI Commands

no ldap-server timeout 16

aaaLdapEp Properties

Property Name	Data Type	Description	Values
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [1 , 60] DEFAULT: 5

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaLdapEp	sys/userext/ldapext

aaaLdapEp Properties

Property Name	Data Type	Description	Values
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [1 , 60] DEFAULT: 5

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html