Configuring LDAP Server Groups

You can specify one or more remote AAA servers to authenticate users using server groups. All members of a group must be configured to use LDAP. The servers are tried in the same order in which you configure them. You can configure these server groups at any time, but they take effect only when you apply them to an AAA service.

For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring an LDAP Server Group

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting an LDAP Server Group

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no aaa group server ldap SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Authentication Method to Bind First

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 authentication bind-first append-with-basedn SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Authentication Method to Bind First

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 no authentication bind-first append-with-basedn SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authBaseDnAppendStr	string:Basic	LDAP Append with Base DN String	RANGE: [0 , 63] DEFAULT:
enAuthBindFirst	scalar:Bool	Enable Authentication Bind First	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Default Password

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 authentication compare password-attribute SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Default Password

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 no authentication compare password-attribute SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
authComparePasswdAttribute	string:Basic	LDAP password attribute	RANGE: [1 , 63] DEFAULT: userPassword
enAuthCompare	scalar:Bool	Enable LDAP Compare Operation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Global LDAP Server Deadtime Period

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 deadtime 1362

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Global LDAP Server Deadtime Period

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 no deadtime 1362

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	LDAP Provider Group Deadtime	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Cert-DN Matching

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 enable Cert-DN-match

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Cert-DN Matching

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 no enable Cert-DN-match

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enCertDnMatch	scalar:Bool	Enable Cert-DN matching	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Group Validation

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 enable user-server-group

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Group Validation

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 no enable user-server-group

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
enUserServerGroup	scalar:Bool	Enable Group Validation	SELECTION: true or false DEFAULT: no
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring an AAA Server Group

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 server HostName

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

aaaProviderRef Properties

The following table contains information about the aaaProviderRef properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}
aaaProviderRef	sys/userext/tacacsext/tacacsplusprovidergroup-{[name]}/providerref-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]

aaaProviderRef Properties

The following table contains information about the aaaProviderRef properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Per-VRF Information

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 use-vrf SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Per-VRF Information

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 no use-vrf SampleString_123

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring an LDAP Search MAP

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 ldap-search-map SampStr

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting an LDAP Search MAP

Note: This example was added in Release 9.3(1).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa group server ldap SampleString_123
 no ldap-search-map SampStr

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaLdapEp	sys/userext/ldapext
aaaLdapProviderGroup	sys/userext/ldapext/ldapprovidergroup-{[name]}

aaaLdapProviderGroup Properties

The following table contains information about the aaaLdapProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
searchMap	string:Basic	Ldap Search Map	RANGE: [0 , 127]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html