REST API Method: POST /rest/adconfig

Modifies the SBC's Active Directory configuration settings.

To use AD Authentication, you must have at least one Active Directory Domain Controller created beforehand.

URL:

https://192.168.0.111/rest/adconfig

HTTP Method

POST

Requires Authentication:

true

Parameters

Parameter Name Required Service Affecting Data Type Default Value Possible Values Description
ConfigIEStateNoYesEnum1Possible values:
  • 0 - esDISABLED
  • 1 - esENABLED
Specifies the Administrative State of the resource.
OperatingModeYesNoEnum0Possible values:
  • 0 - eADUpdates
  • 1 - eADOnline
  • 2 - eADAuthOnly
  • 3 - eADCacheOnly
Controls the way the SBC communicates with Active Directory to achieve a balance between performance and accuracy.
  • Online
    - All communication with Active Directory is done with queries and no information is cached. User authentication using Active Directory is also enabled in this mode.
  • Updates
    - In this mode, a local cache is built and used to lookup Active Directory searchable fields. User authentication using Active Directory is also enabled in this mode, however sensitive information (including passwords) is not cached.
  • Auth-Only
    - Allows user authentication using Active Directory, but no Active Directory queries are allowed.
UseTLSYesNoint0Possible values:
  • 0 - Minimum
  • 1 - Maximum
Enables Transport Layer Security (TLS) while communicating with Active Directory to protect data
  • True: Enables transport layer security.
  • False: Disables transport layer security.
ADBackupYesNoEnum1Possible values:
  • 0 - btFalse
  • 1 - btTrue
Specifies whether to log an alarm if SBC is unable to create a backup of the cache in flash.
  • True: Enables the alarm.
  • False: Disables the alarm.

SBC will always attempt to write a backup of the cache in flash. On SBC 1000 with no external USB or ASM this backup will fail and this option will allow suppressing the alarm.

UpdateFrequencyNoNoint1440Possible values:
  • 60 - Minimum
  • 43200 - Maximum
Controls the frequency (in minutes) with which local Active Directory cache is updated.

This option is applicable when OperatingMode is configured for Updates or Cache only.

NormalizeCacheNoNoint0Possible values:
  • 0 - Minimum
  • 1 - Maximum
Controls whether to strip special characters like dashes "-", parenthesis "(", ")", spaces " ", "tel:" and "sip:" from the values while building a local active directory cache.

This option is not applicable to Name and Email fields.

ADCacheEncryptNoNoint0Possible values:
  • 0 - Minimum
  • 1 - Maximum
Controls whether the AD cache should be encrypted on the flash.
AttributesYesNostringnone512 - Max Length Controls attributes to cache from Active Directory or to perform online LDAP query. The attribute names specified must be consistent with attribute names in Active Directory.

Attribute names may be case sensitive depending on Active Directory configuration and must be comma seperated.

NestedGroupLookupsYesNoint1Possible values:
  • 0 - Minimum
  • 1 - Maximum
Determines whether Nested Group Lookups will be performed to authorize users. Applies only to Authentication DC's.
InitialUpdateByTimeYesNoint1Possible values:
  • 0 - Minimum
  • 1 - Maximum
When set to True will allow the time of the first cache update to be configured. Subsequent cache updates will be performed based on Update Frequency option.
FirstUpdateTimeYesNostringnone10 - Max Length Specifies time of first cache update in hh:mm:ss (24 hour format).

Helpful Tip

The POST can contain either only the attributes that are being updated, or the full set of attributes for the resource

  • No labels