About this Resource

Modified: for 1.3.0

Defines the Active Directory Config resource controls the SBC's Active Directory configuration settings. Settings related to specific AD Controllers are controlled through the Domain Controller Resource

REST API Methods for this Resource

Resource Schema

Configuration

Parameter Name Required Service Affecting Data Type Default Value Possible Values Description
ConfigIEStateNoYesEnum1Possible values:
  • 0 - esDISABLED
  • 1 - esENABLED
Specifies the Administrative State of the resource.
OperatingModeYesNoEnum0Possible values:
  • 0 - eADUpdates
  • 1 - eADOnline
  • 2 - eADAuthOnly
  • 3 - eADCacheOnly
 Controls the way the SBC communicates with Active Directory to achieve a balance between performance and accuracy.
  • Online
    - All communication with Active Directory is done with queries and no information is cached. User authentication using Active Directory is also enabled in this mode.
  • Updates
    - In this mode, a local cache is built and used to lookup Active Directory searchable fields. User authentication using Active Directory is also enabled in this mode, however sensitive information (including passwords) is not cached.
  • Auth-Only
    - Allows user authentication using Active Directory, but no Active Directory queries are allowed.
UseTLSYesNoint0Possible values:
  • 0 - Minimum
  • 1 - Maximum
 Enables Transport Layer Security (TLS) while communicating with Active Directory to protect data
  • True: Enables transport layer security.
  • False: Disables transport layer security.
ADBackupYesNoEnum1Possible values:
  • 0 - btFalse
  • 1 - btTrue
 Specifies whether to log an alarm if SBC is unable to create a backup of the cache in flash.
  • True: Enables the alarm.
  • False: Disables the alarm.

SBC will always attempt to write a backup of the cache in flash. On SBC 1000 with no external USB or ASM this backup will fail and this option will allow suppressing the alarm.

UpdateFrequencyNoNoint1440Possible values:
  • 60 - Minimum
  • 43200 - Maximum
Controls the frequency (in minutes) with which local Active Directory cache is updated.

This option is applicable when OperatingMode is configured for Updates or Cache only.

NormalizeCacheNoNoint0Possible values:
  • 0 - Minimum
  • 1 - Maximum
 Controls whether to strip special characters like dashes "-", parenthesis "(", ")", spaces " ", "tel:" and "sip:" from the values while building a local active directory cache.

This option is not applicable to Name and Email fields.

ADCacheEncryptNoNoint0Possible values:
  • 0 - Minimum
  • 1 - Maximum
 Controls whether the AD cache should be encrypted on the flash.
AttributesYesNostringnone512 - Max Length Controls attributes to cache from Active Directory or to perform online LDAP query. The attribute names specified must be consistent with attribute names in Active Directory.

Attribute names may be case sensitive depending on Active Directory configuration and must be comma seperated.

NestedGroupLookupsYesNoint1Possible values:
  • 0 - Minimum
  • 1 - Maximum
 Determines whether Nested Group Lookups will be performed to authorize users. Applies only to Authentication DC's.
InitialUpdateByTimeYesNoint1Possible values:
  • 0 - Minimum
  • 1 - Maximum
 When set to True will allow the time of the first cache update to be configured. Subsequent cache updates will be performed based on Update Frequency option.
FirstUpdateTimeYesNostringnone10 - Max Length Specifies time of first cache update in hh:mm:ss (24 hour format).

Statistics

Parameter Name Description Data Type Possible Values
rt_AverageOnlineTimeToQuery Average time to complete an AD query in micro-seconds. string
rt_AverageOnlineQueriesPerMin Average online queries per minute. string
rt_TotalSuccessfulQueries Total number of successful Queries. int
rt_TotalFailedQueries Total number of failed Queries. int
rt_TimeCacheLastUpdated Date/Time the Cache was last updated. long
rt_CacheSize Size of the cache (in kilobytes). int