Skip to content

User Authenticator Resource API 5.1

Jump to bottom
lakshmi-enjeti edited this page Jan 12, 2018 · 3 revisions

A user authenticator is used to allow access to the UI and REST API by querying a remote authentication service.

Example Usage

resource "pulsevtm_user_authenticator" "acctest" {
       name = "example"
       description = "Create user authenticator"
       enabled = false
       type = "ldap"
       ldap = {
		  base_dn = "test_dn"
		  bind_dn = "test_bind_dn"
		  dn_method = "search"
		  fallback_group = "test_group"
		  filter = "test_filter"
		  group_attribute = "test_attribute"
		  group_field = "test_group_field"
		  group_filter = "test_group_filter"
		  port = 180
		  search_dn = "test_search_dn"
		  search_password = "password"
		  server = "127.0.0.1"
		  timeout = 132
	       }
       radius = {
		  fallback_group = "test_group"
		  group_attribute = 1
		  group_vendor = 1
		  nas_identifier = "test_nas_identifier"
		  nas_ip_address = "127.0.0.1"
		  port = 180
		  secret = "secret"
		  server = "127.0.0.1"
		  timeout = 132
	       }
       tacacs_plus = {
		  auth_type = "ascii"
		  fallback_group = "test_group"
		  group_field = "test_group_field"
		  group_service = "test_service"
		  port = 180
		  secret = "secret"
		  server = "127.0.0.1"
		  timeout = 132
       }

}

Argument Reference

The following arguments are supported:

  • name - (Required) - (String) - Name of the user Authenticator

  • description - (Optional, Default = none) - (String) - A description of the authenticator.

  • enabled - (Optional, Default = false) - (bool) - Whether or not this authenticator is enabled.

  • type - (Optional, Default = none) - (String) - The type and protocol used by this authentication service. Permitted values are "ldap","radius","tacacs_plus".

  • ldap - (Optional, default = none) - (Struct) - This struct represents the LDAP authentication service settings

    • base_dn - (Optional, default = none) - (String) - The base DN (Distinguished Name) under which directory searches will be applied.
    • bind_dn - (Optional, default = none) - (String) - Template to construct the bind DN (Distinguished Name) from the username.
    • dn_method - (Optional, default = none) - (String) - The bind DN (Distinguished Name) for a user can either be searched for in the directory using the base distinguished name and filter values, or it can be constructed from the username. Permitted values are "construct","none","search".
    • fallback_group - (Optional, default = none) - (String) - If the group attribute is not defined, or returns no results for the user logging in, the group named here will be used. If not specified, users will be denied access to the traffic manager if no groups matching a Permission Group can be found for them in the directory.
    • filter - (Optional, default = none) - (String) - A filter that can be used to extract a unique user record located under the base DN (Distinguished Name).
    • group_attribute - (Optional, default = none) - (String) - The LDAP attribute that gives a user's group. If there are multiple entries for the attribute all will be extracted and they'll be lexicographically sorted, then the first one to match a Permission Group name will be used.
    • group_field - (Optional, default = none) - (String) - The sub-field of the group attribute that gives a user's group. For example, if group_attribute is memberOf and this retrieves values of the form CN=mygroup, OU=groups, OU=users, DC=mycompany, DC=local you would set group_field to CN.
    • group_filter - (Optional, default = none) - (String) - If the user record returned by filter does not contain the required group information you may specify an alternative group search filter here.
    • port - (Optional, default = 389) - (uint) - The port to connect to the LDAP server on.
    • search_dn - (Optional, default = none) - (String) - The bind DN (Distinguished Name) to use when searching the directory for a user's bind DN.
    • search_password - (Optional, default = none) - (String) - If binding to the LDAP server using search_dn requires a password, enter it here.
    • server - (Optional, default = none) - (String) - The IP or hostname of the LDAP server.
    • timeout - (Optional, default = 30) - (uint) - Connection timeout in seconds.

  • radius - (Optional, default = none) - (Struct) - This struct represents the RADIUS authentication service settings

    • fallback_group - (Optional, default = none) - (String) - If no group is found using the vendor and group identifiers, or the group found is not valid, the group specified here will be used.
    • group_attribute - (Optional, default = 1) - (uint) - The RADIUS identifier for the attribute that specifies an account's group.
    • group_vendor - (Optional, default = 7146) - (uint) - The RADIUS identifier for the vendor of the RADIUS attribute that specifies an account's group.
    • nas_identifier - (Optional, default = none) - (String) - This value is sent to the RADIUS server.
    • nas_ip_address - (Optional, default = none) - (String) - This value is sent to the RADIUS server, if left blank the address of the interfaced used to connect to the server will be used.
    • port - (Optional, default = 1812) - (uint) - The port to connect to the RADIUS server on.
    • secret - (Optional, default = none) - (String) - Secret key shared with the RADIUS server.
    • server - (Optional, default = none) - (String) - The IP or hostname of the RADIUS server.
    • timeout - (Optional, default = 30) - (uint) - Connection timeout in seconds.

  • tacacs_plus - (Optional, default = none) - (Struct) - This struct represents the TACAS+ authentication service settings

    • auth_type - (Optional, default = "pap") - (String) - Authentication type to use. Permitted values are "ascii" and "pap"
    • fallback_group - (Optional, default = none) - (String) - If group_service is not used, or no group value is provided for the user by the TACACS+ server, the group specified here will be used.
    • group_field - (Optional, default = "permission-group") - (String) - The TACACS+ "service" field that provides each user's group.
    • group_service - (Optional, default = "zeus") - (String) - The TACACS+ "service" that provides each user's group field.
    • port - (Optional, default = 49) - (uint) - The port to connect to the TACACS+ server on.
    • secret - (Optional, default = none) - (String) - Secret key shared with the TACACS+ server.
    • server - (Optional, default = none) - (String) - The IP or hostname of the TACACS+ server.
    • timeout - (Optional, default = 30) - (uint) - Connection timeout in seconds.

Resource References

API 3.8

API 5.1

Clone this wiki locally