
Configuration for LDAP parameter resource.


Name Data Type Permissions Description
serverip Read-write IP address of your LDAP server.
serverport Read-write Port number on which the LDAP server listens for connections.

Default value: 389

Minimum value = 1
authtimeout Read-write Maximum number of seconds that the Citrix ADC waits for a response from the LDAP server.

Default value: 3

Minimum value = 1
ldapbase Read-write Base (the server and location) from which LDAP search commands should start.

If the LDAP server is running locally, the default value of base is dc=netscaler, dc=com.
ldapbinddn Read-write Complete distinguished name (DN) string used for binding to the LDAP server.
ldapbinddnpassword Read-write Password for binding to the LDAP server.

Minimum length = 1
ldaploginname Read-write Name attribute that the Citrix ADC uses to query the external LDAP server or an Active Directory.
searchfilter Read-write String to be combined with the default LDAP user search string to form the value to use when executing an LDAP search. For example, the following values vpnallowed=true, ldaploginame=”“samaccount”” when combined with the user-supplied username ““bob””, yield the following LDAP search string “”(;(vpnallowed=true)(samaccount=bob)””. Minimum length = 1
groupattrname Read-write Attribute name used for group extraction from the LDAP server.
subattributename Read-write Subattribute name used for group extraction from the LDAP server.
sectype Read-write Type of security used for communications between the Citrix ADC and the LDAP server. For the PLAINTEXT setting, no encryption is required.

Default value: TLS

Possible values = PLAINTEXT, TLS, SSL
svrtype Read-write The type of LDAP server.


Possible values = AD, NDS
ssonameattribute Read-write Attribute used by the Citrix ADC to query an external LDAP server or Active Directory for an alternative username.

This alternative username is then used for single sign-on (SSO).
passwdchange Read-write Accept password change requests.

Default value: DISABLED

Possible values = ENABLED, DISABLED
nestedgroupextraction Read-write Queries the external LDAP server to determine whether the specified group belongs to another group.

Default value: OFF

Possible values = ON, OFF
maxnestinglevel Read-write Number of levels up to which the system can query nested LDAP groups.

Default value: 2

Minimum value = 2
groupnameidentifier Read-write LDAP-group attribute that uniquely identifies the group. No two groups on one LDAP server can have the same group name identifier.
groupsearchattribute Read-write LDAP-group attribute that designates the parent group of the specified group. Use this attribute to search for a group’s parent group.
groupsearchsubattribute Read-write LDAP-group subattribute that designates the parent group of the specified group. Use this attribute to search for a group’s parent group.
groupsearchfilter Read-write Search-expression that can be specified for sending group-search requests to the LDAP server.
defaultauthenticationgroup Read-write This is the default group that is chosen when the authentication succeeds in addition to extracted groups.

Maximum length = 64
groupauthname Read-only To associate AAA users with an AAA group, use the command

“bind AAA group … -username …”.

You can bind different policies to each AAA group. Use the command

“bind AAA group … -policy …”.
builtin <String[]> Read-only Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature Read-only The feature to be checked while applying this config.


URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaldapparams? action=unset HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>


Request Payload:



Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error


URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaldapparams HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>


Request Payload:



Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http:// <netscaler-ip-address> /nitro/v1/config/aaaldapparams HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>


Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:


Response Payload:

