Parameters
target-URL
original-URL
namespace
element
operation
xPath
expression
Examples
v Specifies that resource extraction is based on input and output URLs.
ldap-suffix
Specifies the LDAP suffix used by the current AAA Policy.
Syntax
ldap-suffix suffix
Parameters
suffix
Guidelines
The LDAP suffix (immediately preceded by a comma) is appended to the
username to form a distinguished name (DN) for LDAP authentication. For
example, if this string's value is O=example.com and the username is Bob, the LDAP
DN will be CN=Bob,O=example.com.
ldap-version
Specifies the LDAP version to access the authorization server.
Syntax
ldap-suffix {2|3}
Specifies either on or off to indicate whether of not the resource identity is
based on the URL sent by the current AAA Policy to the backend server.
Specifies either on or off to indicate whether of not the resource identity is
based on the URL received by the current AAA Policy.
Specifies either on or off to indicate whether of not the resource identity is
based on the top-level element in the message being processed.
Specifies either on or off to indicate whether of not the resource identity is
based on the local name of the request element.
Specifies either on or off to indicate whether of not the resource identity is
based on the HTTP Request method.
Specifies either on or off to indicate whether of not the resource identity is
determined by an XPath expression.
Meaningful only if xPath is on to specify the operative XPath expression.
# extract-resource on on on off off off
#
Specifies the LDAP suffix.
Chapter 3. AAA Policy configuration mode
157