Module netapp_ontap.resources.ldap_service

Copyright © 2021 NetApp Inc. All rights reserved.

Overview

LDAP servers are used to centrally maintain user information. LDAP configurations must be set up to lookup information stored in the LDAP directory on the external LDAP servers. This API is used to retrieve and manage LDAP server configurations.

Retrieving LDAP information

The LDAP GET endpoint retrieves all of the LDAP configurations in the cluster.

Examples

Retrieving all of the fields for all LDAP configurations


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    print(list(LdapService.get_collection(fields="**")))

[
    LdapService(
        {
            "min_bind_level": "anonymous",
            "user_scope": "subtree",
            "schema": "ad_idmu",
            "port": 389,
            "netgroup_byhost_scope": "subtree",
            "_links": {
                "self": {
                    "href": "/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1"
                }
            },
            "group_membership_filter": "",
            "use_start_tls": True,
            "group_scope": "subtree",
            "bind_dn": "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com",
            "is_netgroup_byhost_enabled": False,
            "session_security": "none",
            "status": {
                "state": "down",
                "dn_message": ["No LDAP DN configured"],
                "message": "The LDAP configuration is invalid. Verify that the AD domain or servers are reachable and that the network configuration is correct",
                "code": 4915258,
            },
            "servers": ["10.10.10.10", "domainB.example.com"],
            "referral_enabled": False,
            "ldaps_enabled": False,
            "base_scope": "subtree",
            "query_timeout": 3,
            "base_dn": "dc=domainA,dc=example,dc=com",
            "netgroup_scope": "subtree",
            "svm": {
                "uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
                "name": "vs1",
                "_links": {
                    "self": {
                        "href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"
                    }
                },
            },
            "is_owner": True,
            "bind_as_cifs_server": False,
        }
    ),
    LdapService(
        {
            "min_bind_level": "simple",
            "user_scope": "subtree",
            "schema": "rfc_2307",
            "port": 389,
            "netgroup_byhost_scope": "subtree",
            "_links": {
                "self": {
                    "href": "/api/name-services/ldap/6a52023b-7066-11e8-b9b8-005056b41bd1"
                }
            },
            "group_membership_filter": "",
            "use_start_tls": True,
            "group_scope": "subtree",
            "bind_dn": "cn=Administrators,cn=users,dc=domainB,dc=example,dc=com",
            "is_netgroup_byhost_enabled": False,
            "session_security": "sign",
            "status": {
                "state": "up",
                "dn_message": ["All the configured DNs are available."],
                "message": 'Successfully connected to LDAP server "172.20.192.44".',
                "code": 0,
            },
            "servers": ["11.11.11.11"],
            "referral_enabled": False,
            "ldaps_enabled": False,
            "base_scope": "subtree",
            "query_timeout": 0,
            "base_dn": "dc=domainB,dc=example,dc=com",
            "netgroup_scope": "subtree",
            "svm": {
                "uuid": "6a52023b-7066-11e8-b9b8-005056b41bd1",
                "name": "vs2",
                "_links": {
                    "self": {
                        "href": "/api/svm/svms/6a52023b-7066-11e8-b9b8-005056b41bd1"
                    }
                },
            },
            "is_owner": True,
            "bind_as_cifs_server": False,
        }
    ),
]


Retrieving all of the LDAP configurations that have the use_start_tls set to true


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    print(list(LdapService.get_collection(use_start_tls=True)))

[
    LdapService(
        {
            "_links": {
                "self": {
                    "href": "/api/name-services/ldap/6a52023b-7066-11e8-b9b8-005056b41bd1"
                }
            },
            "use_start_tls": True,
            "svm": {
                "uuid": "6a52023b-7066-11e8-b9b8-005056b41bd1",
                "name": "vs2",
                "_links": {
                    "self": {
                        "href": "/api/svm/svms/6a52023b-7066-11e8-b9b8-005056b41bd1"
                    }
                },
            },
        }
    )
]


Retrieving the LDAP configuration of a specific SVM


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService(**{"svm.uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1"})
    resource.get()
    print(resource)

LdapService(
    {
        "min_bind_level": "anonymous",
        "schema": "ad_idmu",
        "port": 389,
        "_links": {
            "self": {
                "href": "/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1"
            }
        },
        "use_start_tls": True,
        "bind_dn": "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com",
        "session_security": "none",
        "servers": ["10.10.10.10", "domainB.example.com"],
        "referral_enabled": False,
        "ldaps_enabled": False,
        "base_scope": "subtree",
        "query_timeout": 3,
        "base_dn": "dc=domainA,dc=example,dc=com",
        "svm": {
            "uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
            "name": "vs1",
            "_links": {
                "self": {"href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"}
            },
        },
        "is_owner": True,
        "bind_as_cifs_server": True,
    }
)


Retrieving all the fields of the LDAP configuration of a specific SVM


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService(**{"svm.uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1"})
    resource.get(fields="**")
    print(resource)

LdapService(
    {
        "min_bind_level": "anonymous",
        "user_scope": "subtree",
        "schema": "ad_idmu",
        "port": 389,
        "netgroup_byhost_scope": "subtree",
        "_links": {
            "self": {
                "href": "/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1"
            }
        },
        "group_membership_filter": "",
        "use_start_tls": True,
        "group_scope": "subtree",
        "bind_dn": "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com",
        "is_netgroup_byhost_enabled": False,
        "session_security": "none",
        "status": {
            "state": "down",
            "dn_message": ["No LDAP DN configured"],
            "message": "The LDAP configuration is invalid. Verify that the AD domain or servers are reachable and that the network configuration is correct",
            "code": 4915258,
        },
        "servers": ["10.10.10.10", "domainB.example.com"],
        "referral_enabled": False,
        "ldaps_enabled": False,
        "base_scope": "subtree",
        "query_timeout": 3,
        "base_dn": "dc=domainA,dc=example,dc=com",
        "netgroup_scope": "subtree",
        "svm": {
            "uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
            "name": "vs1",
            "_links": {
                "self": {"href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"}
            },
        },
        "is_owner": True,
        "bind_as_cifs_server": True,
    }
)


Retrieving the LDAP server status of a specific SVM


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService(**{"svm.uuid": "9e4a2e3b-f66f-11ea-aec8-0050568e155c"})
    resource.get(fields="status")
    print(resource)

LdapService(
    {
        "status": {
            "state": "up",
            "message": 'Successfully connected to LDAP server "172.20.192.44".',
            "code": 0,
        },
        "svm": {"uuid": "9e4a2e3b-f66f-11ea-aec8-0050568e155c", "name": "vs2"},
    }
)


Creating an LDAP configuration

The LDAP POST endpoint creates an LDAP configuration for the specified SVM.

Examples

Creating an LDAP configuration with all the fields specified


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService()
    resource.svm.uuid = "179d3c85-7053-11e8-b9b8-005056b41bd1"
    resource.servers = ["10.10.10.10", "domainB.example.com"]
    resource.schema = "ad_idmu"
    resource.port = 389
    resource.ldaps_enabled = False
    resource.min_bind_level = "anonymous"
    resource.bind_dn = "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com"
    resource.bind_password = "abc"
    resource.base_dn = "dc=domainA,dc=example,dc=com"
    resource.base_scope = "subtree"
    resource.use_start_tls = False
    resource.session_security = "none"
    resource.referral_enabled = False
    resource.bind_as_cifs_server = False
    resource.query_timeout = 4
    resource.user_dn = "cn=abc,users,dc=com"
    resource.user_scope = "subtree"
    resource.group_dn = "cn=abc,users,dc=com"
    resource.group_scope = "subtree"
    resource.netgroup_dn = "cn=abc,users,dc=com"
    resource.netgroup_scope = "subtree"
    resource.netgroup_byhost_dn = "cn=abc,users,dc=com"
    resource.netgroup_byhost_scope = "subtree"
    resource.is_netgroup_byhost_enabled = False
    resource.group_membership_filter = ""
    resource.skip_config_validation = False
    resource.post(hydrate=True)
    print(resource)


Creating an LDAP configuration with Active Directory domain and preferred Active Directory servers specified


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService()
    resource.svm.name = "vs2"
    resource.ad_domain = "domainA.example.com"
    resource.preferred_ad_servers = ["11.11.11.11"]
    resource.port = 389
    resource.ldaps_enabled = False
    resource.bind_dn = "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com"
    resource.bind_password = "abc"
    resource.base_dn = "dc=domainA,dc=example,dc=com"
    resource.session_security = "none"
    resource.referral_enabled = False
    resource.query_timeout = 3
    resource.post(hydrate=True)
    print(resource)


Creating an LDAP configuration with a number of optional fields not specified


from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService()
    resource.svm.name = "vs2"
    resource.servers = ["11.11.11.11"]
    resource.port = 389
    resource.bind_dn = "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com"
    resource.bind_password = "abc"
    resource.base_dn = "dc=domainA,dc=example,dc=com"
    resource.session_security = "none"
    resource.post(hydrate=True)
    print(resource)


Updating an LDAP configuration

The LDAP PATCH endpoint updates the LDAP configuration for the specified SVM. The following example shows a PATCH operation:

from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService(**{"svm.uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1"})
    resource.servers = ["55.55.55.55"]
    resource.schema = "ad_idmu"
    resource.port = 636
    resource.ldaps_enabled = True
    resource.use_start_tls = False
    resource.referral_enabled = False
    resource.patch()


Deleting an LDAP configuration

The LDAP DELETE endpoint deletes the LDAP configuration for the specified SVM. The following example shows a DELETE operation:

from netapp_ontap import HostConnection
from netapp_ontap.resources import LdapService

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = LdapService(**{"svm.uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1"})
    resource.delete()


Classes

class LdapService (*args, **kwargs)

Allows interaction with LdapService objects on the host

Initialize the instance of the resource.

Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:

MyResource(name='foo').name == 'foo'

Args

*args
Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.

Ancestors

Static methods

def count_collection(*args, connection: HostConnection = None, **kwargs) -> int

Retrieves the LDAP configurations for all SVMs.

Learn more


Fetch a count of all objects of this type from the host.

This calls GET on the object to determine the number of records. It is more efficient than calling get_collection() because it will not construct any objects. Query parameters can be passed in as kwargs to determine a count of objects that match some filtered criteria.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the count of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. These query parameters can affect the count. A return_records query param will be ignored.

Returns

On success, returns an integer count of the objects of this type. On failure, returns -1.

Raises

NetAppRestError: If the API call returned a status code >= 400, or if there is no connection available to use either passed in or on the library.

def delete_collection(*args, body: typing.Union = None, connection: HostConnection = None, **kwargs) -> NetAppResponse

Deletes the LDAP configuration of the specified SVM. LDAP can be removed as a source from the ns-switch if LDAP is not used as a source for lookups.

Learn more


Delete all objects in a collection which match the given query.

All records on the host which match the query will be deleted.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
body
The body of the delete request. This could be a Resource instance or a dictionary object.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be deleted.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def find(*args, connection: HostConnection = None, **kwargs) -> Resource

Retrieves the LDAP configurations for all SVMs.

Learn more


Find an instance of an object on the host given a query.

The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found, None will be returned. If more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A Resource object containing the details of the object or None if no matches were found.

Raises

NetAppRestError: If the API call returned more than 1 matching resource.

def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> typing.Iterable

Retrieves the LDAP configurations for all SVMs.

Learn more


Fetch a list of all objects of this type from the host.

This is a lazy fetch, making API calls only as necessary when the result of this call is iterated over. For instance, if max_records is set to 5, then iterating over the collection causes an API call to be sent to the server once for every 5 records. If the client stops iterating before getting to the 6th record, then no additional API calls are made.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
max_records
The maximum number of records to return per call
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A list of Resource objects

Raises

NetAppRestError: If there is no connection available to use either passed in or on the library. This would be not be raised when get_collection() is called, but rather when the result is iterated.

def patch_collection(body: dict, *args, connection: HostConnection = None, **kwargs) -> NetAppResponse

Updates an LDAP configuration of an SVM.

Important notes

  • Both mandatory and optional parameters of the LDAP configuration can be updated.
  • The LDAP servers and Active Directory domain are mutually exclusive fields. These fields cannot be empty. At any point in time, either the LDAP servers or Active Directory domain must be populated.
  • IPv6 must be enabled if IPv6 family addresses are specified.

    Configuring more than one LDAP server is recommended to avoid a sinlge point of failure. Both FQDNs and IP addresses are supported for the "servers" field. The Active Directory domain or LDAP servers are validated as part of this operation.
    LDAP validation fails in the following scenarios:
  • The server does not have LDAP installed.
  • The server or Active Directory domain is invalid.
  • The server or Active Directory domain is unreachable

Learn more


Patch all objects in a collection which match the given query.

All records on the host which match the query will be patched with the provided body.

Args

body
A dictionary of name/value pairs to set on all matching members of the collection.
*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Methods

def delete(self, body: typing.Union = None, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

Deletes the LDAP configuration of the specified SVM. LDAP can be removed as a source from the ns-switch if LDAP is not used as a source for lookups.

Learn more


Send a deletion request to the host for this object.

Args

body
The body of the delete request. This could be a Resource instance or a dictionary object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def get(self, **kwargs) -> NetAppResponse

Retrieves LDAP configuration for an SVM. All parameters for the LDAP configuration are displayed by default.

Learn more


Fetch the details of the object from the host.

Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

Updates an LDAP configuration of an SVM.

Important notes

  • Both mandatory and optional parameters of the LDAP configuration can be updated.
  • The LDAP servers and Active Directory domain are mutually exclusive fields. These fields cannot be empty. At any point in time, either the LDAP servers or Active Directory domain must be populated.
  • IPv6 must be enabled if IPv6 family addresses are specified.

    Configuring more than one LDAP server is recommended to avoid a sinlge point of failure. Both FQDNs and IP addresses are supported for the "servers" field. The Active Directory domain or LDAP servers are validated as part of this operation.
    LDAP validation fails in the following scenarios:
  • The server does not have LDAP installed.
  • The server or Active Directory domain is invalid.
  • The server or Active Directory domain is unreachable

Learn more


Send the difference in the object's state to the host as a modification request.

Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

Creates an LDAP configuration for an SVM.

Important notes

  • Each SVM can have one LDAP configuration.
  • The LDAP servers and Active Directory domain are mutually exclusive fields. These fields cannot be empty. At any point in time, either the LDAP servers or Active Directory domain must be populated.
  • LDAP configuration with Active Directory domain cannot be created on an admin SVM.
  • IPv6 must be enabled if IPv6 family addresses are specified.

The following parameters are optional:

  • preferred AD servers
  • schema
  • port
  • ldaps_enabled
  • min_bind_level
  • bind_password
  • base_scope
  • use_start_tls
  • session_security
  • referral_enabled
  • bind_as_cifs_server
  • query_timeout
  • user_dn
  • user_scope
  • group_dn
  • group_scope
  • netgroup_dn
  • netgroup_scope
  • netgroup_byhost_dn
  • netgroup_byhost_scope
  • is_netgroup_byhost_enabled
  • group_membership_filter
  • skip_config_validation
    Configuring more than one LDAP server is recommended to avoid a single point of failure. Both FQDNs and IP addresses are supported for the "servers" field. The Acitve Directory domain or LDAP servers are validated as part of this operation.
    LDAP validation fails in the following scenarios:
  • The server does not have LDAP installed.
  • The server or Active Directory domain is invalid.
  • The server or Active Directory domain is unreachable.

Learn more


Send this object to the host as a creation request.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Inherited members

class LdapServiceSchema (*, only: typing.Union = None, exclude: typing.Union = (), many: bool = False, context: typing.Dict = None, load_only: typing.Union = (), dump_only: typing.Union = (), partial: typing.Union = False, unknown: str = None)

The fields of the LdapService object

Ancestors

  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.base.SchemaABC

Class variables

ad_domain GET POST PATCH

This parameter specifies the name of the Active Directory domain used to discover LDAP servers for use by this client. This is mutually exclusive with servers during POST and PATCH.

base_dn GET POST PATCH

Specifies the default base DN for all searches.

base_scope GET POST PATCH

Specifies the default search scope for LDAP queries:

  • base - search the named entry only
  • onelevel - search all entries immediately below the DN
  • subtree - search the named DN entry and the entire subtree below the DN

Valid choices:

  • base
  • onelevel
  • subtree
bind_as_cifs_server GET POST PATCH

Specifies whether or not CIFS server's credentials are used to bind to the LDAP server.

bind_dn GET POST PATCH

Specifies the user that binds to the LDAP servers.

bind_password POST PATCH

Specifies the bind password for the LDAP servers.

group_dn GET POST PATCH

Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups.

group_membership_filter GET POST PATCH

Specifies the custom filter used for group membership lookups from an LDAP server.

group_scope GET POST PATCH

Specifies the default search scope for LDAP for group lookups:

  • base - search the named entry only
  • onelevel - search all entries immediately below the DN
  • subtree - search the named DN entry and the entire subtree below the DN

Valid choices:

  • base
  • onelevel
  • subtree
is_netgroup_byhost_enabled GET POST PATCH

Specifies whether or not netgroup by host querying is enabled.

is_owner GET

Specifies whether or not the SVM owns the LDAP client configuration.

ldaps_enabled GET POST PATCH

Specifies whether or not LDAPS is enabled.

The links field of the ldap_service.

min_bind_level GET POST PATCH

The minimum bind authentication level. Possible values are:

  • anonymous - anonymous bind
  • simple - simple bind
  • sasl - Simple Authentication and Security Layer (SASL) bind

Valid choices:

  • anonymous
  • simple
  • sasl
netgroup_byhost_dn GET POST PATCH

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups.

netgroup_byhost_scope GET POST PATCH

Specifies the default search scope for LDAP for netgroup by host lookups:

  • base - search the named entry only
  • onelevel - search all entries immediately below the DN
  • subtree - search the named DN entry and the entire subtree below the DN

Valid choices:

  • base
  • onelevel
  • subtree
netgroup_dn GET POST PATCH

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups.

netgroup_scope GET POST PATCH

Specifies the default search scope for LDAP for netgroup lookups:

  • base - search the named entry only
  • onelevel - search all entries immediately below the DN
  • subtree - search the named DN entry and the entire subtree below the DN

Valid choices:

  • base
  • onelevel
  • subtree
port GET POST PATCH

The port used to connect to the LDAP Servers.

Example: 389

preferred_ad_servers GET POST PATCH

The preferred_ad_servers field of the ldap_service.

query_timeout GET POST PATCH

Specifies the maximum time to wait for a query response from the LDAP server, in seconds.

referral_enabled GET POST PATCH

Specifies whether or not LDAP referral is enabled.

schema GET POST PATCH

The name of the schema template used by the SVM.

  • AD-IDMU - Active Directory Identity Management for UNIX
  • AD-SFU - Active Directory Services for UNIX
  • MS-AD-BIS - Active Directory Identity Management for UNIX
  • RFC-2307 - Schema based on RFC 2307
  • Custom schema
servers GET POST PATCH

The servers field of the ldap_service.

session_security GET POST PATCH

Specifies the level of security to be used for LDAP communications:

  • none - no signing or sealing
  • sign - sign LDAP traffic
  • seal - seal and sign LDAP traffic

Valid choices:

  • none
  • sign
  • seal
skip_config_validation POST PATCH

Indicates whether or not the validation for the specified LDAP configuration is disabled.

status GET POST PATCH

The status field of the ldap_service.

svm GET POST PATCH

The svm field of the ldap_service.

use_start_tls GET POST PATCH

Specifies whether or not to use Start TLS over LDAP connections.

user_dn GET POST PATCH

Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups.

user_scope GET POST PATCH

Specifies the default search scope for LDAP for user lookups:

  • base - search the named entry only
  • onelevel - search all entries immediately below the DN
  • subtree - search the named DN entry and the entire subtree below the DN

Valid choices:

  • base
  • onelevel
  • subtree