vserver services name-service ldap client show
Display LDAP client configurations
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver services name-service ldap client show
command displays information about LDAP client configurations which a Vserver can be associated with. An LDAP client configuration created by a Vserver's administrator or by the cluster administrator for the Vserver is owned by the Vserver. A cluster-wide LDAP client configuration is created by a cluster administrator by specifying the admin Vserver's name as a value to the -vserver parameter. In addition to its owned LDAP client configurations, a Vserver can be associated with such cluster-wide LDAP client configurations.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays detailed information about all fields. [-vserver <Vserver Name>]
- Vserver-
If you specify this parameter, the command displays all LDAP client configurations that can be associated with the specified Vserver. A data Vserver or admin Vserver can be specified.
[-client-config <text>]
- Client Configuration Name-
If you specify this parameter, the command displays information about the LDAP client configuration you specify.
[-ldap-servers <text>,…]
- LDAP Server List-
If you specify this parameter, the command displays LDAP client configurations using the specified list of LDAP servers.
[-servers <IP Address>,…]
- (DEPRECATED)-LDAP Server List-
(DEPRECATED)-If you specify this parameter, the command displays LDAP client configurations using the specified list of LDAP servers.
[-ad-domain <TextNoCase>]
- Active Directory Domain-
If you specify this parameter, the command displays LDAP client configurations using the specified domain to discover their list of LDAP servers.
[-preferred-ad-servers <IP Address>,…]
- Preferred Active Directory Servers-
If you specify this parameter, the command displays LDAP client configurations using the specified list of preferred servers.
[-restrict-discovery-to-site {true|false}]
- Restrict discovery to site scope-
If you specify this parameter, the command displays only the LDAP client configurations that do site-scope discovery.
[-bind-as-cifs-server {true|false}]
- Bind Using the Vserver's CIFS Credentials-
If you specify this parameter, the command displays LDAP client configurations that bind using CIFS server credentials. If the CIFS server is in workgroup mode, the value of this parameter should be false.
[-schema <text>]
- Schema Template-
If you specify this parameter, the command displays LDAP client configurations using the specified schema.
[-port <integer>]
- LDAP Server Port-
If you specify this parameter, the command displays LDAP client configurations using the specified server port.
[-query-timeout <integer>]
- Query Timeout (sec)-
If you specify this parameter, the command displays LDAP client configurations using the specified query timeout (in seconds).
[-min-bind-level {anonymous|simple|sasl}]
- Minimum Bind Authentication Level-
If you specify this parameter, the command displays LDAP client configurations using the specified minimum bind level.
[-bind-dn <ldap_dn>]
- Bind DN (User)-
If you specify this parameter, the command displays LDAP client configurations using the specified bind DN.
[-base-dn <ldap_dn>]
- Base DN-
If you specify this parameter, the command displays LDAP client configurations using the specified base DN.
[-base-scope {base|onelevel|subtree}]
- Base Search Scope-
If you specify this parameter, the command displays LDAP client configurations using the specified base search scope.
[-user-dn <ldap_dn>]
- User DN (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified user DN.
[-user-scope {base|onelevel|subtree}]
- User Search Scope (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified user search scope.
[-group-dn <ldap_dn>]
- Group DN (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified group DN.
[-group-scope {base|onelevel|subtree}]
- Group Search Scope (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified group search scope.
[-netgroup-dn <ldap_dn>]
- Netgroup DN (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified netgroup DN.
[-netgroup-scope {base|onelevel|subtree}]
- Netgroup Search Scope (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified netgroup search scope.
[-is-owner {true|false}]
- Vserver Owns Configuration-
If you set this parameter to true, the command displays LDAP client configurations with the Vservers which own them.
[-use-start-tls {true|false}]
- Use start-tls Over LDAP Connections-
This parameter specifies whether or not to use Start TLS over LDAP connections. When enabled, the communication between the ONTAP LDAP Client and the LDAP Server will be encrypted using Start TLS. Start TLS is a mechanism to provide secure communication by using the TLS/SSL protocols. If you do not specify this parameter, the default is
false
. [-is-netgroup-byhost-enabled {true|false}]
- Enable Netgroup-By-Host Lookup (privilege: advanced)-
If you set this parameter to true, the command displays LDAP client configurations for which netgroup-by-host lookup is enabled.
[-netgroup-byhost-dn <ldap_dn>]
- Netgroup-By-Host DN (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified netgroup-by-host DN.
[-netgroup-byhost-scope {base|onelevel|subtree}]
- Netgroup-By-Host Scope (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified netgroup-by-host search scope.
[-session-security {none|sign|seal}]
- Client Session Security-
If this parameter is set to seal, the command displays LDAP client configurations where both signing and sealing are required for LDAP communications. If set to sign, the command displays LDAP client configurations where only signing is required for LDAP communications. If set to none, the command displays LDAP client configurations where no security is required for LDAP communications.
[-referral-enabled {true|false}]
- LDAP Referral Chasing-
If you specify this parameter, the command displays information about LDAP referral configurations using the specified client.
[-group-membership-filter <text>]
- Group Membership Filter (privilege: advanced)-
If you specify this parameter, the command displays LDAP client configurations using the specified group-membership filter.
[-ldaps-enabled {true|false}]
- Is LDAPS Enabled-
If you specify this parameter, the command displays LDAP client configurations using the specified value of this parameter.
[-try-channel-binding {true|false}]
- Try Channel Binding-
If you specify this parameter, the command displays LDAP client configurations using the specified channel binding.
Examples
The following example shows a summary of all of the LDAP client configurations available for Vserver vs1
:
cluster1::> vserver services name-service ldap client show -vserver vs1 Vserver Client LDAP Active Directory Minimum Configuration Servers Domain Schema Bind Level ---------- ------------- ---------------- ---------------- ---------- ---------- vs1 corp ldapserver. - RFC-2307 anonymous example.com vs1 corpnew 172.16.0.200 - RFC-2307 simple