Skip to main content
REST API reference
A newer release of this product is available.

Retrieve an LDAP configuration for all SVMs

PDFs

GET /name-services/ldap

Introduced In: 9.6

Retrieves the LDAP configurations for all SVMs.

Parameters

Name Type In Required Description

ad_domain

string

query

False

Filter by ad_domain

  • Introduced in: 9.7

bind_as_cifs_server

boolean

query

False

Filter by bind_as_cifs_server

  • Introduced in: 9.9

port

integer

query

False

Filter by port

  • Introduced in: 9.7

svm.uuid

string

query

False

Filter by svm.uuid

  • Introduced in: 9.7

svm.name

string

query

False

Filter by svm.name

  • Introduced in: 9.7

schema

string

query

False

Filter by schema

  • Introduced in: 9.7

netgroup_byhost_scope

string

query

False

Filter by netgroup_byhost_scope

  • Introduced in: 9.9

try_channel_binding

boolean

query

False

Filter by try_channel_binding

  • Introduced in: 9.10

group_membership_filter

string

query

False

Filter by group_membership_filter

  • Introduced in: 9.9

base_scope

string

query

False

Filter by base_scope

  • Introduced in: 9.7

user_scope

string

query

False

Filter by user_scope

  • Introduced in: 9.9

group_dn

string

query

False

Filter by group_dn

  • Introduced in: 9.9

is_owner

boolean

query

False

Filter by is_owner

  • Introduced in: 9.9

use_start_tls

boolean

query

False

Filter by use_start_tls

  • Introduced in: 9.7

status.state

string

query

False

Filter by status.state

  • Introduced in: 9.9

status.dn_message

string

query

False

Filter by status.dn_message

  • Introduced in: 9.9

status.message

string

query

False

Filter by status.message

  • Introduced in: 9.9

status.code

integer

query

False

Filter by status.code

  • Introduced in: 9.9

min_bind_level

string

query

False

Filter by min_bind_level

  • Introduced in: 9.7

servers

string

query

False

Filter by servers

  • Introduced in: 9.7

base_dn

string

query

False

Filter by base_dn

  • Introduced in: 9.7

netgroup_scope

string

query

False

Filter by netgroup_scope

  • Introduced in: 9.9

is_netgroup_byhost_enabled

boolean

query

False

Filter by is_netgroup_byhost_enabled

  • Introduced in: 9.9

session_security

string

query

False

Filter by session_security

  • Introduced in: 9.7

ldaps_enabled

boolean

query

False

Filter by ldaps_enabled

  • Introduced in: 9.9

preferred_ad_servers

string

query

False

Filter by preferred_ad_servers

  • Introduced in: 9.7

netgroup_byhost_dn

string

query

False

Filter by netgroup_byhost_dn

  • Introduced in: 9.9

bind_dn

string

query

False

Filter by bind_dn

  • Introduced in: 9.7

netgroup_dn

string

query

False

Filter by netgroup_dn

  • Introduced in: 9.9

group_scope

string

query

False

Filter by group_scope

  • Introduced in: 9.9

user_dn

string

query

False

Filter by user_dn

  • Introduced in: 9.9

query_timeout

integer

query

False

Filter by query_timeout

  • Introduced in: 9.9

referral_enabled

boolean

query

False

Filter by referral_enabled

  • Introduced in: 9.9

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 15

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of LDAP records.

records

array[ldap_service]
Example response 
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "ad_domain": "string",
      "base_dn": "string",
      "base_scope": "string",
      "bind_dn": "string",
      "group_dn": "string",
      "group_membership_filter": "string",
      "group_scope": "string",
      "min_bind_level": "string",
      "netgroup_byhost_dn": "string",
      "netgroup_byhost_scope": "string",
      "netgroup_dn": "string",
      "netgroup_scope": "string",
      "port": 389,
      "preferred_ad_servers": [
        "string"
      ],
      "schema": "string",
      "servers": [
        "string"
      ],
      "session_security": "string",
      "skip_config_validation": null,
      "status": {
        "code": 65537300,
        "dn_message": [
          "string"
        ],
        "message": "string",
        "state": "string"
      },
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "user_dn": "string",
      "user_scope": "string"
    }
  ]
}

Error

Status: Default

Following error codes can be thrown as part of LDAP status information, if LDAP status is needed to be retrieved.

Error Code Description

4915229

DNS resolution failed due to an internal error. Contact technical support if this issue persists

4915231

DNS resolution failed for one or more of the specified LDAP servers. Verify that a valid DNS server is configured

23724132

DNS resolution failed for all the specified LDAP servers. Verify that a valid DNS server is configured

4915258

The LDAP configuration is invalid. Verify that the Active Directory domain or servers are reachable and that the network configuration is correct

4915263

Failed to check the current status of LDAP server. Reason:

4915234

The specified LDAP server or preferred Active Directory server is not supported because it is one of the following: multicast, loopback, 0.0.0.0, or broadcast

4915265

The specified bind password or bind DN is invalid

4915264

Certificate verification failed. Verify that a valid certificate is installed
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

next

href

self

href

_links

Name Type Description

self

href

status

Name Type Description

code

integer

Code corresponding to the status message.

dn_message

array[string]

message

string

Provides additional details on the status of the LDAP service.

state

string

Specifies the status of the LDAP service.

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

ldap_service

Name Type Description

_links

_links

ad_domain

string

This parameter specifies the name of the Active Directory domain used to discover LDAP servers for use by this client. This is mutually exclusive with servers during POST and PATCH.

base_dn

string

Specifies the default base DN for all searches.

base_scope

string

Specifies the default search scope for LDAP queries:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

bind_as_cifs_server

boolean

Specifies whether or not CIFS server's credentials are used to bind to the LDAP server.

bind_dn

string

Specifies the user that binds to the LDAP servers.

group_dn

string

Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups.

group_membership_filter

string

Specifies the custom filter used for group membership lookups from an LDAP server.

group_scope

string

Specifies the default search scope for LDAP for group lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

is_netgroup_byhost_enabled

boolean

Specifies whether or not netgroup by host querying is enabled.

is_owner

boolean

Specifies whether or not the SVM owns the LDAP client configuration.

ldaps_enabled

boolean

Specifies whether or not LDAPS is enabled.

min_bind_level

string

The minimum bind authentication level. Possible values are:

  • anonymous - anonymous bind

  • simple - simple bind

  • sasl - Simple Authentication and Security Layer (SASL) bind

netgroup_byhost_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups.

netgroup_byhost_scope

string

Specifies the default search scope for LDAP for netgroup by host lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

netgroup_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups.

netgroup_scope

string

Specifies the default search scope for LDAP for netgroup lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

port

integer

The port used to connect to the LDAP Servers.

preferred_ad_servers

array[string]

query_timeout

integer

Specifies the maximum time to wait for a query response from the LDAP server, in seconds.

referral_enabled

boolean

Specifies whether or not LDAP referral is enabled.

schema

string

The name of the schema template used by the SVM.

  • AD-IDMU - Active Directory Identity Management for UNIX

  • AD-SFU - Active Directory Services for UNIX

  • MS-AD-BIS - Active Directory Identity Management for UNIX

  • RFC-2307 - Schema based on RFC 2307

  • Custom schema

servers

array[string]

session_security

string

Specifies the level of security to be used for LDAP communications:

  • none - no signing or sealing

  • sign - sign LDAP traffic

  • seal - seal and sign LDAP traffic

status

status

svm

svm

try_channel_binding

boolean

Specifies whether or not channel binding is attempted in the case of TLS/LDAPS.

use_start_tls

boolean

Specifies whether or not to use Start TLS over LDAP connections.

user_dn

string

Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups.

user_scope

string

Specifies the default search scope for LDAP for user lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.