Skip to main content
A newer release of this product is available.

Retrieve the LDAP configuration for the cluster

Contributors

GET /security/authentication/cluster/ldap

Introduced In: 9.6

Retrieves the cluster LDAP configuration.

Parameters

Name Type In Required Description

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok
Name Type Description

_links

_links

base_dn

string

Specifies the default base DN for all searches.

base_scope

string

Specifies the default search scope for LDAP queries:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

bind_as_cifs_server

boolean

Specifies whether or not CIFS server's credentials are used to bind to the LDAP server.

bind_dn

string

Specifies the user that binds to the LDAP servers.

bind_password

string

Specifies the bind password for the LDAP servers.

group_dn

string

Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups.

group_membership_filter

string

Specifies the custom filter used for group membership lookups from an LDAP server.

group_scope

string

Specifies the default search scope for LDAP for group lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

is_netgroup_byhost_enabled

boolean

Specifies whether or not netgroup by host querying is enabled.

is_owner

boolean

Specifies whether or not the SVM owns the LDAP client configuration.

ldaps_enabled

boolean

Specifies whether or not LDAPS is enabled.

min_bind_level

string

The minimum bind authentication level. Possible values are:

  • anonymous - anonymous bind

  • simple - simple bind

  • sasl - Simple Authentication and Security Layer (SASL) bind

netgroup_byhost_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups.

netgroup_byhost_scope

string

Specifies the default search scope for LDAP for netgroup by host lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

netgroup_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups.

netgroup_scope

string

Specifies the default search scope for LDAP for netgroup lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

port

integer

The port used to connect to the LDAP Servers.

query_timeout

integer

Specifies the maximum time to wait for a query response from the LDAP server, in seconds.

schema

string

The name of the schema template used by the SVM.

  • AD-IDMU - Active Directory Identity Management for UNIX

  • AD-SFU - Active Directory Services for UNIX

  • MS-AD-BIS - Active Directory Identity Management for UNIX

  • RFC-2307 - Schema based on RFC 2307

  • Custom schema

servers

array[string]

session_security

string

Specifies the level of security to be used for LDAP communications:

  • none - no signing or sealing

  • sign - sign LDAP traffic

  • seal - seal and sign LDAP traffic

skip_config_validation

boolean

Indicates whether or not the validation for the specified LDAP configuration is disabled.

status

status

try_channel_binding

boolean

Specifies whether or not channel binding is attempted in the case of TLS/LDAPS.

use_start_tls

boolean

Specifies whether or not to use Start TLS over LDAP connections.

user_dn

string

Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups.

user_scope

string

Specifies the default search scope for LDAP for user lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

Example response
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "base_dn": "string",
  "base_scope": "string",
  "bind_dn": "string",
  "bind_password": "string",
  "group_dn": "string",
  "group_membership_filter": "string",
  "group_scope": "string",
  "min_bind_level": "string",
  "netgroup_byhost_dn": "string",
  "netgroup_byhost_scope": "string",
  "netgroup_dn": "string",
  "netgroup_scope": "string",
  "port": 389,
  "schema": "string",
  "servers": [
    "string"
  ],
  "session_security": "string",
  "status": {
    "code": 65537300,
    "dn_message": [
      "string"
    ],
    "message": "string",
    "state": "string"
  },
  "user_dn": "string",
  "user_scope": "string"
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

status

Name Type Description

code

integer

Code corresponding to the status message.

dn_message

array[string]

message

string

Provides additional details on the status of the LDAP service.

state

string

Specifies the status of the LDAP service.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.