Retrieve the LDAP configuration for the cluster

10/14/2025

PDFs

GET /security/authentication/cluster/ldap

Introduced In: 9.6

Retrieves the cluster LDAP configuration.

Parameters

Name	Type	In	Required	Description
fields	array[string]	query	False	Specify the fields to return.

Name

Type

Required

Description

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok

Name	Type	Description
_links	_links
base_dn	string	Specifies the default base DN for all searches.
base_scope	string	Specifies the default search scope for LDAP queries: base - search the named entry only onelevel - search all entries immediately below the DN subtree - search the named DN entry and the entire subtree below the DN
bind_as_cifs_server	boolean	Specifies whether or not CIFS server's credentials are used to bind to the LDAP server.
bind_dn	string	Specifies the user that binds to the LDAP servers.
group_dn	string	Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups.
group_membership_filter	string	Specifies the custom filter used for group membership lookups from an LDAP server.
group_scope	string	Specifies the default search scope for LDAP for group lookups: base - search the named entry only onelevel - search all entries immediately below the DN subtree - search the named DN entry and the entire subtree below the DN
is_netgroup_byhost_enabled	boolean	Specifies whether or not netgroup by host querying is enabled.
is_owner	boolean	Specifies whether or not the SVM owns the LDAP client configuration.
ldaps_enabled	boolean	Specifies whether or not LDAPS is enabled.
min_bind_level	string	The minimum bind authentication level. Possible values are: anonymous - anonymous bind simple - simple bind sasl - Simple Authentication and Security Layer (SASL) bind
netgroup_byhost_dn	string	Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups.
netgroup_byhost_scope	string	Specifies the default search scope for LDAP for netgroup by host lookups: base - search the named entry only onelevel - search all entries immediately below the DN subtree - search the named DN entry and the entire subtree below the DN
netgroup_dn	string	Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups.
netgroup_scope	string	Specifies the default search scope for LDAP for netgroup lookups: base - search the named entry only onelevel - search all entries immediately below the DN subtree - search the named DN entry and the entire subtree below the DN
port	integer	The port used to connect to the LDAP Servers.
query_timeout	integer	Specifies the maximum time to wait for a query response from the LDAP server, in seconds.
schema	string	The name of the schema template used by the SVM. AD-IDMU - Active Directory Identity Management for UNIX AD-SFU - Active Directory Services for UNIX MS-AD-BIS - Active Directory Identity Management for UNIX RFC-2307 - Schema based on RFC 2307 Custom schema
servers	array[string]
session_security	string	Specifies the level of security to be used for LDAP communications: none - no signing or sealing sign - sign LDAP traffic seal - seal and sign LDAP traffic
status	status
try_channel_binding	boolean	Specifies whether or not channel binding is attempted in the case of TLS/LDAPS.
use_start_tls	boolean	Specifies whether or not to use Start TLS over LDAP connections.
user_dn	string	Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups.
user_scope	string	Specifies the default search scope for LDAP for user lookups: base - search the named entry only onelevel - search all entries immediately below the DN subtree - search the named DN entry and the entire subtree below the DN

Name

Type

Description

_links

base_dn

string

Specifies the default base DN for all searches.

base_scope

string

Specifies the default search scope for LDAP queries:

base - search the named entry only
onelevel - search all entries immediately below the DN
subtree - search the named DN entry and the entire subtree below the DN

bind_as_cifs_server

boolean

Specifies whether or not CIFS server's credentials are used to bind to the LDAP server.

bind_dn

string

Specifies the user that binds to the LDAP servers.

group_dn

string

Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups.

group_membership_filter

string

Specifies the custom filter used for group membership lookups from an LDAP server.

group_scope

string

Specifies the default search scope for LDAP for group lookups:

base - search the named entry only
onelevel - search all entries immediately below the DN
subtree - search the named DN entry and the entire subtree below the DN

is_netgroup_byhost_enabled

boolean

Specifies whether or not netgroup by host querying is enabled.

is_owner

boolean

Specifies whether or not the SVM owns the LDAP client configuration.

ldaps_enabled

boolean

Specifies whether or not LDAPS is enabled.

min_bind_level

string

The minimum bind authentication level. Possible values are:

anonymous - anonymous bind
simple - simple bind
sasl - Simple Authentication and Security Layer (SASL) bind

netgroup_byhost_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups.

netgroup_byhost_scope

string

Specifies the default search scope for LDAP for netgroup by host lookups:

base - search the named entry only
onelevel - search all entries immediately below the DN
subtree - search the named DN entry and the entire subtree below the DN

netgroup_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups.

netgroup_scope

string

Specifies the default search scope for LDAP for netgroup lookups:

base - search the named entry only
onelevel - search all entries immediately below the DN
subtree - search the named DN entry and the entire subtree below the DN

port

integer

The port used to connect to the LDAP Servers.

query_timeout

integer

Specifies the maximum time to wait for a query response from the LDAP server, in seconds.

schema

string

The name of the schema template used by the SVM.

AD-IDMU - Active Directory Identity Management for UNIX
AD-SFU - Active Directory Services for UNIX
MS-AD-BIS - Active Directory Identity Management for UNIX
RFC-2307 - Schema based on RFC 2307
Custom schema

servers

array[string]

session_security

string

Specifies the level of security to be used for LDAP communications:

none - no signing or sealing
sign - sign LDAP traffic
seal - seal and sign LDAP traffic

status

try_channel_binding

boolean

Specifies whether or not channel binding is attempted in the case of TLS/LDAPS.

use_start_tls

boolean

Specifies whether or not to use Start TLS over LDAP connections.

user_dn

string

Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups.

user_scope

string

Specifies the default search scope for LDAP for user lookups:

base - search the named entry only
onelevel - search all entries immediately below the DN
subtree - search the named DN entry and the entire subtree below the DN

Example response

{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "base_dn": "string",
  "base_scope": "string",
  "bind_dn": "string",
  "group_dn": "string",
  "group_membership_filter": "string",
  "group_scope": "string",
  "min_bind_level": "string",
  "netgroup_byhost_dn": "string",
  "netgroup_byhost_scope": "string",
  "netgroup_dn": "string",
  "netgroup_scope": "string",
  "port": 389,
  "schema": "string",
  "servers": [
    "string"
  ],
  "session_security": "string",
  "skip_config_validation": true,
  "status": {
    "code": 65537300,
    "dn_message": [
      "string"
    ],
    "ipv4_state": "string",
    "ipv6_state": "string",
    "message": "string",
    "state": "string"
  },
  "user_dn": "string",
  "user_scope": "string"
}

Error

Status: Default, Error

Name	Type	Description
error	error

Name

Type

Description

error

Example error

{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

status

Name Type Description

Name	Type	Description
code	integer	Code corresponding to the error message. If there is no error, it will be 0 to indicate success.
dn_message	array[string]
ipv4_state	string	The status of the LDAP service with IPv4 address.
ipv6_state	string	The status of the LDAP service with IPv6 address.
message	string	Provides additional details on the error if `ipv4_state` or `ipv6_state` is down. If both `ipv4_state` and `ipv6_state` are up, it provides details of the IP addresses that are connected successfully.
state	string	The status of the LDAP service for the SVM. The LDAP service is up if either `ipv4_state` or `ipv6_state` is up. The LDAP service is down if both `ipv4_state` and `ipv6_state` are down.

code

integer

Code corresponding to the error message. If there is no error, it will be 0 to indicate success.

dn_message

array[string]

ipv4_state

string

The status of the LDAP service with IPv4 address.

ipv6_state

string

The status of the LDAP service with IPv6 address.

message

string

Provides additional details on the error if ipv4_state or ipv6_state is down. If both ipv4_state and ipv6_state are up, it provides details of the IP addresses that are connected successfully.

state

string

The status of the LDAP service for the SVM. The LDAP service is up if either ipv4_state or ipv6_state is up. The LDAP service is down if both ipv4_state and ipv6_state are down.

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Retrieve the LDAP configuration for the cluster

Creating your file...

Parameters

Response

Error

Definitions