Retrieve the LDAP configuration for all SVMs
GET /name-services/ldap
Introduced In: 9.6
Retrieves the LDAP configurations for all SVMs.
Related ONTAP commands
-
ldap show
-
ldap check -vserver vs0
-
ldap check-ipv6 -vserver vs0
Important notes
-
The status.code, status.dn_message, status.message, and status.state fields have the same status fields that are returned using the "ldap check" CLI command.
-
Refer to the ipv4 or ipv6 objects available in the status field to get specific information about the code, dn_messages, or message and state information for ipv4 or ipv6.
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
status.ipv6.state |
string |
query |
False |
Filter by status.ipv6.state
|
status.ipv6.code |
integer |
query |
False |
Filter by status.ipv6.code
|
status.ipv6.dn_messages |
string |
query |
False |
Filter by status.ipv6.dn_messages
|
status.ipv6.message |
string |
query |
False |
Filter by status.ipv6.message
|
status.state |
string |
query |
False |
Filter by status.state
|
status.message |
string |
query |
False |
Filter by status.message
|
status.dn_message |
string |
query |
False |
Filter by status.dn_message
|
status.ipv4.state |
string |
query |
False |
Filter by status.ipv4.state
|
status.ipv4.code |
integer |
query |
False |
Filter by status.ipv4.code
|
status.ipv4.dn_messages |
string |
query |
False |
Filter by status.ipv4.dn_messages
|
status.ipv4.message |
string |
query |
False |
Filter by status.ipv4.message
|
status.code |
integer |
query |
False |
Filter by status.code
|
status.ipv4_state |
string |
query |
False |
Filter by status.ipv4_state
|
status.ipv6_state |
string |
query |
False |
Filter by status.ipv6_state
|
netgroup_byhost_scope |
string |
query |
False |
Filter by netgroup_byhost_scope
|
user_dn |
string |
query |
False |
Filter by user_dn
|
netgroup_byhost_dn |
string |
query |
False |
Filter by netgroup_byhost_dn
|
svm.uuid |
string |
query |
False |
Filter by svm.uuid
|
svm.name |
string |
query |
False |
Filter by svm.name
|
try_channel_binding |
boolean |
query |
False |
Filter by try_channel_binding
|
session_security |
string |
query |
False |
Filter by session_security
|
query_timeout |
integer |
query |
False |
Filter by query_timeout
|
is_owner |
boolean |
query |
False |
Filter by is_owner
|
group_membership_filter |
string |
query |
False |
Filter by group_membership_filter
|
bind_as_cifs_server |
boolean |
query |
False |
Filter by bind_as_cifs_server
|
user_scope |
string |
query |
False |
Filter by user_scope
|
group_scope |
string |
query |
False |
Filter by group_scope
|
bind_dn |
string |
query |
False |
Filter by bind_dn
|
is_netgroup_byhost_enabled |
boolean |
query |
False |
Filter by is_netgroup_byhost_enabled
|
port |
integer |
query |
False |
Filter by port
|
referral_enabled |
boolean |
query |
False |
Filter by referral_enabled
|
restrict_discovery_to_site |
boolean |
query |
False |
Filter by restrict_discovery_to_site
|
base_dn |
string |
query |
False |
Filter by base_dn
|
group_dn |
string |
query |
False |
Filter by group_dn
|
netgroup_scope |
string |
query |
False |
Filter by netgroup_scope
|
netgroup_dn |
string |
query |
False |
Filter by netgroup_dn
|
schema |
string |
query |
False |
Filter by schema
|
min_bind_level |
string |
query |
False |
Filter by min_bind_level
|
use_start_tls |
boolean |
query |
False |
Filter by use_start_tls
|
base_scope |
string |
query |
False |
Filter by base_scope
|
ad_domain |
string |
query |
False |
Filter by ad_domain
|
preferred_ad_servers |
string |
query |
False |
Filter by preferred_ad_servers
|
ldaps_enabled |
boolean |
query |
False |
Filter by ldaps_enabled
|
servers |
string |
query |
False |
Filter by servers
|
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of LDAP records. |
records |
array[ldap_service] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"ad_domain": "example.com",
"base_dn": "dc=domainB,dc=example,dc=com",
"base_scope": "string",
"bind_dn": "cn=Administrators,cn=users,dc=domainB,dc=example,dc=com",
"bind_password": "abc",
"group_dn": "cn=abc,users,dc=com",
"group_membership_filter": "",
"group_scope": "string",
"min_bind_level": "string",
"netgroup_byhost_dn": "cn=abc,users,dc=com",
"netgroup_byhost_scope": "string",
"netgroup_dn": "cn=abc,users,dc=com",
"netgroup_scope": "string",
"port": 389,
"preferred_ad_servers": [
"11.11.11.11"
],
"schema": "ad_idmu",
"servers": [
[
"10.10.10.10",
"domainB.example.com"
]
],
"session_security": "string",
"status": {
"code": 65537300,
"dn_message": [
"string"
],
"ipv4": {
"code": 65537300,
"dn_messages": [
"string"
],
"message": "string",
"state": "string"
},
"ipv4_state": "string",
"ipv6": {
"code": 65537300,
"dn_messages": [
"string"
],
"message": "string",
"state": "string"
},
"ipv6_state": "string",
"message": "string",
"state": "string"
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"user_dn": "cn=abc,users,dc=com",
"user_scope": "string"
}
]
}
Error
Status: Default
Following error codes can be thrown as part of LDAP status information, if LDAP status is needed to be retrieved.
Error Code | Description |
---|---|
4915229 |
DNS resolution failed due to an internal error. Contact technical support if this issue persists |
4915231 |
DNS resolution failed for one or more of the specified LDAP servers. Verify that a valid DNS server is configured |
23724132 |
DNS resolution failed for all the specified LDAP servers. Verify that a valid DNS server is configured |
4915258 |
The LDAP configuration is invalid. Verify that the Active Directory domain or servers are reachable and that the network configuration is correct |
4915263 |
Failed to check the current status of LDAP server. Reason: |
4915234 |
The specified LDAP server or preferred Active Directory server is not supported because it is one of the following: multicast, loopback, 0.0.0.0, or broadcast |
4915265 |
The specified bind password or bind DN is invalid |
4915264 |
Certificate verification failed. Verify that a valid certificate is installed |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
_links
Name | Type | Description |
---|---|---|
self |
ipv4
Name | Type | Description |
---|---|---|
code |
integer |
Code corresponding to the error message. If there is no error, it is 0 to indicate success. |
dn_messages |
array[string] |
|
message |
string |
Provides additional details on the error. |
state |
string |
Status of the LDAP service. |
ipv6
Name | Type | Description |
---|---|---|
code |
integer |
Code corresponding to the error message. If there is no error, it is 0 to indicate success. |
dn_messages |
array[string] |
|
message |
string |
Provides additional details on the error. |
state |
string |
Status of the LDAP service. |
status
Name | Type | Description |
---|---|---|
code |
integer |
This field is no longer supported. Use ipv4.code or ipv6.code instead. |
dn_message |
array[string] |
|
ipv4 |
||
ipv4_state |
string |
This field is no longer supported. Use ipv4.state instead. |
ipv6 |
||
ipv6_state |
string |
This field is no longer supported. Use ipv6.state instead. |
message |
string |
This field is no longer supported. Use ipv4.message or ipv6.message instead. |
state |
string |
The status of the LDAP service for the SVM. The LDAP service is up if either |
svm
SVM, applies only to SVM-scoped objects.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
ldap_service
Name | Type | Description |
---|---|---|
_links |
||
ad_domain |
string |
This parameter specifies the name of the Active Directory domain
used to discover LDAP servers for use by this client.
This is mutually exclusive with |
base_dn |
string |
Specifies the default base DN for all searches. |
base_scope |
string |
Specifies the default search scope for LDAP queries:
|
bind_as_cifs_server |
boolean |
Specifies whether or not CIFS server's credentials are used to bind to the LDAP server. |
bind_dn |
string |
Specifies the user that binds to the LDAP servers. |
bind_password |
string |
Specifies the bind password for the LDAP servers. |
group_dn |
string |
Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups. |
group_membership_filter |
string |
Specifies the custom filter used for group membership lookups from an LDAP server. |
group_scope |
string |
Specifies the default search scope for LDAP for group lookups:
|
is_netgroup_byhost_enabled |
boolean |
Specifies whether or not netgroup by host querying is enabled. |
is_owner |
boolean |
Specifies whether or not the SVM owns the LDAP client configuration. |
ldaps_enabled |
boolean |
Specifies whether or not LDAPS is enabled. |
min_bind_level |
string |
The minimum bind authentication level. Possible values are:
|
netgroup_byhost_dn |
string |
Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups. |
netgroup_byhost_scope |
string |
Specifies the default search scope for LDAP for netgroup by host lookups:
|
netgroup_dn |
string |
Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups. |
netgroup_scope |
string |
Specifies the default search scope for LDAP for netgroup lookups:
|
port |
integer |
The port used to connect to the LDAP Servers. |
preferred_ad_servers |
array[string] |
|
query_timeout |
integer |
Specifies the maximum time to wait for a query response from the LDAP server, in seconds. |
referral_enabled |
boolean |
Specifies whether or not LDAP referral is enabled. |
restrict_discovery_to_site |
boolean |
Specifies whether or not LDAP server discovery is restricted to site-scope. |
schema |
string |
The name of the schema template used by the SVM.
|
servers |
array[string] |
|
session_security |
string |
Specifies the level of security to be used for LDAP communications:
|
skip_config_validation |
boolean |
Indicates whether or not the validation for the specified LDAP configuration is disabled. |
status |
||
svm |
SVM, applies only to SVM-scoped objects. |
|
try_channel_binding |
boolean |
Specifies whether or not channel binding is attempted in the case of TLS/LDAPS. |
use_start_tls |
boolean |
Specifies whether or not to use Start TLS over LDAP connections. |
user_dn |
string |
Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups. |
user_scope |
string |
Specifies the default search scope for LDAP for user lookups:
|
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |