Skip to main content
A newer release of this product is available.

Retrieve the LDAP configuration for all SVMs

Contributors

GET /name-services/ldap

Introduced In: 9.6

Retrieves the LDAP configurations for all SVMs.

  • ldap show

  • ldap check -vserver vs0

  • ldap check-ipv6 -vserver vs0

Important notes

  • The status.code, status.dn_message, status.message, and status.state fields have the same status fields that are returned using the "ldap check" CLI command.

  • Refer to the ipv4 or ipv6 objects available in the status field to get specific information about the code, dn_messages, or message and state information for ipv4 or ipv6.

Parameters

Name Type In Required Description

status.ipv6.state

string

query

False

Filter by status.ipv6.state

  • Introduced in: 9.14

status.ipv6.code

integer

query

False

Filter by status.ipv6.code

  • Introduced in: 9.14

status.ipv6.dn_messages

string

query

False

Filter by status.ipv6.dn_messages

  • Introduced in: 9.14

status.ipv6.message

string

query

False

Filter by status.ipv6.message

  • Introduced in: 9.14

status.state

string

query

False

Filter by status.state

  • Introduced in: 9.9

status.message

string

query

False

Filter by status.message

  • Introduced in: 9.9

status.dn_message

string

query

False

Filter by status.dn_message

  • Introduced in: 9.9

status.ipv4.state

string

query

False

Filter by status.ipv4.state

  • Introduced in: 9.14

status.ipv4.code

integer

query

False

Filter by status.ipv4.code

  • Introduced in: 9.14

status.ipv4.dn_messages

string

query

False

Filter by status.ipv4.dn_messages

  • Introduced in: 9.14

status.ipv4.message

string

query

False

Filter by status.ipv4.message

  • Introduced in: 9.14

status.code

integer

query

False

Filter by status.code

  • Introduced in: 9.9

status.ipv4_state

string

query

False

Filter by status.ipv4_state

  • Introduced in: 9.13

status.ipv6_state

string

query

False

Filter by status.ipv6_state

  • Introduced in: 9.13

netgroup_byhost_scope

string

query

False

Filter by netgroup_byhost_scope

  • Introduced in: 9.9

user_dn

string

query

False

Filter by user_dn

  • Introduced in: 9.9

netgroup_byhost_dn

string

query

False

Filter by netgroup_byhost_dn

  • Introduced in: 9.9

svm.uuid

string

query

False

Filter by svm.uuid

  • Introduced in: 9.7

svm.name

string

query

False

Filter by svm.name

  • Introduced in: 9.7

try_channel_binding

boolean

query

False

Filter by try_channel_binding

  • Introduced in: 9.10

session_security

string

query

False

Filter by session_security

  • Introduced in: 9.7

query_timeout

integer

query

False

Filter by query_timeout

  • Introduced in: 9.9

is_owner

boolean

query

False

Filter by is_owner

  • Introduced in: 9.9

group_membership_filter

string

query

False

Filter by group_membership_filter

  • Introduced in: 9.9

bind_as_cifs_server

boolean

query

False

Filter by bind_as_cifs_server

  • Introduced in: 9.9

user_scope

string

query

False

Filter by user_scope

  • Introduced in: 9.9

group_scope

string

query

False

Filter by group_scope

  • Introduced in: 9.9

bind_dn

string

query

False

Filter by bind_dn

  • Introduced in: 9.7

is_netgroup_byhost_enabled

boolean

query

False

Filter by is_netgroup_byhost_enabled

  • Introduced in: 9.9

port

integer

query

False

Filter by port

  • Introduced in: 9.7

  • Max value: 65535

  • Min value: 1

referral_enabled

boolean

query

False

Filter by referral_enabled

  • Introduced in: 9.9

restrict_discovery_to_site

boolean

query

False

Filter by restrict_discovery_to_site

  • Introduced in: 9.13

base_dn

string

query

False

Filter by base_dn

  • Introduced in: 9.7

group_dn

string

query

False

Filter by group_dn

  • Introduced in: 9.9

netgroup_scope

string

query

False

Filter by netgroup_scope

  • Introduced in: 9.9

netgroup_dn

string

query

False

Filter by netgroup_dn

  • Introduced in: 9.9

schema

string

query

False

Filter by schema

  • Introduced in: 9.7

min_bind_level

string

query

False

Filter by min_bind_level

  • Introduced in: 9.7

use_start_tls

boolean

query

False

Filter by use_start_tls

  • Introduced in: 9.7

base_scope

string

query

False

Filter by base_scope

  • Introduced in: 9.7

ad_domain

string

query

False

Filter by ad_domain

  • Introduced in: 9.7

preferred_ad_servers

string

query

False

Filter by preferred_ad_servers

  • Introduced in: 9.7

ldaps_enabled

boolean

query

False

Filter by ldaps_enabled

  • Introduced in: 9.9

servers

string

query

False

Filter by servers

  • Introduced in: 9.7

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Max value: 120

  • Min value: 0

  • Default value: 1

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of LDAP records.

records

array[ldap_service]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "num_records": 1,
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "ad_domain": "example.com",
      "base_dn": "dc=domainB,dc=example,dc=com",
      "base_scope": "string",
      "bind_dn": "cn=Administrators,cn=users,dc=domainB,dc=example,dc=com",
      "bind_password": "abc",
      "group_dn": "cn=abc,users,dc=com",
      "group_membership_filter": "",
      "group_scope": "string",
      "min_bind_level": "string",
      "netgroup_byhost_dn": "cn=abc,users,dc=com",
      "netgroup_byhost_scope": "string",
      "netgroup_dn": "cn=abc,users,dc=com",
      "netgroup_scope": "string",
      "port": 389,
      "preferred_ad_servers": [
        "11.11.11.11"
      ],
      "schema": "ad_idmu",
      "servers": [
        [
          "10.10.10.10",
          "domainB.example.com"
        ]
      ],
      "session_security": "string",
      "status": {
        "code": 65537300,
        "dn_message": [
          "string"
        ],
        "ipv4": {
          "code": 65537300,
          "dn_messages": [
            "string"
          ],
          "message": "string",
          "state": "string"
        },
        "ipv4_state": "string",
        "ipv6": {
          "code": 65537300,
          "dn_messages": [
            "string"
          ],
          "message": "string",
          "state": "string"
        },
        "ipv6_state": "string",
        "message": "string",
        "state": "string"
      },
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "user_dn": "cn=abc,users,dc=com",
      "user_scope": "string"
    }
  ]
}

Error

Status: Default

Following error codes can be thrown as part of LDAP status information, if LDAP status is needed to be retrieved.

Error Code Description

4915229

DNS resolution failed due to an internal error. Contact technical support if this issue persists

4915231

DNS resolution failed for one or more of the specified LDAP servers. Verify that a valid DNS server is configured

23724132

DNS resolution failed for all the specified LDAP servers. Verify that a valid DNS server is configured

4915258

The LDAP configuration is invalid. Verify that the Active Directory domain or servers are reachable and that the network configuration is correct

4915263

Failed to check the current status of LDAP server. Reason:

4915234

The specified LDAP server or preferred Active Directory server is not supported because it is one of the following: multicast, loopback, 0.0.0.0, or broadcast

4915265

The specified bind password or bind DN is invalid

4915264

Certificate verification failed. Verify that a valid certificate is installed

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

ipv4

Name Type Description

code

integer

Code corresponding to the error message. If there is no error, it is 0 to indicate success.

dn_messages

array[string]

message

string

Provides additional details on the error.

state

string

Status of the LDAP service.

ipv6

Name Type Description

code

integer

Code corresponding to the error message. If there is no error, it is 0 to indicate success.

dn_messages

array[string]

message

string

Provides additional details on the error.

state

string

Status of the LDAP service.

status

Name Type Description

code

integer

This field is no longer supported. Use ipv4.code or ipv6.code instead.

dn_message

array[string]

ipv4

ipv4

ipv4_state

string

This field is no longer supported. Use ipv4.state instead.

ipv6

ipv6

ipv6_state

string

This field is no longer supported. Use ipv6.state instead.

message

string

This field is no longer supported. Use ipv4.message or ipv6.message instead.

state

string

The status of the LDAP service for the SVM. The LDAP service is up if either ipv4_state or ipv6_state is up. The LDAP service is down if both ipv4_state and ipv6_state are down.

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

ldap_service

Name Type Description

_links

_links

ad_domain

string

This parameter specifies the name of the Active Directory domain used to discover LDAP servers for use by this client. This is mutually exclusive with servers during POST and PATCH.

base_dn

string

Specifies the default base DN for all searches.

base_scope

string

Specifies the default search scope for LDAP queries:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

bind_as_cifs_server

boolean

Specifies whether or not CIFS server's credentials are used to bind to the LDAP server.

bind_dn

string

Specifies the user that binds to the LDAP servers.

bind_password

string

Specifies the bind password for the LDAP servers.

group_dn

string

Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups.

group_membership_filter

string

Specifies the custom filter used for group membership lookups from an LDAP server.

group_scope

string

Specifies the default search scope for LDAP for group lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

is_netgroup_byhost_enabled

boolean

Specifies whether or not netgroup by host querying is enabled.

is_owner

boolean

Specifies whether or not the SVM owns the LDAP client configuration.

ldaps_enabled

boolean

Specifies whether or not LDAPS is enabled.

min_bind_level

string

The minimum bind authentication level. Possible values are:

  • anonymous - anonymous bind

  • simple - simple bind

  • sasl - Simple Authentication and Security Layer (SASL) bind

netgroup_byhost_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups.

netgroup_byhost_scope

string

Specifies the default search scope for LDAP for netgroup by host lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

netgroup_dn

string

Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups.

netgroup_scope

string

Specifies the default search scope for LDAP for netgroup lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

port

integer

The port used to connect to the LDAP Servers.

preferred_ad_servers

array[string]

query_timeout

integer

Specifies the maximum time to wait for a query response from the LDAP server, in seconds.

referral_enabled

boolean

Specifies whether or not LDAP referral is enabled.

restrict_discovery_to_site

boolean

Specifies whether or not LDAP server discovery is restricted to site-scope.

schema

string

The name of the schema template used by the SVM.

  • AD-IDMU - Active Directory Identity Management for UNIX

  • AD-SFU - Active Directory Services for UNIX

  • MS-AD-BIS - Active Directory Identity Management for UNIX

  • RFC-2307 - Schema based on RFC 2307

  • Custom schema

servers

array[string]

session_security

string

Specifies the level of security to be used for LDAP communications:

  • none - no signing or sealing

  • sign - sign LDAP traffic

  • seal - seal and sign LDAP traffic

skip_config_validation

boolean

Indicates whether or not the validation for the specified LDAP configuration is disabled.

status

status

svm

svm

SVM, applies only to SVM-scoped objects.

try_channel_binding

boolean

Specifies whether or not channel binding is attempted in the case of TLS/LDAPS.

use_start_tls

boolean

Specifies whether or not to use Start TLS over LDAP connections.

user_dn

string

Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups.

user_scope

string

Specifies the default search scope for LDAP for user lookups:

  • base - search the named entry only

  • onelevel - search all entries immediately below the DN

  • subtree - search the named DN entry and the entire subtree below the DN

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.