Create the LDAP configuration for the cluster
POST /security/authentication/cluster/ldap
Introduced In: 9.6
A cluster can have only one LDAP configuration. IPv6 must be enabled if IPv6 family addresses are specified.
Required properties
-
servers
- List of LDAP servers used for this client configuration. -
bind_dn
- Specifies the user that binds to the LDAP servers. -
base_dn
- Specifies the default base DN for all searches.
Recommended optional properties
-
schema
- Schema template name. -
port
- Port used to connect to the LDAP Servers. -
min_bind_level
- Minimum bind authentication level. -
bind_password
- Specifies the bind password for the LDAP servers. -
base_scope
- Specifies the default search scope for LDAP queries. -
use_start_tls
- Specifies whether or not to use Start TLS over LDAP connections. -
session_security
- Specifies the level of security to be used for LDAP communications.
Default property values
-
schema
- RFC-2307 -
port
- 389 -
min_bind_level
- simple -
base_scope
- subtree -
use_start_tls
- false -
session_security
- none
Configuring more than one LDAP server is recommended to avoid a single point of failure. Both FQDNs and IP addresses are supported for the servers
property.
The LDAP servers are validated as part of this operation. LDAP validation fails in the following scenarios:
-
The server does not have LDAP installed.
-
The server is invalid.
-
The server is unreachable.
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
Name | Type | Description |
---|---|---|
_links |
||
base_dn |
string |
Specifies the default base DN for all searches. |
base_scope |
string |
Specifies the default search scope for LDAP queries:
|
bind_dn |
string |
Specifies the user that binds to the LDAP servers. |
bind_password |
string |
Specifies the bind password for the LDAP servers. |
min_bind_level |
string |
The minimum bind authentication level. Possible values are:
|
port |
integer |
The port used to connect to the LDAP Servers. |
schema |
string |
The name of the schema template used by the SVM.
|
servers |
array[string] |
|
session_security |
string |
Specifies the level of security to be used for LDAP communications:
|
use_start_tls |
boolean |
Specifies whether or not to use Start TLS over LDAP connections. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"base_dn": "string",
"base_scope": "string",
"bind_dn": "string",
"bind_password": "string",
"min_bind_level": "string",
"port": "389",
"schema": "string",
"servers": [
"string"
],
"session_security": "string"
}
Response
Status: 201, Created
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of LDAP records. |
records |
array[ldap_service] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"ad_domain": "string",
"base_dn": "string",
"base_scope": "string",
"bind_dn": "string",
"bind_password": "string",
"min_bind_level": "string",
"port": "389",
"preferred_ad_servers": [
"string"
],
"schema": "string",
"servers": [
"string"
],
"session_security": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
4915203 |
The specified LDAP schema does not exist. |
4915207 |
The specified LDAP servers contain duplicate server entries. |
4915229 |
DNS resolution failed due to an internal error. Contact technical support if this issue persists. |
4915231 |
DNS resolution failed for one or more of the specified LDAP servers. Verify that a valid DNS server is configured. |
23724132 |
DNS resolution failed for all the specified LDAP servers. Verify that a valid DNS server is configured. |
4915234 |
The specified LDAP server is not supported because it is one of the following: multicast, loopback, 0.0.0.0, or broadcast. |
4915248 |
LDAP servers cannot be empty or "-". Specified FQDN is invalid because it is empty or "-" or it contains either special characters or "-" at the start or end of the domain. |
4915251 |
STARTTLS and LDAPS cannot be used together. |
4915257 |
The LDAP configuration is invalid. Verify that bind-dn and bind password are correct. |
4915258 |
The LDAP configuration is invalid. Verify that the servers are reachable and that the network configuration is correct. |
13434916 |
The SVM is in the process of being created. Wait a few minutes, and then try the command again. |
23724130 |
Cannot use an IPv6 name server address because there are no IPv6 interfaces. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
cluster_ldap
Name | Type | Description |
---|---|---|
_links |
||
base_dn |
string |
Specifies the default base DN for all searches. |
base_scope |
string |
Specifies the default search scope for LDAP queries:
|
bind_dn |
string |
Specifies the user that binds to the LDAP servers. |
bind_password |
string |
Specifies the bind password for the LDAP servers. |
min_bind_level |
string |
The minimum bind authentication level. Possible values are:
|
port |
integer |
The port used to connect to the LDAP Servers. |
schema |
string |
The name of the schema template used by the SVM.
|
servers |
array[string] |
|
session_security |
string |
Specifies the level of security to be used for LDAP communications:
|
use_start_tls |
boolean |
Specifies whether or not to use Start TLS over LDAP connections. |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
ldap_service
Name | Type | Description |
---|---|---|
_links |
||
ad_domain |
string |
This parameter specifies the name of the Active Directory domain
used to discover LDAP servers for use by this client.
This is mutually exclusive with |
base_dn |
string |
Specifies the default base DN for all searches. |
base_scope |
string |
Specifies the default search scope for LDAP queries:
|
bind_dn |
string |
Specifies the user that binds to the LDAP servers. |
bind_password |
string |
Specifies the bind password for the LDAP servers. |
min_bind_level |
string |
The minimum bind authentication level. Possible values are:
|
port |
integer |
The port used to connect to the LDAP Servers. |
preferred_ad_servers |
array[string] |
|
schema |
string |
The name of the schema template used by the SVM.
|
servers |
array[string] |
|
session_security |
string |
Specifies the level of security to be used for LDAP communications:
|
svm |
||
use_start_tls |
boolean |
Specifies whether or not to use Start TLS over LDAP connections. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |