Skip to main content

Create an LDAP schema

Contributors

POST /name-services/ldap-schemas

Introduced In: 9.11

Creates an LDAP schema.

Important notes

  • To create a new schema, first create a copy of the default schemas provided by ONTAP and then modify the copy accordingly.

  • If no value is specified for the owner.uuid or owner.name fields, the cserver UUID and name are used by default.

  • vserver services name-service ldap client schema copy

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

_links

_links

comment

string

Comment to associate with the schema.

global_schema

boolean

A global schema that can be used by all the SVMs.

name

string

The name of the schema being created, modified or deleted.

name_mapping

ldap_schema_name_mapping

owner

owner

SVM, applies only to SVM-scoped objects.

rfc2307

rfc2307

rfc2307bis

rfc2307bis

scope

string

Scope of the entity. Set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

template

template

The existing schema template you want to copy.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "comment": "Schema based on Active Directory Services for UNIX (read-only).",
  "global_schema": 1,
  "name": "AD-SFU-v1",
  "name_mapping": {
    "account": {
      "unix": "windowsAccount",
      "windows": "windowsAccount"
    },
    "windows_to_unix": {
      "attribute": "windowsAccount",
      "no_domain_prefix": "",
      "object_class": "User"
    }
  },
  "owner": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "rfc2307": {
    "attribute": {
      "gecos": "name",
      "gid_number": "msSFU30GidNumber",
      "home_directory": "msSFU30HomeDirectory",
      "login_shell": "msSFU30LoginShell",
      "uid": "sAMAccountName",
      "uid_number": "msSFU30UidNumber",
      "user_password": "msSFU30Password"
    },
    "cn": {
      "group": "cn",
      "netgroup": "name"
    },
    "member": {
      "nis_netgroup": "msSFU30MemberNisNetgroup",
      "uid": "msSFU30MemberUid"
    },
    "nis": {
      "mapentry": "msSFU30NisMapEntry",
      "mapname": "msSFU30NisMapName",
      "netgroup": "msSFU30NisNetGroup",
      "netgroup_triple": "msSFU30MemberOfNisNetgroup",
      "object": "msSFU30NisObject"
    },
    "posix": {
      "account": "User",
      "group": "Group"
    }
  },
  "rfc2307bis": {
    "enabled": "",
    "group_of_unique_names": "groupOfUniqueNames",
    "maximum_groups": 256,
    "unique_member": "uniqueMember"
  },
  "scope": "string",
  "template": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "AD-SFU-v1"
  }
}

Response

Status: 201, Created
Name Type Description

_links

_links

comment

string

Comment to associate with the schema.

global_schema

boolean

A global schema that can be used by all the SVMs.

name

string

The name of the schema being created, modified or deleted.

name_mapping

ldap_schema_name_mapping

owner

owner

SVM, applies only to SVM-scoped objects.

rfc2307

rfc2307

rfc2307bis

rfc2307bis

scope

string

Scope of the entity. Set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

template

template

The existing schema template you want to copy.

Example response
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "comment": "Schema based on Active Directory Services for UNIX (read-only).",
  "global_schema": 1,
  "name": "AD-SFU-v1",
  "name_mapping": {
    "account": {
      "unix": "windowsAccount",
      "windows": "windowsAccount"
    },
    "windows_to_unix": {
      "attribute": "windowsAccount",
      "no_domain_prefix": "",
      "object_class": "User"
    }
  },
  "owner": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "rfc2307": {
    "attribute": {
      "gecos": "name",
      "gid_number": "msSFU30GidNumber",
      "home_directory": "msSFU30HomeDirectory",
      "login_shell": "msSFU30LoginShell",
      "uid": "sAMAccountName",
      "uid_number": "msSFU30UidNumber",
      "user_password": "msSFU30Password"
    },
    "cn": {
      "group": "cn",
      "netgroup": "name"
    },
    "member": {
      "nis_netgroup": "msSFU30MemberNisNetgroup",
      "uid": "msSFU30MemberUid"
    },
    "nis": {
      "mapentry": "msSFU30NisMapEntry",
      "mapname": "msSFU30NisMapName",
      "netgroup": "msSFU30NisNetGroup",
      "netgroup_triple": "msSFU30MemberOfNisNetgroup",
      "object": "msSFU30NisObject"
    },
    "posix": {
      "account": "User",
      "group": "Group"
    }
  },
  "rfc2307bis": {
    "enabled": "",
    "group_of_unique_names": "groupOfUniqueNames",
    "maximum_groups": 256,
    "unique_member": "uniqueMember"
  },
  "scope": "string",
  "template": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "AD-SFU-v1"
  }
}

Headers

Name Description Type

Location

Useful for tracking the resource location

string

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

2621706

The specified SVM UUID is incorrect for the specified SVM name.

4915221

LDAP schema name in use in data SVM.

4915222

LDAP schema name in use in admin SVM.

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

ldap_schema_account

Name Type Description

unix

string

Attribute name used to retrieve UNIX account information.

windows

string

Attribute name used to retrieve Windows account information for a UNIX user account.

windows_to_unix

Name Type Description

attribute

string

Attribute name used to retrieve the UNIX account information for a Windows user account.

no_domain_prefix

boolean

Indicates whether or not the name for Windows to UNIX name mapping should have a domain prefix.

object_class

string

Name used to represent the windowsToUnix object class.

ldap_schema_name_mapping

Name Type Description

account

ldap_schema_account

windows_to_unix

windows_to_unix

owner

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

attribute

Name Type Description

gecos

string

RFC 2307 gecos attribute.

gid_number

string

RFC 2307 gidNumber attribute.

home_directory

string

RFC 2307 homeDirectory attribute.

login_shell

string

RFC 2307 loginShell attribute.

uid

string

RFC 1274 userid attribute used by RFC 2307 as UID.

uid_number

string

RFC 2307 uidNumber attribute.

user_password

string

RFC 2256 userPassword attribute used by RFC 2307.

cn

Name Type Description

group

string

RFC 2256 cn attribute used by RFC 2307 when working with groups.

netgroup

string

RFC 2256 cn attribute used by RFC 2307 when working with netgroups.

member

Name Type Description

nis_netgroup

string

RFC 2307 memberNisNetgroup attribute.

uid

string

RFC 2307 memberUid attribute.

nis

Name Type Description

mapentry

string

RFC 2307 nisMapEntry attribute.

mapname

string

RFC 2307 nisMapName attribute.

netgroup

string

RFC 2307 nisNetgroup object class.

netgroup_triple

string

RFC 2307 nisNetgroupTriple attribute.

object

string

RFC 2307 nisObject object class.

posix

Name Type Description

account

string

RFC 2307 posixAccount object class.

group

string

RFC 2307 posixGroup object class.

rfc2307

Name Type Description

attribute

attribute

cn

cn

member

member

nis

nis

posix

posix

rfc2307bis

Name Type Description

enabled

boolean

Indicates whether RFC 2307bis is enabled for the client schema.

group_of_unique_names

string

RFC 2307bis groupOfUniqueNames object class.

maximum_groups