Create a new LDAP client schema

Contributors

If the LDAP schema in your environment differs from the ONTAP defaults, you must create a new LDAP client schema for ONTAP before creating the LDAP client configuration.

About this task

Most LDAP servers can use the default schemas provided by ONTAP:

  • MS-AD-BIS (the preferred schema for most Windows 2012 and later AD servers)

  • AD-IDMU (Windows 2008, Windows 2012 and later AD servers)

  • AD-SFU (Windows 2003 and earlier AD servers)

  • RFC-2307 (UNIX LDAP servers)

If you need to use a non-default LDAP schema, you must create it before creating the LDAP client configuration. Consult with your LDAP administrator before creating a new schema.

The default LDAP schemas provided by ONTAP cannot be modified. To create a new schema, you create a copy and then modify the copy accordingly.

Steps
  1. Display the existing LDAP client schema templates to identify the one you want to copy:

    vserver services name-service ldap client schema show

  2. Set the privilege level to advanced:

    set -privilege advanced

  3. Make a copy of an existing LDAP client schema:

    vserver services name-service ldap client schema copy -vserver vserver_name -schema existing_schema_name -new-schema-name new_schema_name

  4. Modify the new schema and customize it for your environment:

    vserver services name-service ldap client schema modify

  5. Return to the admin privilege level:

    set -privilege admin