Create a new LDAP client schema
Suggest changes
PDFs
If the LDAP schema in your environment differs from the ONTAP defaults, you must create a new LDAP client schema for ONTAP before creating the LDAP client configuration.
Most LDAP servers can use the default schemas provided by ONTAP:
-
MS-AD-BIS (the preferred schema for most Windows 2012 and later AD servers)
-
AD-IDMU (Windows 2008, Windows 2012 and later AD servers)
-
AD-SFU (Windows 2003 and earlier AD servers)
-
RFC-2307 (UNIX LDAP servers)
If you need to use a non-default LDAP schema, you must create it before creating the LDAP client configuration. Consult with your LDAP administrator before creating a new schema.
The default LDAP schemas provided by ONTAP cannot be modified. To create a new schema, you create a copy and then modify the copy accordingly.
-
Display the existing LDAP client schema templates to identify the one you want to copy:
vserver services name-service ldap client schema show -
Set the privilege level to advanced:
set -privilege advanced -
Make a copy of an existing LDAP client schema:
vserver services name-service ldap client schema copy -vserver vserver_name -schema existing_schema_name -new-schema-name new_schema_name -
Modify the new schema and customize it for your environment:
vserver services name-service ldap client schema modify -
Return to the admin privilege level:
set -privilege admin