Input Name	Range	Type	Description
desired-attributes		ldap-client optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..100]	integer optional	The maximum number of records to return in this call. Default: 20
query		ldap-client optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the ldap-client object. All ldap-client objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		ldap-client[] optional	The list of attributes of ldap-client objects.
next-tag		string optional	Tag for the next call. Not present when there are no more ldap-client objects to return.
num-records	[0..100]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Retrieve the list of Lightweight Directory Access Protocol (LDAP) client schema configurations that are defined for the cluster.

Input Name	Range	Type	Description
desired-attributes		ldap-client-schema optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..100]	integer optional	The maximum number of records to return in this call. Default: 20
query		ldap-client-schema optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the ldap-client-schema object. All ldap-client-schema objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		ldap-client-schema[] optional	The list of attributes of ldap-client-schema objects.
next-tag		string optional	Tag for the next call. Not present when there are no more ldap-client-schema objects to return.
num-records	[0..100]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Create a new association between a Lightweight Directory Access Protocol (LDAP) client configuration and a Vserver. A Vserver can have only one client configuration associated with it.

Input Name	Range	Type	Description
client-config		string	The name of an existing Lightweight Directory Access Protocol (LDAP) client configuration. The LDAP client configuration can be created using the ldap-client-create API. The ldap-client-get-iter API can be used to retrieve the list of available LDAP client configurations for the cluster.
client-enabled		boolean	If true, the corresponding Lightweight Directory Access Protocol (LDAP) configuration is enabled for this Vserver.
return-record		boolean optional	If set to true, returns the ldap-config on successful creation. Default: false
Output Name	Range	Type	Description
result		ldap-config optional	The ldap-config created (keys or the entire object if requested)

Errno	Description
EINTERNALERROR

Delete a Vserver's association with a Lightweight Directory Access Protocol (LDAP) configuration.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR

Retrieve the list of Lightweight Directory Access Protocol (LDAP) configurations in the cluster.

Input Name	Range	Type	Description
desired-attributes		ldap-config optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..100]	integer optional	The maximum number of records to return in this call. Default: 20
query		ldap-config optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the ldap-config object. All ldap-config objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		ldap-config[] optional	The list of attributes of ldap-config objects.
next-tag		string optional	Tag for the next call. Not present when there are no more ldap-config objects to return.
num-records	[0..100]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Modify the Lightweight Directory Access Protocol (LDAP) configuration for a Vserver.

Input Name	Range	Type	Description
client-config		string optional	The name of an existing Lightweight Directory Access Protocol (LDAP) client configuration. The LDAP client configuration can be created using the ldap-client-create API. The ldap-client-get-iter API can be used to retrieve the list of available LDAP client configurations for the cluster.
client-enabled		boolean optional	If true, the corresponding Lightweight Directory Access Protocol (LDAP) configuration is enabled for this Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR

LDAP Client Information. Each entry specifies an LDAP client configuration that can be associated with a Vserver using the ldap-config-create API. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
ad-domain		string optional	The Active Directory Domain Name for this LDAP configuration. The option is ONLY applicable for configurations using Active Directory LDAP servers. Attributes: optional-for-create, modifiable
base-dn		ldap-dn optional	Indicates the starting point for searches within the LDAP directory tree. If omitted, searches will start at the root of the directory tree. Attributes: optional-for-create, modifiable
base-scope		ldap-search-scope optional	This indicates the scope for LDAP search. If omitted, this parameter defaults to 'subtree'. Attributes: optional-for-create, modifiable Possible values: "base" - Search only the base directory entry, "onelevel" - Search the base directory entry and the children of the base entry, "subtree" - Search the base directory entry and all its decendants
bind-as-cifs-server		boolean optional	If set, the cluster will use the CIFS server's credentials to bind to the LDAP server. If omitted, this parameter defaults to 'true' if the configuration uses Active Directory LDAP and defaults to 'false' otherwise. Attributes: optional-for-create, modifiable
bind-dn		ldap-dn optional	The Bind Distinguished Name (DN) is the LDAP identity used during the authentication process by the clients. This is required if the LDAP server does not support anonymous binds. This field is not used if 'bind-as-cfs-server' is set to 'true'. Example : cn=username,cn=Users,dc=example,dc=com Attributes: optional-for-create, modifiable
bind-password		string optional	The password to be used with the bind-dn. Attributes: optional-for-create, modifiable
group-dn		ldap-dn optional	The Group Distinguished Name (DN), if specified, is used as the starting point in the LDAP directory tree for group lookups. If not specified, group lookups will start at the base-dn. Attributes: optional-for-create, modifiable
group-scope		ldap-search-scope optional	This indicates the scope for LDAP search when doing group lookups. Attributes: optional-for-create, modifiable Possible values: "base" - Search only the base directory entry, "onelevel" - Search the base directory entry and the children of the base entry, "subtree" - Search the base directory entry and all its decendants
ldap-client-config		string optional	The name of the LDAP client configuration. Attributes: key, required-for-create, non-modifiable
min-bind-level		ldap-auth-method optional	The minimum authentication level that can be used to authenticate with the LDAP server. If omitted, this parameter defaults to 'sasl' if the configuration uses Active Directory LDAP. For configurations that use LDAP servers from other vendors, this parameter defaults to 'simple' if a 'bind-dn' is specified and 'anonymous' otherwise. Attributes: optional-for-create, modifiable Possible values: "anonymous" - Anonymous bind, "simple" - Simple bind, "sasl" - Simple Authentication and Security Layer (SASL) bind
netgroup-dn		ldap-dn optional	The Netgoup Distinguished Name (DN), if specified, is used as the starting point in the LDAP directory tree for netgroup lookups. If not specified, netgroup lookups will start at the base-dn. Attributes: optional-for-create, modifiable
netgroup-scope		ldap-search-scope optional	This indicates the scope for LDAP search when doing netgroup lookups. Attributes: optional-for-create, modifiable Possible values: "base" - Search only the base directory entry, "onelevel" - Search the base directory entry and the children of the base entry, "subtree" - Search the base directory entry and all its decendants
preferred-ad-servers		ip-address[] optional	Preferred Active Directory (AD) Domain controllers to use for this configuration. This option is ONLY applicable for configurations using Active Directory LDAP servers Attributes: optional-for-create, modifiable
query-timeout	[0..10]	integer optional	Maximum time in seconds to wait for a query response from the LDAP server. The default for this parameter is 3 seconds. Attributes: optional-for-create, modifiable
schema		string optional	LDAP schema to use for this configuration. The list of possible schemas can be obtained using the ldap-client-schema-get-iter API. Attributes: required-for-create, modifiable
servers		ip-address[] optional	List of LDAP Server IP addresses to use for this configuration. The option is NOT applicable for configurations using Active Directory LDAP servers. Attributes: optional-for-create, modifiable
tcp-port	[1..65535]	integer optional	The TCP port on the LDAP server to use for this configuration. If omitted, this parameter defaults to 389. Attributes: optional-for-create, modifiable
user-dn		ldap-dn optional	The User Distinguished Name (DN), if specified, is used as the starting point in the LDAP directory tree for user lookups. If this parameter is omitted, user lookups will start at the base-dn. Attributes: optional-for-create, modifiable
user-scope		ldap-search-scope optional	This indicates the scope for LDAP search when doing user lookups. Attributes: optional-for-create, modifiable Possible values: "base" - Search only the base directory entry, "onelevel" - Search the base directory entry and the children of the base entry, "subtree" - Search the base directory entry and all its decendants

An LDAP Client Schema Definition. A schema definition is a way of defining what attribute names are to be used in LDAP queries to get information that the storage system needs for its operation. This will depend on the schema that the LDAP server supports. For example, to query for user account information, the LDAP query should ask for the 'posixAccount' class if the LDAP server is compatible with RFC-2307 and it should ask for 'User' class if the LDAP server is an Active Directory LDAP Server. The default LDAP configuration has two schemas defined namely 'RFC-2307' and 'AD-SFU'. The 'RFC-2307' schema is the default schema that should be used to query servers that support RFC-2307. The 'AD-SFU' schema is the default schema that should be used to query Active Directory LDAP servers. These schemas are read-only and cannot be modified. The default schemas will work with most common LDAP configurations. If it is required to support other schema configurations, one of the existing schemas can be copied using the 'ldap-client-schema-copy' API and modified using the 'ldap-client-schema-modify' API to work for the new configuration. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
cn-group-attribute		string optional	Name that represents the RFC 2256 cn attribute used by RFC 2307 when working with groups. Attributes: optional-for-create, modifiable
cn-netgroup-attribute		string optional	Name that represents the RFC 2256 cn attribute used by RFC 2307 when working with netgroups. Attributes: optional-for-create, modifiable
comment		string optional	A comment that can be associated with the schema. Attributes: optional-for-create, modifiable
gecos-attribute		string optional	Name that represents the RFC 2307 gecos attribute. Attributes: optional-for-create, modifiable
gid-number-attribute		string optional	Name that represents the RFC 2307 gidNumber attribute. Attributes: optional-for-create, modifiable
home-directory-attribute		string optional	Name that represents the RFC 2307 homeDirectory attribute. Attributes: optional-for-create, modifiable
login-shell-attribute		string optional	Name that represents the RFC 2307 loginShell attribute. Attributes: optional-for-create, modifiable
member-nis-netgroup-attribute		string optional	Name that represents the RFC 2307 memberNisNetgroup attribute. Attributes: optional-for-create, modifiable
member-uid-attribute		string optional	Name that represents the RFC 2307 memberUid attribute. Attributes: optional-for-create, modifiable
nis-netgroup-object-class		string optional	Name that represents the RFC 2307 nisNetgroup object class. Attributes: optional-for-create, modifiable
nis-netgroup-triple-attribute		string optional	Name that represents the RFC 2307 nisNetgroupTriple attribute. Attributes: optional-for-create, modifiable
posix-account-object-class		string optional	Name that represents the RFC 2307 posixAccount object class. Attributes: optional-for-create, modifiable
posix-group-object-class		string optional	Name that represents the RFC 2307 posixGroup object class. Attributes: optional-for-create, modifiable
schema		string optional	A name for the schema. Attributes: key, required-for-create, non-modifiable
uid-attribute		string optional	Name that represents the RFC 1274 userid attribute used by RFC 2307 as uid. Attributes: optional-for-create, modifiable
uid-number-attribute		string optional	Name that represents the RFC 2307 uidNumber attribute. Attributes: optional-for-create, modifiable
user-password-attribute		string optional	Name that represents the RFC 2256 userPassword attribute used by RFC 2307. Attributes: optional-for-create, modifiable
windows-account-attribute		string optional	Attribute name to be used to get the windows account information for a unix user account. Attributes: optional-for-create, modifiable

Lightweight Directory Access Protocol (LDAP) configuration. Specifies the LDAP client configuration that is associated with this Vserver and whether the configuration is enabled. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
client-config		string optional	The name of an existing Lightweight Directory Access Protocol (LDAP) client configuration. The LDAP client configuration can be created using the ldap-client-create API. The ldap-client-get-iter API can be used to retrieve the list of available LDAP client configurations for the cluster. Attributes: required-for-create, modifiable
client-enabled		boolean optional	If true, the corresponding Lightweight Directory Access Protocol (LDAP) configuration is enabled for this Vserver. Attributes: required-for-create, modifiable

IPv4 address in dotted notation as '192.168.125.123'

[none]

anonymous|simple|sasl Possible values: "anonymous" - Anonymous bind, "simple" - Simple bind, "sasl" - Simple Authentication and Security Layer (SASL) bind

[none]

LDAP Distinguished Name

[none]

base|onelevel|subtree Possible values: "base" - Search only the base directory entry, "onelevel" - Search the base directory entry and the children of the base entry, "subtree" - Search the base directory entry and all its decendants

[none]