ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver services name-service ldap client show

    Display LDAP client configurations

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver services name-service ldap client show command displays information about LDAP client configurations which a Vserver can be associated with. An LDAP client configuration created by a Vserver’s administrator or by the cluster administrator for the Vserver is owned by the Vserver. A cluster-wide LDAP client configuration is created by a cluster administrator by specifying the admin Vserver’s name as a value to the -vserver parameter. In addition to its owned LDAP client configurations, a Vserver can be associated with such cluster-wide LDAP client configurations.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    [-vserver <Vserver Name>] - Vserver

    If you specify this parameter, the command displays all LDAP client configurations that can be associated with the specified Vserver. A data Vserver or admin Vserver can be specified.

    [-client-config <text>] - Client Configuration Name

    If you specify this parameter, the command displays information about the LDAP client configuration you specify.

    [-ldap-servers <text>,…​] - LDAP Server List

    If you specify this parameter, the command displays LDAP client configurations using the specified list of LDAP servers.

    [-servers <IP Address>,…​] - (DEPRECATED)-LDAP Server List

    (DEPRECATED)-If you specify this parameter, the command displays LDAP client configurations using the specified list of LDAP servers.

    [-ad-domain <TextNoCase>] - Active Directory Domain

    If you specify this parameter, the command displays LDAP client configurations using the specified domain to discover their list of LDAP servers.

    [-preferred-ad-servers <IP Address>,…​] - Preferred Active Directory Servers

    If you specify this parameter, the command displays LDAP client configurations using the specified list of preferred servers.

    [-bind-as-cifs-server {true|false}] - Bind Using the Vserver’s CIFS Credentials

    If you specify this parameter, the command displays LDAP client configurations that bind using CIFS server credentials. If the CIFS server is in workgroup mode, the value of this parameter should be false.

    [-schema <text>] - Schema Template

    If you specify this parameter, the command displays LDAP client configurations using the specified schema.

    [-port <integer>] - LDAP Server Port

    If you specify this parameter, the command displays LDAP client configurations using the specified server port.

    [-query-timeout <integer>] - Query Timeout (sec)

    If you specify this parameter, the command displays LDAP client configurations using the specified query timeout (in seconds).

    [-min-bind-level {anonymous|simple|sasl}] - Minimum Bind Authentication Level

    If you specify this parameter, the command displays LDAP client configurations using the specified minimum bind level.

    [-bind-dn <ldap_dn>] - Bind DN (User)

    If you specify this parameter, the command displays LDAP client configurations using the specified bind DN.

    [-base-dn <ldap_dn>] - Base DN

    If you specify this parameter, the command displays LDAP client configurations using the specified base DN.

    [-base-scope {base|onelevel|subtree}] - Base Search Scope

    If you specify this parameter, the command displays LDAP client configurations using the specified base search scope.

    [-user-dn <ldap_dn>] - User DN

    If you specify this parameter, the command displays LDAP client configurations using the specified user DN.

    [-user-scope {base|onelevel|subtree}] - User Search Scope

    If you specify this parameter, the command displays LDAP client configurations using the specified user search scope.

    [-group-dn <ldap_dn>] - Group DN

    If you specify this parameter, the command displays LDAP client configurations using the specified group DN.

    [-group-scope {base|onelevel|subtree}] - Group Search Scope

    If you specify this parameter, the command displays LDAP client configurations using the specified group search scope.

    [-netgroup-dn <ldap_dn>] - Netgroup DN

    If you specify this parameter, the command displays LDAP client configurations using the specified netgroup DN.

    [-netgroup-scope {base|onelevel|subtree}] - Netgroup Search Scope

    If you specify this parameter, the command displays LDAP client configurations using the specified netgroup search scope.

    [-is-owner {true|false}] - Vserver Owns Configuration

    If you set this parameter to true, the command displays LDAP client configurations with the Vservers which own them.

    [-use-start-tls {true|false}] - Use start-tls Over LDAP Connections

    This parameter specifies whether or not to use Start TLS over LDAP connections. When enabled, the communication between the Data ONTAP LDAP Client and the LDAP Server will be encrypted using Start TLS. Start TLS is a mechanism to provide secure communication by using the TLS/SSL protocols. If you do not specify this parameter, the default is false .

    [-is-netgroup-byhost-enabled {true|false}] - Enable Netgroup-By-Host Lookup

    If you set this parameter to true, the command displays LDAP client configurations for which netgroup-by-host lookup is enabled.

    [-netgroup-byhost-dn <ldap_dn>] - Netgroup-By-Host DN

    If you specify this parameter, the command displays LDAP client configurations using the specified netgroup-by-host DN.

    [-netgroup-byhost-scope {base|onelevel|subtree}] - Netgroup-By-Host Scope

    If you specify this parameter, the command displays LDAP client configurations using the specified netgroup-by-host search scope.

    [-session-security {none|sign|seal}] - Client Session Security

    If this parameter is set to seal, the command displays LDAP client configurations where both signing and sealing are required for LDAP communications. If set to sign, the command displays LDAP client configurations where only signing is required for LDAP communications. If set to none, the command displays LDAP client configurations where no security is required for LDAP communications.

    [-referral-enabled {true|false}] - LDAP Referral Chasing

    If you specify this parameter, the command displays information about LDAP referral configurations using the specified client.

    [-group-membership-filter <text>] - Group Membership Filter

    If you specify this parameter, the command displays LDAP client configurations using the specified group-membership filter.

    [-ldaps-enabled {true|false}] - Is LDAPS Enabled

    If you specify this parameter, the command displays LDAP client configurations using the specified value of this parameter.

    [-try-channel-binding {true|false}] - Try Channel Binding

    If you specify this parameter, the command displays LDAP client configurations using the specified channel binding.

    Examples

    The following example shows a summary of all of the LDAP client configurations available for Vserver vs1 :

    cluster1::> vserver services name-service ldap client show -vserver vs1
    Vserver    Client        LDAP             Active Directory            Minimum
               Configuration Servers          Domain           Schema     Bind Level
    ---------- ------------- ---------------- ---------------- ---------- ----------
    vs1        corp          ldapserver.      -                RFC-2307   anonymous
                             example.com
    vs1        corpnew       172.16.0.200     -                RFC-2307   simple
    Top of Page