ONTAP 9.14.1 commands

vserver services name-service ldap client show

Display LDAP client configurations

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver services name-service ldap client show command displays information about LDAP client configurations which a Vserver can be associated with. An LDAP client configuration created by a Vserver’s administrator or by the cluster administrator for the Vserver is owned by the Vserver. A cluster-wide LDAP client configuration is created by a cluster administrator by specifying the admin Vserver’s name as a value to the -vserver parameter. In addition to its owned LDAP client configurations, a Vserver can be associated with such cluster-wide LDAP client configurations.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <Vserver Name>] - Vserver

If you specify this parameter, the command displays all LDAP client configurations that can be associated with the specified Vserver. A data Vserver or admin Vserver can be specified.

[-client-config <text>] - Client Configuration Name

If you specify this parameter, the command displays information about the LDAP client configuration you specify.

[-ldap-servers <text>,…​] - LDAP Server List

If you specify this parameter, the command displays LDAP client configurations using the specified list of LDAP servers.

[-servers <IP Address>,…​] - (DEPRECATED)-LDAP Server List

(DEPRECATED)-If you specify this parameter, the command displays LDAP client configurations using the specified list of LDAP servers.

[-ad-domain <TextNoCase>] - Active Directory Domain

If you specify this parameter, the command displays LDAP client configurations using the specified domain to discover their list of LDAP servers.

[-preferred-ad-servers <IP Address>,…​] - Preferred Active Directory Servers

If you specify this parameter, the command displays LDAP client configurations using the specified list of preferred servers.

[-restrict-discovery-to-site {true|false}] - Restrict discovery to site scope

If you specify this parameter, the command displays only the LDAP client configurations that do site-scope discovery.

[-bind-as-cifs-server {true|false}] - Bind Using the Vserver’s CIFS Credentials

If you specify this parameter, the command displays LDAP client configurations that bind using CIFS server credentials. If the CIFS server is in workgroup mode, the value of this parameter should be false.

[-schema <text>] - Schema Template

If you specify this parameter, the command displays LDAP client configurations using the specified schema.

[-port <integer>] - LDAP Server Port

If you specify this parameter, the command displays LDAP client configurations using the specified server port.

[-query-timeout <integer>] - Query Timeout (sec)

If you specify this parameter, the command displays LDAP client configurations using the specified query timeout (in seconds).

[-min-bind-level {anonymous|simple|sasl}] - Minimum Bind Authentication Level

If you specify this parameter, the command displays LDAP client configurations using the specified minimum bind level.

[-bind-dn <ldap_dn>] - Bind DN (User)

If you specify this parameter, the command displays LDAP client configurations using the specified bind DN.

[-base-dn <ldap_dn>] - Base DN

If you specify this parameter, the command displays LDAP client configurations using the specified base DN.

[-base-scope {base|onelevel|subtree}] - Base Search Scope

If you specify this parameter, the command displays LDAP client configurations using the specified base search scope.

[-user-dn <ldap_dn>] - User DN

If you specify this parameter, the command displays LDAP client configurations using the specified user DN.

[-user-scope {base|onelevel|subtree}] - User Search Scope

If you specify this parameter, the command displays LDAP client configurations using the specified user search scope.

[-group-dn <ldap_dn>] - Group DN

If you specify this parameter, the command displays LDAP client configurations using the specified group DN.

[-group-scope {base|onelevel|subtree}] - Group Search Scope

If you specify this parameter, the command displays LDAP client configurations using the specified group search scope.

[-netgroup-dn <ldap_dn>] - Netgroup DN

If you specify this parameter, the command displays LDAP client configurations using the specified netgroup DN.

[-netgroup-scope {base|onelevel|subtree}] - Netgroup Search Scope

If you specify this parameter, the command displays LDAP client configurations using the specified netgroup search scope.

[-is-owner {true|false}] - Vserver Owns Configuration

If you set this parameter to true, the command displays LDAP client configurations with the Vservers which own them.

[-use-start-tls {true|false}] - Use start-tls Over LDAP Connections

This parameter specifies whether or not to use Start TLS over LDAP connections. When enabled, the communication between the Data ONTAP LDAP Client and the LDAP Server will be encrypted using Start TLS. Start TLS is a mechanism to provide secure communication by using the TLS/SSL protocols. If you do not specify this parameter, the default is false .

[-is-netgroup-byhost-enabled {true|false}] - Enable Netgroup-By-Host Lookup

If you set this parameter to true, the command displays LDAP client configurations for which netgroup-by-host lookup is enabled.

[-netgroup-byhost-dn <ldap_dn>] - Netgroup-By-Host DN

If you specify this parameter, the command displays LDAP client configurations using the specified netgroup-by-host DN.

[-netgroup-byhost-scope {base|onelevel|subtree}] - Netgroup-By-Host Scope

If you specify this parameter, the command displays LDAP client configurations using the specified netgroup-by-host search scope.

[-session-security {none|sign|seal}] - Client Session Security

If this parameter is set to seal, the command displays LDAP client configurations where both signing and sealing are required for LDAP communications. If set to sign, the command displays LDAP client configurations where only signing is required for LDAP communications. If set to none, the command displays LDAP client configurations where no security is required for LDAP communications.

[-referral-enabled {true|false}] - LDAP Referral Chasing

If you specify this parameter, the command displays information about LDAP referral configurations using the specified client.

[-group-membership-filter <text>] - Group Membership Filter

If you specify this parameter, the command displays LDAP client configurations using the specified group-membership filter.

[-ldaps-enabled {true|false}] - Is LDAPS Enabled

If you specify this parameter, the command displays LDAP client configurations using the specified value of this parameter.

[-try-channel-binding {true|false}] - Try Channel Binding

If you specify this parameter, the command displays LDAP client configurations using the specified channel binding.

Examples

The following example shows a summary of all of the LDAP client configurations available for Vserver vs1 :

cluster1::> vserver services name-service ldap client show -vserver vs1
Vserver    Client        LDAP             Active Directory            Minimum
           Configuration Servers          Domain           Schema     Bind Level
---------- ------------- ---------------- ---------------- ---------- ----------
vs1        corp          ldapserver.      -                RFC-2307   anonymous
                         example.com
vs1        corpnew       172.16.0.200     -                RFC-2307   simple
Top of Page