Module netapp_ontap.resources.ldap_service
Copyright © 2019 NetApp Inc. All rights reserved.
Overview
LDAP servers are used to centrally maintain user information. LDAP configurations must be set up to lookup information stored in the LDAP directory on the external LDAP servers. This API is used to retrieve and manage LDAP server configurations.
Retrieving LDAP information
The LDAP GET endpoint retrieves all of the LDAP configurations in the cluster.
Examples
Retrieving all of the fields for all LDAP configurations
# The API:
/api/name-services/ldap
# The call:
curl -X GET "https://<mgmt-ip>/api/name-services/ldap?fields=*" -H "accept: application/hal+json"
# The response:
{
"records": [
{
"svm": {
"uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
"name": "vs1"
"_links": {
"self": {
"href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"
}
}
},
"servers": [
"10.10.10.10",
"domainB.example.com"
],
"schema": "ad_idmu",
"port": 389,
"min_bind_level": "anonymous",
"bind_dn": "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com",
"base_dn": "dc=domainA,dc=example,dc=com",
"base_scope": "subtree",
"use_start_tls": true,
"session_security": "none",
"_links": {
"self": {
"href": "/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1"
}
}
},
{
"svm": {
"uuid": "6a52023b-7066-11e8-b9b8-005056b41bd1",
"name": "vs2"
"_links": {
"self": {
"href": "/api/svm/svms/6a52023b-7066-11e8-b9b8-005056b41bd1"
}
}
},
"servers": [
"11.11.11.11"
],
"schema": "rfc_2307",
"port": 389,
"min_bind_level": "simple",
"bind_dn": "cn=Administrators,cn=users,dc=domainB,dc=example,dc=com",
"base_dn": "dc=domainB,dc=example,dc=com",
"base_scope": "subtree",
"use_start_tls": true,
"session_security": "sign",
"_links": {
"self": {
"href": "/api/name-services/ldap/6a52023b-7066-11e8-b9b8-005056b41bd1"
}
}
}
],
"num_records": 2,
"_links": {
"self": {
"href": "/api/name-services/ldap?fields=*"
}
}
}
Retrieving all of the LDAP configurations that have the use_start_tls set to true
# The API:
/api/name-services/ldap
# The call:
curl -X GET "https://<mgmt-ip>/api/name-services/ldap?use_start_tls=true" -H "accept: application/hal+json"
# The response:
{
"records": [
{
"svm": {
"uuid": "6a52023b-7066-11e8-b9b8-005056b41bd1",
"name": "vs2"
"_links": {
"self": {
"href": "/api/svm/svms/6a52023b-7066-11e8-b9b8-005056b41bd1"
}
}
},
"use_start_tls": true,
"_links": {
"self": {
"href": "/api/name-services/ldap/6a52023b-7066-11e8-b9b8-005056b41bd1"
}
}
}
],
"num_records": 1,
"_links": {
"self": {
"href": "/api/name-services/ldap?use_start_tls=true"
}
}
}
Retrieving the LDAP configuration of a specific SVM
# The API:
/api/name-services/ldap/{svm.uuid}
# The call:
curl -X GET "https://<mgmt-ip>/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1" -H "accept: application/json"
# The response:
{
"svm": {
"uuid": "179d3c85-7053-11e8-b9b8-005056b41bd1",
"name": "vs1"
"_links": {
"self": {
"href": "/api/svm/svms/179d3c85-7053-11e8-b9b8-005056b41bd1"
}
}
},
"servers": [
"10.10.10.10",
"domainB.example.com"
],
"schema": "ad_idmu",
"port": 389,
"min_bind_level": "anonymous",
"bind_dn": "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com",
"base_dn": "dc=domainA,dc=example,dc=com",
"base_scope": "subtree",
"use_start_tls": true,
"session_security": "none",
"_links": {
"self": {
"href": "/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1"
}
}
}
Creating an LDAP configuration
The LDAP POST endpoint creates an LDAP configuration for the specified SVM.
Examples
Creating an LDAP configuration with all the fields specified
# The API:
/api/name-services/ldap
# The call:
curl -X POST "https://<mgmt-ip>/api/name-services/ldap" -H "accept: application/hal+json" -H "Content-Type: application/json" -d "{ \"svm\": { \"uuid\": \"179d3c85-7053-11e8-b9b8-005056b41bd1\" }, \"servers\": [ \"10.10.10.10\"\, \"domainB.example.com\" ], \"schema\": \"ad_idmu\", \"port\": 389, \"min_bind_level\": \"anonymous\", \"bind_dn\": \"cn=Administrators,cn=users,dc=domainA,dc=example,dc=com\", \"bind_password\": \"abc\", \"base_dn\": \"dc=domainA,dc=example,dc=com\", \"base_scope\": \"subtree\", \"use_start_tls\": false, \"session_security\": \"none\"}"
Creating an LDAP configuration with Active Directory domain and preferred Active Directory servers specified
# The API:
/api/name-services/ldap
# The call:
curl -X POST "https://<mgmt-ip>/api/name-services/ldap" -H "accept: application/hal+json" -H "Content-Type: application/json" -d "{ \"svm\": { \"name\": \"vs2\" }, \"ad_domain\": \"domainA.example.com\", \"preferred_ad_servers\": [ \"11.11.11.11\" ], \"port\": 389, \"bind_dn\": \"cn=Administrators,cn=users,dc=domainA,dc=example,dc=com\", \"bind_password\": \"abc\", \"base_dn\": \"dc=domainA,dc=example,dc=com\", \"session_security\": \"none\"}"
Creating an LDAP configuration with a number of optional fields not specified
# The API:
/api/name-services/ldap
# The call:
curl -X POST "https://<mgmt-ip>/api/name-services/ldap" -H "accept: application/hal+json" -H "Content-Type: application/json" -d "{ \"svm\": { \"name\": \"vs2\" }, \"servers\": [ \"11.11.11.11\" ], \"port\": 389, \"bind_dn\": \"cn=Administrators,cn=users,dc=domainA,dc=example,dc=com\", \"bind_password\": \"abc\", \"base_dn\": \"dc=domainA,dc=example,dc=com\", \"session_security\": \"none\"}"
Updating an LDAP configuration
The LDAP PATCH endpoint updates the LDAP configuration for the specified SVM. The following example shows a PATCH operation:
# The API:
/api/name-services/ldap/{svm.uuid}
# The call:
curl -X PATCH "https://<mgmt-ip>/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"servers\": [ \"55.55.55.55\" ], \"schema\": \"ad_idmu\", \"port\": 636, \"use_start_tls\": false }"
Deleting an LDAP configuration
The LDAP DELETE endpoint deletes the LDAP configuration for the specified SVM. The following example shows a DELETE operation:
# The API:
/api/name-services/ldap/{svm.uuid}
# The call:
curl -X DELETE "https://<mgmt-ip>/api/name-services/ldap/179d3c85-7053-11e8-b9b8-005056b41bd1" -H "accept: application/hal+json"
Classes
class LdapService (*args, **kwargs)
-
Allows interaction with LdapService objects on the host
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Static methods
def delete_collection(*args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Deletes the LDAP configuration of the specified SVM. LDAP can be removed as a source from the ns-switch if LDAP is not used as a source for lookups.
Learn more
Delete all objects in a collection which match the given query.
All records on the host which match the query will be deleted.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def find(*args, connection: HostConnection = None, **kwargs) -> Resource
-
Retrieves the LDAP configurations for all SVMs.
Learn more
Find an instance of an object on the host given a query.
The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found or if more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
Resource
object containing the details of the object.Raises
NetAppRestError
: If the API call did not return exactly 1 matching resource. def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> typing.Iterable
-
Retrieves the LDAP configurations for all SVMs.
Learn more
Fetch a list of all objects of this type from the host.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. max_records
- The maximum number of records to return per call
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A list of
Resource
objectsRaises
NetAppRestError
: If there is no connection available to use either passed in or on the library. def patch_collection(body: dict, *args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Updates an LDAP configuration of an SVM.
Important notes
- Both mandatory and optional parameters of the LDAP configuration can be updated.
- The LDAP servers and Active Directory domain are mutually exclusive fields. These fields cannot be empty. At any point in time, either the LDAP servers or Active Directory domain must be populated.
- IPv6 must be enabled if IPv6 family addresses are specified.
Configuring more than one LDAP server is recommended to avoid a sinlge point of failure. Both FQDNs and IP addresses are supported for the "servers" field. The Active Directory domain or LDAP servers are validated as part of this operation.
LDAP validation fails in the following scenarios: - The server does not have LDAP installed.
- The server or Active Directory domain is invalid.
- The server or Active Directory domain is unreachable
Learn more
Patch all objects in a collection which match the given query.
All records on the host which match the query will be patched with the provided body.
Args
body
- A dictionary of name/value pairs to set on all matching members of the collection.
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Methods
def delete(self, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Deletes the LDAP configuration of the specified SVM. LDAP can be removed as a source from the ns-switch if LDAP is not used as a source for lookups.
Learn more
Send a deletion request to the host for this object.
Args
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get(self, **kwargs) -> NetAppResponse
-
Retrieves LDAP configuration for an SVM. All parameters for the LDAP configuration are displayed by default.
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Updates an LDAP configuration of an SVM.
Important notes
- Both mandatory and optional parameters of the LDAP configuration can be updated.
- The LDAP servers and Active Directory domain are mutually exclusive fields. These fields cannot be empty. At any point in time, either the LDAP servers or Active Directory domain must be populated.
- IPv6 must be enabled if IPv6 family addresses are specified.
Configuring more than one LDAP server is recommended to avoid a sinlge point of failure. Both FQDNs and IP addresses are supported for the "servers" field. The Active Directory domain or LDAP servers are validated as part of this operation.
LDAP validation fails in the following scenarios: - The server does not have LDAP installed.
- The server or Active Directory domain is invalid.
- The server or Active Directory domain is unreachable
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Creates an LDAP configuration for an SVM.
Important notes
- Each SVM can have one LDAP configuration.
- The LDAP servers and Active Directory domain are mutually exclusive fields. These fields cannot be empty. At any point in time, either the LDAP servers or Active Directory domain must be populated.
- IPv6 must be enabled if IPv6 family addresses are specified.
The following parameters are optional:
- preferred AD servers
- schema
- port
- min_bind_level
- bind_password
- base_scope
- use_start_tls
- session_security
Configuring more than one LDAP server is recommended to avoid a single point of failure.
Both FQDNs and IP addresses are supported for the "servers" field.
The Acitve Directory domain or LDAP servers are validated as part of this operation.
LDAP validation fails in the following scenarios:
- The server does not have LDAP installed.
- The server or Active Directory domain is invalid.
- The server or Active Directory domain is unreachable.
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class LdapServiceSchema (only=None, exclude=(), many=False, context=None, load_only=(), dump_only=(), partial=False, unknown=None)
-
The fields of the LdapService object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.schema.BaseSchema
- marshmallow.base.SchemaABC
Class variables
var ad_domain
-
This parameter specifies the name of the Active Directory domain used to discover LDAP servers for use by this client. This is mutually exclusive with
servers
during POST and PATCH. var base_dn
-
Specifies the default base DN for all searches.
var base_scope
-
Specifies the default search scope for LDAP queries:
- base - search the named entry only
- onelevel - search all entries immediately below the DN
- subtree - search the named DN entry and the entire subtree below the DN
Valid choices:
- base
- onelevel
- subtree
var bind_dn
-
Specifies the user that binds to the LDAP servers.
var bind_password
-
Specifies the bind password for the LDAP servers.
var links
-
The links field of the ldap_service.
var min_bind_level
-
The minimum bind authentication level. Possible values are:
- anonymous - anonymous bind
- simple - simple bind
- sasl - Simple Authentication and Security Layer (SASL) bind
Valid choices:
- anonymous
- simple
- sasl
var opts
var port
-
The port used to connect to the LDAP Servers.
Example: 389
var preferred_ad_servers
-
The preferred_ad_servers field of the ldap_service.
var schema
-
The name of the schema template used by the SVM.
- AD-IDMU - Active Directory Identity Management for UNIX
- AD-SFU - Active Directory Services for UNIX
- MS-AD-BIS - Active Directory Identity Management for UNIX
- RFC-2307 - Schema based on RFC 2307
- Custom schema
var servers
-
The servers field of the ldap_service.
var session_security
-
Specifies the level of security to be used for LDAP communications:
- none - no signing or sealing
- sign - sign LDAP traffic
- seal - seal and sign LDAP traffic
Valid choices:
- none
- sign
- seal
var svm
-
The svm field of the ldap_service.
var use_start_tls
-
Specifies whether or not to use Start TLS over LDAP connections.