Module netapp_ontap.resources.cluster_ldap

Copyright © 2019 NetApp Inc. All rights reserved.

Overview

LDAP servers are used to centrally maintain user information. LDAP configurations must be set up to look up information stored in the LDAP directory on the external LDAP servers. This API is used to retrieve and manage cluster LDAP server configurations.

Examples

Retrieving the cluster LDAP information

The cluster LDAP GET operation retrieves the LDAP configuration of the cluster.
The following example shows how a GET operation is used to retrieve the cluster LDAP information:

# The API:
/api/security/authentication/cluster/ldap
# The call:
curl -X GET "https://<mgmt-ip>/api/security/authentication/cluster/ldap" -H "accept: application/hal+json"
# The response:
{
  "servers": [
    "10.10.10.10",
    "domainB.example.com"
  ],
  "schema": "ad_idmu",
  "port": 389,
  "min_bind_level": "anonymous",
  "bind_dn": "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com",
  "base_dn": "dc=domainA,dc=example,dc=com",
  "base_scope": "subtree",
  "use_start_tls": true,
  "session_security": "none",
  "_links": {
    "self": {
      "href": "/api/security/authentication/cluster/ldap"
    }
  }
}

Creating the cluster LDAP configuration

The cluster LDAP POST operation creates an LDAP configuration for the cluster.
The following example shows how to issue a POST request with all of the fields specified:

# The API:
/api/security/authentication/cluster/ldap
# The call:
curl -X POST "https://<mgmt-ip>/api/security/authentication/cluster/ldap" -H "accept: application/hal+json" -H "Content-Type: application/json" -d "{ \"servers\": [ \"10.10.10.10\"\, \"domainB.example.com\" ], \"schema\": \"ad_idmu\", \"port\": 389, \"min_bind_level\": \"anonymous\", \"bind_dn\": \"cn=Administrators,cn=users,dc=domainA,dc=example,dc=com\", \"bind_password\": \"abc\", \"base_dn\": \"dc=domainA,dc=example,dc=com\", \"base_scope\": \"subtree\", \"use_start_tls\": false, \"session_security\": \"none\"}"

The following example shows how to issue a POST request with a number of optional fields not specified:

# The API:
/api/security/authentication/cluster/ldap
# The call:
curl -X POST "https://<mgmt-ip>/api/security/authentication/cluster/ldap" -H "accept: application/hal+json" -H "Content-Type: application/json" -d "{ \"port\": 389, \"bind_dn\": \"cn=Administrators,cn=users,dc=domainA,dc=example,dc=com\", \"bind_password\": \"abc\", \"base_dn\": \"dc=domainA,dc=example,dc=com\", \"session_security\": \"none\"}"

Updating the cluster LDAP configuration

The cluster LDAP PATCH operation updates the LDAP configuration of the cluster.
The following example shows how a PATCH operation is used to update the cluster LDAP configuration:

# The API:
/api/security/authentication/cluster/ldap
# The call:
curl -X PATCH "https://<mgmt-ip>/api/security/authentication/cluster/ldap" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"servers\": [ \"55.55.55.55\" ], \"schema\": \"ad_idmu\", \"port\": 636, \"use_start_tls\": false }"

Deleting the cluster LDAP configuration

The cluster LDAP DELETE operation deletes the LDAP configuration of the cluster.
The following example shows how a DELETE operation is used to delete the cluster LDAP configuration:

# The API:
/api/security/authentication/cluster/ldap
# The call:
curl -X DELETE "https://<mgmt-ip>/api/security/authentication/cluster/ldap" -H "accept: application/hal+json"

Classes

class ClusterLdap (*args, **kwargs)

Allows interaction with ClusterLdap objects on the host

Initialize the instance of the resource.

Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:

MyResource(name='foo').name == 'foo'

Args

*args
Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.

Ancestors

Methods

def delete(self, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

The DELETE operation removes the LDAP configuration of the cluster.

Learn more


Send a deletion request to the host for this object.

Args

poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def get(self, **kwargs) -> NetAppResponse

Retrieves the cluster LDAP configuration.

Learn more


Fetch the details of the object from the host.

Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

Both mandatory and optional parameters of the LDAP configuration can be updated. IPv6 must be enabled if IPv6 family addresses are specified. Configuring more than one LDAP server is recommended to avoid a single point of failure. Both FQDNs and IP addresses are supported for the 'servers' field. The LDAP servers are validated as part of this operation. LDAP validation fails in the following scenarios:
1. The server does not have LDAP installed. 2. The server is invalid. 3. The server is unreachable

Learn more


Send the difference in the object's state to the host as a modification request.

Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse

A cluster can have only one LDAP configuration. IPv6 must be enabled if IPv6 family addresses are specified. The following parameters are optional: - schema - port - min_bind_level - bind_password - base_scope - use_start_tls - session_security Configuring more than one LDAP server is recommended to avoid a single point of failure. Both FQDNs and IP addresses are supported for the 'servers' field. The LDAP servers are validated as part of this operation. LDAP validation fails in the following scenarios:
1. The server does not have LDAP installed. 2. The server is invalid. 3. The server is unreachable.

Learn more


Send this object to the host as a creation request.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Inherited members

class ClusterLdapSchema (only=None, exclude=(), many=False, context=None, load_only=(), dump_only=(), partial=False, unknown=None)

The fields of the ClusterLdap object

Ancestors

  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.schema.BaseSchema
  • marshmallow.base.SchemaABC

Class variables

var base_dn

Specifies the default base DN for all searches.

var base_scope

Specifies the default search scope for LDAP queries:

  • base - search the named entry only
  • onelevel - search all entries immediately below the DN
  • subtree - search the named DN entry and the entire subtree below the DN

Valid choices:

  • base
  • onelevel
  • subtree
var bind_dn

Specifies the user that binds to the LDAP servers.

var bind_password

Specifies the bind password for the LDAP servers.

The links field of the cluster_ldap.

var min_bind_level

The minimum bind authentication level. Possible values are:

  • anonymous - anonymous bind
  • simple - simple bind
  • sasl - Simple Authentication and Security Layer (SASL) bind

Valid choices:

  • anonymous
  • simple
  • sasl
var opts
var port

The port used to connect to the LDAP Servers.

Example: 389

var schema

The name of the schema template used by the SVM.

  • AD-IDMU - Active Directory Identity Management for UNIX
  • AD-SFU - Active Directory Services for UNIX
  • MS-AD-BIS - Active Directory Identity Management for UNIX
  • RFC-2307 - Schema based on RFC 2307
  • Custom schema
var servers

The servers field of the cluster_ldap.

var session_security

Specifies the level of security to be used for LDAP communications:

  • none - no signing or sealing
  • sign - sign LDAP traffic
  • seal - seal and sign LDAP traffic

Valid choices:

  • none
  • sign
  • seal
var use_start_tls

Specifies whether or not to use Start TLS over LDAP connections.