Module netapp_ontap.resources.cluster_ldap
Copyright © 2023 NetApp Inc. All rights reserved.
This file has been automatically generated based on the ONTAP REST API documentation.
Overview
LDAP servers are used to centrally maintain user information. LDAP configurations must be set up
to look up information stored in the LDAP directory on the external LDAP servers. This API is used to retrieve and manage
cluster LDAP server configurations.
Examples
Retrieving the cluster LDAP information
The cluster LDAP GET request retrieves the LDAP configuration of the cluster.
The following example shows how a GET request is used to retrieve the cluster LDAP information:
from netapp_ontap import HostConnection
from netapp_ontap.resources import ClusterLdap
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = ClusterLdap()
resource.get()
print(resource)
ClusterLdap(
{
"schema": "ad_idmu",
"min_bind_level": "anonymous",
"base_dn": "dc=domainA,dc=example,dc=com",
"base_scope": "subtree",
"_links": {"self": {"href": "/api/security/authentication/cluster/ldap"}},
"session_security": "none",
"port": 389,
"servers": ["10.10.10.10", "domainB.example.com"],
"use_start_tls": True,
"try_channel_binding": True,
"bind_dn": "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com",
}
)
Creating the cluster LDAP configuration
The cluster LDAP POST operation creates an LDAP configuration for the cluster.
The following example shows how to issue a POST request with all of the fields specified:
from netapp_ontap import HostConnection
from netapp_ontap.resources import ClusterLdap
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = ClusterLdap()
resource.servers = ["10.10.10.10", "domainB.example.com"]
resource.schema = "ad_idmu"
resource.port = 389
resource.min_bind_level = "anonymous"
resource.bind_dn = "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com"
resource.bind_password = "abc"
resource.base_dn = "dc=domainA,dc=example,dc=com"
resource.base_scope = "subtree"
resource.use_start_tls = False
resource.session_security = "none"
resource.post(hydrate=True)
print(resource)
The following example shows how to issue a POST request with a number of optional fields not specified:
from netapp_ontap import HostConnection
from netapp_ontap.resources import ClusterLdap
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = ClusterLdap()
resource.port = 389
resource.bind_dn = "cn=Administrators,cn=users,dc=domainA,dc=example,dc=com"
resource.bind_password = "abc"
resource.base_dn = "dc=domainA,dc=example,dc=com"
resource.session_security = "none"
resource.post(hydrate=True)
print(resource)
Updating the cluster LDAP configuration
The cluster LDAP PATCH request updates the LDAP configuration of the cluster.
The following example shows how a PATCH request is used to update the cluster LDAP configuration:
from netapp_ontap import HostConnection
from netapp_ontap.resources import ClusterLdap
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = ClusterLdap()
resource.servers = ["55.55.55.55"]
resource.schema = "ad_idmu"
resource.port = 636
resource.use_start_tls = False
resource.patch()
Deleting the cluster LDAP configuration
The cluster LDAP DELETE request deletes the LDAP configuration of the cluster.
The following example shows how a DELETE request is used to delete the cluster LDAP configuration:
from netapp_ontap import HostConnection
from netapp_ontap.resources import ClusterLdap
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = ClusterLdap()
resource.delete()
Classes
class ClusterLdap (*args, **kwargs)
-
Allows interaction with ClusterLdap objects on the host
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Methods
def delete (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Deletes the LDAP configuration of the cluster.
Learn more
Send a deletion request to the host for this object.
Args
body
- The body of the delete request. This could be a Resource instance or a dictionary object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get (self, **kwargs) -> NetAppResponse
-
Retrieves the cluster LDAP configuration.
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Both mandatory and optional parameters of the LDAP configuration can be updated. IPv6 must be enabled if IPv6 family addresses are specified. Configuring more than one LDAP server is recommended to avoid a single point of failure. Both FQDNs and IP addresses are supported for the
servers
property. The LDAP servers are validated as part of this operation. LDAP validation fails in the following scenarios:
1. The server does not have LDAP installed. 2. The server is invalid. 3. The server is unreachable.Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
A cluster can have only one LDAP configuration. IPv6 must be enabled if IPv6 family addresses are specified.
Required properties
servers
- List of LDAP servers used for this client configuration.bind_dn
- Specifies the user that binds to the LDAP servers.base_dn
- Specifies the default base DN for all searches.
Recommended optional properties
schema
- Schema template name.port
- Port used to connect to the LDAP Servers.ldaps_enabled
- Specifies whether or not LDAPS is enabled.min_bind_level
- Minimum bind authentication level.bind_password
- Specifies the bind password for the LDAP servers.base_scope
- Specifies the default search scope for LDAP queries.use_start_tls
- Specifies whether or not to use Start TLS over LDAP connections.session_security
- Specifies the level of security to be used for LDAP communications.bind_as_cifs_server
- Indicates if CIFS server's credentials are used to bind to the LDAP server.query_timeout
- Maximum time to wait for a query response from the LDAP server, in seconds.user_dn
- User Distinguished Name (DN) used as the starting point in the LDAP directory tree for user lookups.user_scope
- Default search scope for LDAP for user lookups.group_dn
- Group Distinguished Name (DN) used as the starting point in the LDAP directory tree for group lookups.group_scope
- Default search scope for LDAP for group lookups.netgroup_dn
- Netgroup Distinguished Name (DN) used as the starting point in the LDAP directory tree for netgroup lookups.netgroup_scope
- Default search scope for LDAP for netgroup lookups.netgroup_byhost_dn
- Netgroup Distinguished Name (DN) used as the starting point in the LDAP directory tree for netgroup by host lookups.netgroup_byhost_scope
- Default search scope for LDAP for netgroup by host lookups.is_netgroup_byhost_enabled
- Specifies whether netgroup by host querying is enabled.group_membership_filter
- Custom filter used for group membership lookup from an LDAP server.skip_config_validation
- Indicates whether or not the validation for the specified LDAP configuration is disabled.
Default property values
schema
- RFC-2307port
- 389ldaps_enabled
- falsemin_bind_level
- simplebase_scope
- subtreeuse_start_tls
- falsesession_security
- nonequery_timeout
- 3user_scope
- subtreegroup_scope
- subtreenetgroup_scope
- subtreenetgroup_byhost_scope
- subtreeis_netgroup_byhost_enabled
- falseskip_config_validation
- falsetry_channel_binding
- true
Configuring more than one LDAP server is recommended to avoid a single point of failure. Both FQDNs and IP addresses are supported for theservers
property. The LDAP servers are validated as part of this operation. LDAP validation fails in the following scenarios:- The server does not have LDAP installed.
- The server is invalid.
- The server is unreachable.
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class ClusterLdapSchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)
-
The fields of the ClusterLdap object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.base.SchemaABC
Class variables
-
base_dn: str GET POST PATCH
-
Specifies the default base DN for all searches.
-
base_scope: str GET POST PATCH
-
Specifies the default search scope for LDAP queries:
- base - search the named entry only
- onelevel - search all entries immediately below the DN
- subtree - search the named DN entry and the entire subtree below the DN
Valid choices:
- base
- onelevel
- subtree
-
bind_as_cifs_server: bool GET POST PATCH
-
Specifies whether or not CIFS server's credentials are used to bind to the LDAP server.
-
bind_dn: str GET POST PATCH
-
Specifies the user that binds to the LDAP servers.
-
bind_password: str POST PATCH
-
Specifies the bind password for the LDAP servers.
-
group_dn: str GET POST PATCH
-
Specifies the group Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for group lookups.
-
group_membership_filter: str GET POST PATCH
-
Specifies the custom filter used for group membership lookups from an LDAP server.
-
group_scope: str GET POST PATCH
-
Specifies the default search scope for LDAP for group lookups:
- base - search the named entry only
- onelevel - search all entries immediately below the DN
- subtree - search the named DN entry and the entire subtree below the DN
Valid choices:
- base
- onelevel
- subtree
-
is_netgroup_byhost_enabled: bool GET POST PATCH
-
Specifies whether or not netgroup by host querying is enabled.
-
is_owner: bool GET
-
Specifies whether or not the SVM owns the LDAP client configuration.
-
ldaps_enabled: bool GET POST PATCH
-
Specifies whether or not LDAPS is enabled.
-
links: SelfLink GET
-
The links field of the cluster_ldap.
-
min_bind_level: str GET POST PATCH
-
The minimum bind authentication level. Possible values are:
- anonymous - anonymous bind
- simple - simple bind
- sasl - Simple Authentication and Security Layer (SASL) bind
Valid choices:
- anonymous
- simple
- sasl
-
netgroup_byhost_dn: str GET POST PATCH
-
Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup by host lookups.
-
netgroup_byhost_scope: str GET POST PATCH
-
Specifies the default search scope for LDAP for netgroup by host lookups:
- base - search the named entry only
- onelevel - search all entries immediately below the DN
- subtree - search the named DN entry and the entire subtree below the DN
Valid choices:
- base
- onelevel
- subtree
-
netgroup_dn: str GET POST PATCH
-
Specifies the netgroup Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for netgroup lookups.
-
netgroup_scope: str GET POST PATCH
-
Specifies the default search scope for LDAP for netgroup lookups:
- base - search the named entry only
- onelevel - search all entries immediately below the DN
- subtree - search the named DN entry and the entire subtree below the DN
Valid choices:
- base
- onelevel
- subtree
-
port: Size GET POST PATCH
-
The port used to connect to the LDAP Servers.
Example: 389
-
query_timeout: Size GET POST PATCH
-
Specifies the maximum time to wait for a query response from the LDAP server, in seconds.
-
schema: str GET POST PATCH
-
The name of the schema template used by the SVM.
- AD-IDMU - Active Directory Identity Management for UNIX
- AD-SFU - Active Directory Services for UNIX
- MS-AD-BIS - Active Directory Identity Management for UNIX
- RFC-2307 - Schema based on RFC 2307
- Custom schema
-
servers: List[str] GET POST PATCH
-
The servers field of the cluster_ldap.
-
session_security: str GET POST PATCH
-
Specifies the level of security to be used for LDAP communications:
- none - no signing or sealing
- sign - sign LDAP traffic
- seal - seal and sign LDAP traffic
Valid choices:
- none
- sign
- seal
-
skip_config_validation: bool POST PATCH
-
Indicates whether or not the validation for the specified LDAP configuration is disabled.
-
status: LdapStatus GET POST PATCH
-
The status field of the cluster_ldap.
-
try_channel_binding: bool GET POST PATCH
-
Specifies whether or not channel binding is attempted in the case of TLS/LDAPS.
-
use_start_tls: bool GET POST PATCH
-
Specifies whether or not to use Start TLS over LDAP connections.
-
user_dn: str GET POST PATCH
-
Specifies the user Distinguished Name (DN) that is used as the starting point in the LDAP directory tree for user lookups.
-
user_scope: str GET POST PATCH
-
Specifies the default search scope for LDAP for user lookups:
- base - search the named entry only
- onelevel - search all entries immediately below the DN
- subtree - search the named DN entry and the entire subtree below the DN
Valid choices:
- base
- onelevel
- subtree