Skip to main content

Creating a new LDAP client schema

If the LDAP schema in your environment differs from the ONTAP defaults, you must create a new LDAP client schema for ONTAP before creating the LDAP client configuration.

About this task

Most LDAP servers can use the default schemas provided by ONTAP:

  • MS-AD-BIS (the preferred schema for most Windows 2012 and later AD servers)
  • AD-IDMU (Windows 2008, Windows 2012 and later AD servers)
  • AD-SFU (Windows 2003 and earlier AD servers)
  • RFC-2307 (UNIX LDAP servers)

If you need to use a non-default LDAP schema, you must create it before creating the LDAP client configuration. Consult with your LDAP administrator before creating a new schema.

The default LDAP schemas provided by ONTAP cannot be modified. To create a new schema, you create a copy and then modify the copy accordingly.

  1. Display the existing LDAP client schema templates to identify the one you want to copy: vserver services name-service ldap client schema show
  2. Set the privilege level to advanced: set -privilege advanced
  3. Make a copy of an existing LDAP client schema: vserver services name-service ldap client schema copy -vserver vserver_name -schema existing_schema_name -new-schema-name new_schema_name
  4. Modify the new schema and customize it for your environment:vserver services name-service ldap client schema modify
  5. Return to the admin privilege level: set -privilege admin