Active IQ Unified Manager Discussions

LDAP Configuration


Hello All,


I'm curious, is the LDAP setup for a Clusterd 9.x environment only done per SVM?


I got to believe you can setup LDAP for the login into the storage array somewhere.


Meaning, if you want to be able to access the storage array at  "<FQDN>/sysmgr/SysMgr.html" with your AD account, how is that done?


I notice when I go into the GUI and find the LDAP section under "Configuration > Serices" but it appears that section is only listing what has been setup somewhere else and it not editable.








You can add 'LDAP client configuration' at the Cluster level (Admin SVM) or the SVM level.

@Cluster Level: When you log-in, on the landing page, there is configuration tab next to 'Protection': It does give an option to add LDAP client.

We don't use LDAP, hence I cannot 100% comment on why it cannot be edited, but I see there is command for editing, which suggest its possible:

::> vserver services ldap client modify -client-config


Some useful kBs: (Check out this)


Well the first link you sent seems pretty easy but for whatever reason I can't seem to fins the small gear icon being called in within the steps for cluster level.


I'm running NetApp Release 9.2P3 but I wouldn't think that should make a difference.



  1. Add an LDAP client configuration by using one of the following methods:
    • Cluster level: click  > LDAP.
    • SVM level: click SVM > SVM Settings > LDAP Client.
  2. Click Add.
  3. Type the name of the LDAP client.
  4. Add either the Active Directory domain or the LDAP server.
  5. Click  (advanced options), select the Schema, and click Apply.
  6. Specify the Base DN and TCP Port.
  7. Click Binding, and then specify the authentication details.
  8. Click Save and Close.
  9. Verify that the LDAP client that you added is displayed.


Yes, it should be fairly straight forward. The GUI could be different for 9.2. You can even do it via CLI. I think there is lot of documentation for ontap 9 around it. If you cannot find it, could you send me the screenshot where you are looking at ?


I would think it would be the same as well. 


I'm easing my way into the CLI as I'm still learning NetApp storage. I would send a screenshot but I'm simply lpooking at the opening landing page for NetApp GUI.


Let's just say I was going to set it up using CLI - from what I gaher it's just teh following. Adding the LDAP URI (server) and then enabling LDAP for cluster.


That seems to be what I have found.


Add Servers:

cluster1::> vserver services name-service ldap client create
-vserver cluster1 -client-config corp -servers,


Enable LDAP:

cluster1::> vserver services name-service ldap create
-vserver cluster1 -client-config corp -client-enabled true


I asl ohave some 8.x cluster to make the change for and that I have not found the command syntax yet.


No worries. Give it a try and if you need any information let us know.


How to set up and configure LDAP for Clustered Data ONTAP 8.x


Do you have the steps for 9.x or is it the same as 8.x?


Please take a look a these links:


How to configure LDAP Authentication for Cluster (Admin) SVM (9/9.1/9.2)

How to authenticate clustered Data ONTAP administrators against an LDAP or NIS server (8,8.2,8.3)


Using LDAP (ontap 9.x)


Why are there so many links to just configure LDAP? They all slightly look differnt as well. I simply want to allow AD users to log into the storage arrays. Also, what is the nsswitch for and why is this needed?


I guess just tell me this, is we only want cluster level LDAP enabled, then we must use the "Admin" SVM correct?


I assume you already have at least one SVM joined to AD?

If yes, then it should be as simple as:
1) Create a domain tunnel with "security login domain-tunnel create"
2) Allow users or groups to login to your cluster by executing "security login create" with "-authentication-method" paremeter set to "domain". On admin SVM in your case, yes.

Hope that helps.


I have all of my SVM's joined to AD but they are not setup for LDAP. 


I simply want users to be able to login into the storage array "sysmgr" and that's it. I don't want LDAP "per" SVM, only at the cluster. 


Sp the stpoes you mentioned wouldn't apply to me.  The point of LDAP is using Security Groups, not individual users and that's what the commandyou provided seems to do.


"security login create" works fine with AD groups. Including the cluster level / admin SVM.
Try to do what I suggested and let us know if you get stuck.


Well, I'm trying to run it but on my 8.2 I can't get into advanced mode by running "set -privilege advanced". Which is weird.


Nevermind I got it in advanced mode. Now let's see if all the rest works.


🙂 even takes shortcut , for example :

::> set adv

Warning: These advanced commands are potentially dangerous; use them only when
directed to do so by NetApp personnel.
Do you want to continue? {y|n}:


Well, I can't find the admin vserver. The "vserver show" command seems to not exist. So I'm stuck there actually. This 8.x is extermely differnt from 9.x and most of the documentation online for 8.x commands don't really work which is odd.


vserver show should be there.


Is it possible for you to show us the screenshot.


admin vserver is simply your 'cluster_name'.   We call it vserver 'type' as 'Admin'.


here is the screenshot.




I have 2 things going on here.


1. I need to configure LDAP for 8.2 ONTAP.


2. I need to configure LDAP for 9.3 ONTAP.


The commands for security login create I'm sure will work for 9.3, but they don't seem to be working for 8.2.




Keep in mind when I log into the CLI for 8.2 I use "root". Never have I been able to login as "admin". Could that be the reason I don't see th correct commands?


How do I see and/or change the "admin" password if so, beacuse I have no clue what it is, that was before my time when this cluster was setup.


Omg...that's last version of the 7- mode ontap.