- Notes, cautions, and warnings
- Introduction to this guide
- isi antivirus commands
- isi antivirus cava
- isi antivirus cava filters
- isi antivirus cava filters list
- isi antivirus cava filters modify
- isi antivirus cava filters view
- isi antivirus cava jobs
- isi antivirus cava jobs create
- isi antivirus cava jobs delete
- isi antivirus cava jobs list
- isi antivirus cava jobs modify
- isi antivirus cava jobs start
- isi antivirus cava jobs view
- isi antivirus cava servers
- isi antivirus cava servers create
- isi antivirus cava servers delete
- isi antivirus cava servers list
- isi antivirus cava servers modify
- isi antivirus cava servers view
- isi antivirus cava settings
- isi antivirus cava settings modify
- isi antivirus cava settings view
- isi antivirus cava status
- isi antivirus icap policies create
- isi antivirus icap policies delete
- isi antivirus icap policies list
- isi antivirus icap policies modify
- isi antivirus icap policies start
- isi antivirus icap policies view
- isi antivirus icap settings modify
- isi antivirus icap settings view
- isi antivirus icap servers create
- isi antivirus icap servers delete
- isi antivirus icap servers list
- isi antivirus icap servers view
- isi antivirus icap servers modify
- isi antivirus quarantine
- isi antivirus release
- isi antivirus reports delete
- isi antivirus reports scans list
- isi antivirus reports scans view
- isi antivirus reports threats list
- isi antivirus reports threats view
- isi antivirus scan
- isi audit commands
- isi audit certificates syslog delete
- isi audit certificates syslog import
- isi audit certificates syslog list
- isi audit certificates syslog modify
- isi audit certificates syslog view
- isi audit progress global view
- isi audit progress view
- isi audit settings global modify
- isi audit settings global view
- isi audit settings modify
- isi audit settings view
- isi audit topics list
- isi audit topics modify
- isi audit topics view
- isi auth commands
- isi auth access
- isi auth ads create
- isi auth ads delete
- isi auth ads list
- isi auth ads modify
- isi auth ads spn check
- isi auth ads spn create
- isi auth ads spn delete
- isi auth ads spn fix
- isi auth ads spn list
- isi auth ads trusts controllers list
- isi auth ads trusts list
- isi auth ads view
- isi auth duo modify
- isi auth error
- isi auth file create
- isi auth file delete
- isi auth file list
- isi auth file modify
- isi auth file view
- isi auth groups create
- isi auth groups delete
- isi auth groups flush
- isi auth groups list
- isi auth groups members list
- isi auth groups modify
- isi auth groups view
- isi auth id
- isi auth krb5 create
- isi auth krb5 delete
- isi auth krb5 domain create
- isi auth krb5 domain delete
- isi auth krb5 domain list
- isi auth krb5 domain modify
- isi auth krb5 domain view
- isi auth krb5 list
- isi auth krb5 realm create
- isi auth krb5 realm delete
- isi auth krb5 realm list
- isi auth krb5 realm modify
- isi auth krb5 realm view
- isi auth krb5 spn check
- isi auth krb5 spn create
- isi auth krb5 spn delete
- isi auth krb5 spn fix
- isi auth krb5 spn import
- isi auth krb5 spn list
- isi auth krb5 view
- isi auth ldap create
- isi auth ldap delete
- isi auth ldap list
- isi auth ldap modify
- isi auth ldap view
- isi auth local list
- isi auth local modify
- isi auth local view
- isi auth log-level modify
- isi auth log-level view
- isi auth mapping create
- isi auth mapping delete
- isi auth mapping dump
- isi auth mapping flush
- isi auth mapping import
- isi auth mapping list
- isi auth mapping modify
- isi auth mapping token
- isi auth mapping view
- isi auth netgroups view
- isi auth nis create
- isi auth nis delete
- isi auth nis list
- isi auth nis modify
- isi auth nis view
- isi auth privileges
- isi auth refresh
- isi auth roles create
- isi auth roles delete
- isi auth roles list
- isi auth roles members list
- isi auth roles modify
- isi auth roles privileges list
- isi auth roles view
- isi auth settings acls modify
- isi auth settings acls view
- isi auth settings global modify
- isi auth settings global view
- isi auth settings krb5 modify
- isi auth settings krb5 view
- isi auth settings mapping modify
- isi auth settings mapping view
- isi auth sso idps create
- isi auth sso idps delete
- isi auth sso idps list
- isi auth sso idps modify
- isi auth sso idps view
- isi auth sso settings modify
- isi auth sso settings view
- isi auth sso sp
- isi auth sso sp modify
- isi auth sso sp signing-key
- isi auth sso sp signing-key dump
- isi auth sso sp signing-key rekey
- isi auth sso sp signing-key status
- isi auth sso sp signing-key settings
- isi auth sso sp signing-key settings modify
- isi auth sso sp signing-key settings view
- isi auth sso sp view
- isi auth status
- isi auth users change-password
- isi auth users create
- isi auth users delete
- isi auth users flush
- isi auth users list
- isi auth users modify
- isi auth users reset-password
- isi auth users view
- isi batterystatus commands
- isi certificate commands
- isi certificate authority delete
- isi certificate authority import
- isi certificate authority list
- isi certificate authority modify
- isi certificate authority view
- isi certificate server delete
- isi certificate server import
- isi certificate server list
- isi certificate server modify
- isi certificate server view
- isi certificate settings modify
- isi certificate settings view
- isi cloud commands
- isi cloud access add
- isi cloud access list
- isi cloud access remove
- isi cloud access view
- isi cloud accounts create
- isi cloud accounts delete
- isi cloud accounts list
- isi cloud accounts modify
- isi cloud accounts view
- isi cloud archive
- isi cloud certificates delete
- isi cloud certificates import
- isi cloud certificates list
- isi cloud certificates modify
- isi cloud certificates view
- isi cloud jobs cancel
- isi cloud jobs create
- isi cloud jobs files list
- isi cloud jobs list
- isi cloud jobs pause
- isi cloud jobs resume
- isi cloud jobs view
- isi cloud pools create
- isi cloud pools delete
- isi cloud pools list
- isi cloud pools modify
- isi cloud pools view
- isi cloud proxies create
- isi cloud proxies delete
- isi cloud proxies list
- isi cloud proxies modify
- isi cloud proxies view
- isi cloud recall
- isi cloud restore_coi
- isi cloud settings modify
- isi cloud settings regenerate-encryption-key
- isi cloud settings view
- isi cluster commands
- isi cluster atime modify
- isi cluster atime view
- isi cluster config
- isi cluster config exports
- isi cluster config exports create
- isi cluster config exports list
- isi cluster config exports view
- isi cluster config imports
- isi cluster config imports create
- isi cluster config imports list
- isi cluster config imports view
- isi cluster config lock
- isi cluster config lock modify
- isi cluster config lock view
- isi cluster contact modify
- isi cluster contact view
- isi cluster encoding list
- isi cluster encoding modify
- isi cluster encoding view
- isi cluster identity modify
- isi cluster identity view
- isi cluster internal-networks modify
- isi cluster internal-networks view
- isi cluster join-mode modify
- isi cluster join-mode view
- isi cluster lnnset modify
- isi cluster lnnset view
- isi cluster reboot
- isi cluster shutdown
- isi cluster time modify
- isi cluster time view
- isi cluster time timezone modify
- isi cluster time timezone view
- isi compression commands
- isi config
- isi config-catalog
- isi dedupe
- isi device
- isi devices add
- isi devices config modify
- isi devices config view
- isi devices drive add
- isi devices drive firmware list
- isi devices drive firmware update list
- isi devices drive firmware update start
- isi devices drive firmware update view
- isi devices drive firmware view
- isi devices format
- isi devices list
- isi devices node add
- isi devices node list
- isi devices node smartfail
- isi devices node stopfail
- isi devices purpose
- isi devices purposelist
- isi devices smartfail
- isi devices stopfail
- isi devices suspend
- isi devices view
- isi diagnostics
- isi diagnostics gather settings modify
- isi diagnostics gather settings view
- isi diagnostics gather start
- isi diagnostics gather status
- isi diagnostics gather stop
- isi diagnostics netlogger settings modify
- isi diagnostics netlogger settings view
- isi diagnostics netlogger start
- isi diagnostics netlogger status
- isi diagnostics netlogger stop
- isi dm commands
- isi dm accounts
- isi dm accounts create
- isi dm accounts delete
- isi dm accounts list
- isi dm accounts modify
- isi dm accounts view
- isi dm base-policies
- isi dm base-policies create
- isi dm base-policies delete
- isi dm base-policies list
- isi dm base-policies modify
- isi dm base-policies view
- isi dm certificates
- isi dm datasets
- isi dm datasets list
- isi dm datasets view
- isi dm historical-jobs
- isi dm historical-jobs delete
- isi dm historial-jobs list
- isi dm jobs
- isi dm jobs list
- isi dm jobs modify
- isi dm jobs view
- isi dm policies
- isi dm policies create
- isi dm policies delete
- isi dm policies list
- isi dm policies modify
- isi dm policies view
- isi dm throttling
- isi email
- isi esrs
- isi event
- isi event alerts create
- isi event alerts delete
- isi event alerts list
- isi event alerts modify
- isi event alerts view
- isi event categories list
- isi event channels create
- isi event channels delete
- isi event channels list
- isi event channels modify
- isi event channels test
- isi event channels view
- isi event events list
- isi event events view
- isi event groups bulk
- isi event groups gather
- isi event groups list
- isi event groups modify
- isi event groups view
- isi event maintenance list
- isi event maintenance modify
- isi event maintenance view
- isi event settings modify
- isi event settings view
- isi event suppress list
- isi event suppress modify
- isi event test create
- isi event thresholds list
- isi event thresholds modify
- isi event thresholds reset
- isi event thresholds view
- isi event types list
- isi fc
- isi file-filter
- isi filepool
- isi_for_array
- isi ftp
- isi_gather_info
- isi get
- isi hardening
- isi hdfs
- isi hdfs crypto encryption-zones create
- isi hdfs crypto settings modify
- isi hdfs crypto encryption-zones list
- isi hdfs crypto settings view
- isi hdfs fsimage job settings modify
- isi hdfs fsimage job settings view
- isi hdfs fsimage job view
- isi hdfs fsimage latest delete
- isi hdfs fsimage latest view
- isi hdfs fsimage settings modify
- isi hdfs fsimage settings view
- isi hdfs inotify settings modify
- isi hdfs inotify settings view
- isi hdfs inotify stream reset
- isi hdfs inotify stream view
- isi hdfs log-level modify
- isi hdfs log-level view
- isi hdfs proxyusers create
- isi hdfs proxyusers delete
- isi hdfs proxyusers list
- isi hdfs proxyusers members list
- isi hdfs proxyusers modify
- isi hdfs proxyusers view
- isi hdfs racks create
- isi hdfs racks delete
- isi hdfs racks list
- isi hdfs racks modify
- isi hdfs racks view
- isi hdfs ranger-plugin settings modify
- isi hdfs ranger-plugin settings view
- isi hdfs settings modify
- isi hdfs settings view
- isi http settings modify
- isi http settings view
- isi http
- isi healthcheck
- isi healthcheck checklists deliver
- isi healthcheck checklists history
- isi healthcheck checklists list
- isi healthcheck checklists view
- isi healthcheck definitions install
- isi healthcheck definitions list
- isi healthcheck definitions uninstall
- isi healthcheck definitions view
- isi healthcheck evaluations cancel
- isi healthcheck evaluations gather
- isi healthcheck evaluations list
- isi healthcheck evaluations pause
- isi healthcheck evaluations resume
- isi healthcheck evaluations run
- isi healthcheck evaluations view
- isi healthcheck items list
- isi healthcheck items view
- isi healthcheck parameters delete
- isi healthcheck parameters list
- isi healthcheck parameters set
- isi healthcheck parameters view
- isi ipmi
- isi job
- isi job events list
- isi job jobs cancel
- isi job jobs list
- isi job jobs modify
- isi job jobs pause
- isi job jobs resume
- isi job jobs start
- isi job jobs view
- isi job policies create
- isi job policies delete
- isi job policies list
- isi job policies modify
- isi job policies view
- isi job reports list
- isi job reports view
- isi job settings
- isi job settings modify
- isi job settings view
- isi job statistics view
- isi job status
- isi job types list
- isi job types modify
- isi job types view
- isi keymanager
- isi keymanager cluster list
- isi keymanager cluster rekey modify
- isi keymanager cluster rekey start
- isi keymanager cluster rekey view
- isi keymanager cluster status
- isi keymanager kmip servers create
- isi keymanager kmip servers delete
- isi keymanager kmip servers modify
- isi keymanager kmip servers list
- isi keymanager kmip servers view
- isi keymanager sed rekey modify
- isi keymanager sed rekey start
- isi keymanager sed rekey view
- isi keymanager sed status
- isi keymanager sed migrate local
- isi keymanager sed migrate retry
- isi keymanager sed migrate server
- isi keymanager sed settings modify
- isi keymanager sed settings view
- isi keymanager sed status
- isi license
- isi namelength
- isi ndmp
- isi ndmp contexts delete
- isi ndmp contexts list
- isi ndmp contexts view
- isi ndmp dumpdates delete
- isi ndmp dumpdates list
- isi ndmp sessions delete
- isi ndmp sessions list
- isi ndmp sessions view
- isi ndmp settings diagnostics modify
- isi ndmp settings diagnostics view
- isi ndmp settings global modify
- isi ndmp settings global view
- isi ndmp settings preferred-ips create
- isi ndmp settings preferred-ips delete
- isi ndmp settings preferred-ips list
- isi ndmp settings preferred-ips modify
- isi ndmp settings preferred-ips view
- isi ndmp settings variables create
- isi ndmp settings variables delete
- isi ndmp settings variables list
- isi ndmp settings variables modify
- isi ndmp users create
- isi ndmp users delete
- isi ndmp users list
- isi ndmp users modify
- isi ndmp users view
- isi network
- isi network dnscache flush
- isi network dnscache modify
- isi network dnscache view
- isi network external modify
- isi network external view
- isi network firewall reset-global-policy
- isi network firewall policies clone
- isi network firewall policies create
- isi network firewall policies delete
- isi network firewall policies list
- isi network firewall policies modify
- isi network firewall policies view
- isi network firewall rules create
- isi network firewall rules delete
- isi network firewall rules list
- isi network firewall rules modify
- isi network firewall rules view
- isi network firewall services list
- isi network firewall settings modify
- isi network firewall settings view
- isi network groupnets create
- isi network groupnets delete
- isi network groupnets list
- isi network groupnets modify
- isi network groupnets view
- isi network interfaces list
- isi network pools create
- isi network pools delete
- isi network pools list
- isi network pools modify
- isi network pools rebalance-ips
- isi network pools sc-resume-nodes
- isi network pools sc-suspend-nodes
- isi network pools status
- isi network pools view
- isi network rules create
- isi network rules delete
- isi network rules list
- isi network rules modify
- isi network rules view
- isi network sc-rebalance-all
- isi network subnets create
- isi network subnets delete
- isi network subnets list
- isi network subnets modify
- isi network subnets view
- isi nfs
- isi nfs aliases create
- isi nfs aliases delete
- isi nfs aliases list
- isi nfs aliases modify
- isi nfs aliases view
- isi nfs exports check
- isi nfs exports create
- isi nfs exports delete
- isi nfs exports list
- isi nfs exports modify
- isi nfs exports reload
- isi nfs exports view
- isi nfs log-level modify
- isi nfs log-level view
- isi nfs netgroup check
- isi nfs netgroup flush
- isi nfs netgroup modify
- isi nfs nlm locks list
- isi nfs nlm locks waiters
- isi nfs nlm sessions check
- isi nfs nlm sessions delete
- isi nfs nlm sessions list
- isi nfs nlm sessions refresh
- isi nfs nlm sessions view
- isi nfs settings export modify
- isi nfs settings export view
- isi nfs settings global modify
- isi nfs settings global view
- isi nfs settings zone modify
- isi nfs settings zone view
- isi ntp
- isi performance
- isi performance datasets create
- isi performance datasets delete
- isi performance datasets list
- isi peformance datasets modify
- isi performance datasets view
- isi performance filters apply
- isi performance filters list
- isi performance filters modify
- isi performance filters remove
- isi performance filters view
- isi performance metrics list
- isi performance metrics view
- isi performance settings modify
- isi performance settings view
- isi performance workloads list
- isi performance workloads modify
- isi performance workloads pin
- isi performance workloads unpin
- isi performance workloads view
- isi quota
- isi quota quotas create
- isi quota quotas delete
- isi quota quotas list
- isi quota quotas modify
- isi quota quotas notifications clear
- isi quota quotas notifications create
- isi quota quotas notifications delete
- isi quota quotas notifications disable
- isi quota quotas notifications list
- isi quota quotas notifications modify
- isi quota quotas notifications view
- isi quota quotas view
- isi quota reports create
- isi quota reports delete
- isi quota reports list
- isi quota settings mappings create
- isi quota settings mappings delete
- isi quota settings mappings list
- isi quota settings mappings modify
- isi quota settings mappings view
- isi quota settings notifications clear
- isi quota settings notifications create
- isi quota settings notifications delete
- isi quota settings notifications list
- isi quota settings notifications modify
- isi quota settings notifications view
- isi quota settings reports modify
- isi quota settings reports view
- isi readonly
- isi s3
- isi s3 buckets create
- isi s3 buckets delete
- isi s3 buckets list
- isi s3 buckets modify
- isi s3 buckets view
- isi services s3 disable
- isi services s3 enable
- isi s3 keys create
- isi s3 keys delete
- isi s3 log-level
- isi s3 log-level modify
- isi s3 log-level view
- isi s3 mykeys create
- isi s3 mykeys delete
- isi s3 mykeys view
- isi s3 settings global modify
- isi s3 settings global view
- isi s3 settings zone modify
- isi s3 settings zone view
- isi security commands
- isi servicelight
- isi services
- isi set
- isi smb
- isi smb log-level filters create
- isi smb log-level filters delete
- isi smb log-level filters list
- isi smb log-level filters view
- isi smb log-level modify
- isi smb log-level view
- isi smb openfiles close
- isi smb openfiles list
- isi smb sessions delete
- isi smb sessions delete-user
- isi smb sessions list
- isi smb settings global modify
- isi smb settings global view
- isi smb settings shares modify
- isi smb settings shares view
- isi smb settings zone modify
- isi smb settings zone view
- isi smb shares create
- isi smb shares delete
- isi smb shares list
- isi smb shares modify
- isi smb shares permission create
- isi smb shares permission delete
- isi smb shares permission list
- isi smb shares permission modify
- isi smb shares permission view
- isi smb shares view
- isi snapshot
- isi snapshot aliases delete
- isi snapshot aliases list
- isi snapshot aliases modify
- isi snapshot aliases view
- isi snapshot locks create
- isi snapshot locks delete
- isi snapshot locks list
- isi snapshot locks modify
- isi snapshot locks view
- isi snapshot schedules create
- isi snapshot schedules delete
- isi snapshot schedules list
- isi snapshot schedules modify
- isi snapshot schedules pending list
- isi snapshot schedules view
- isi snapshot settings modify
- isi snapshot settings view
- isi snapshot snapshots create
- isi snapshot snapshots delete
- isi snapshot snapshots list
- isi snapshot snapshots modify
- isi snapshot snapshots view
- isi snapshot writable create
- isi snapshot writable delete
- isi snapshot writable list
- isi snapshot writable view
- isi snmp
- isi ssh
- isi statistics
- isi status
- isi storagepool
- isi storagepool list
- isi storagepool nodepools create
- isi storagepool nodepools delete
- isi storagepool nodepools list
- isi storagepool nodepools modify
- isi storagepool nodepools view
- isi storagepool nodetypes list
- isi storagepool settings modify
- isi storagepool settings view
- isi storagepool tiers create
- isi storagepool tiers delete
- isi storagepool tiers list
- isi storagepool tiers modify
- isi storagepool tiers view
- isi storagepool unprovisioned view
- isi supportassist
- isi swift
- isi sync
- isi sync certificates peer delete
- isi sync certificates peer import
- isi sync certificates peer list
- isi sync certificates peer modify
- isi sync certificates peer view
- isi sync certificates server delete
- isi sync certificates server import
- isi sync certificates server list
- isi sync certificates server modify
- isi sync certificates server view
- isi sync jobs cancel
- isi sync jobs list
- isi sync jobs pause
- isi sync jobs reports list
- isi sync jobs reports view
- isi sync jobs resume
- isi sync jobs start
- isi sync jobs view
- isi sync policies create
- isi sync policies delete
- isi sync policies disable
- isi sync policies enable
- isi sync policies list
- isi sync policies modify
- isi sync policies reset
- isi sync policies resolve
- isi sync policies view
- isi sync recovery allow-write
- isi sync recovery resync-prep
- isi sync reports list
- isi sync reports rotate
- isi sync reports subreports list
- isi sync reports subreports view
- isi sync reports view
- isi sync rules create
- isi sync rules delete
- isi sync rules list
- isi sync rules modify
- isi sync rules reports list
- isi sync rules reports view
- isi sync rules view
- isi sync service policies create
- isi sync service policies delete
- isi sync service policies disable
- isi sync service policies enable
- isi sync service policies list
- isi sync service policies modify
- isi sync service policies reset
- isi sync service policies resolve
- isi sync service policies view
- isi sync service recovery allow-write
- isi sync service recovery resync-prep
- isi sync service target break
- isi sync service target cancel
- isi sync service target list
- isi sync service target view
- isi sync settings modify
- isi sync settings view
- isi sync target break
- isi sync target cancel
- isi sync target list
- isi sync target reports list
- isi sync target reports subreports list
- isi sync target reports subreports view
- isi sync target reports view
- isi sync target view
- isi tape
- isi upgrade
- isi upgrade catalog clean
- isi upgrade catalog export
- isi upgrade catalog import
- isi upgrade catalog list
- isi upgrade catalog readme
- isi upgrade catalog remove
- isi upgrade catalog repair
- isi upgrade catalog verify
- isi upgrade cluster add-nodes
- isi upgrade cluster add-remaining-nodes
- isi upgrade cluster archive
- isi upgrade cluster assess
- isi upgrade cluster commit
- isi upgrade cluster drain
- isi upgrade cluster firmware
- isi upgrade cluster firmware start
- isi upgrade cluster from-version
- isi upgrade cluster nodes firmware
- isi upgrade cluster nodes list
- isi upgrade cluster nodes view
- isi upgrade cluster pause
- isi upgrade cluster resume
- isi upgrade cluster retry-last-action
- isi upgrade cluster rollback
- isi upgrade cluster reboot
- isi upgrade cluster settings
- isi upgrade cluster start
- isi upgrade cluster to-version
- isi upgrade cluster unblock
- isi upgrade cluster view
- isi upgrade patches abort
- isi upgrade patches install
- isi upgrade patches list
- isi upgrade patches uninstall
- isi upgrade patches view
- isi version
- isi worm
- isi zone
PowerScaleOneFS CLI Command Reference
isi auth ldap create
Creates an LDAP provider.
Syntax
isi auth ldap create <name> [--base-dn <string>] [--server-uris <string>] [--alternate-security-identities-attribute <string>] [--authentication {yes | no}] [--balance-servers {yes | no}] [--bind-dn <string>] [--bind-timeout <integer>] [--certificate-authority-file <string>] [--check-online-interval <duration>] [--cn-attribute <string>] [--create-home-directory {yes | no}] [--crypt-password-attribute <string>] [--email-attribute <string>] [--enabled {yes | no}] [--enumerate-groups {yes | no}] [--enumerate-users {yes | no}] [--findable-groups <string>] [--findable-users <string>] [--gecos-attribute <string>] [--gid-attribute <string>] [--group-base-dn <string>] [--group-domain <string>] [--group-filter <string>] [--group-members-attribute <string>] [--group-search-scope <scope>] [--home-directory-template <string>] [--homedir-attribute <string>] [--ignore-tls-errors {yes | no}] [--listable-groups <string>] [--listable-users <string>] [--login-shell <string>] [--member-lookup-method {default | rfc2307bis} [--member-of-attribute <string>] [--name-attribute <string>] [--netgroup-base-dn <string>] [--netgroup-filter <string>] [--netgroup-members-attribute <string>] [--netgroup-search-scope <scope>] [--netgroup-triple-attribute <string>] [--normalize-groups {yes | no}] [--normalize-users {yes | no}] [--nt-password-attribute <string>] [--ntlm-support {all | v2only | none}] [--ocsp-server-uris <uri-list>] [--provider-domain <string>] [--require-secure-connection {yes | no}] [--restrict-findable {yes | no}] [--restrict-listable {yes | no}] [--search-scope <scope>] [--search-timeout <integer>] [--shadow-user-filter <string>] [--shadow-expire-attribute <string>] [--shadow-flag-attribute <string>] [--shadow-inactive-attribute <string>] [--shadow-last-change-attribute <string>] [--shadow-max-attribute <string>] [--shadow-min-attribute <string>] [--shadow-warning-attribute <string>] [--shell-attribute <string>] [--ssh-public-key-attribute <string>] [--tls-revocation-check-level {strict | allowNoSrc | allowNoData | none}] [--uid-attribute <string>] [--unfindable-groups <string>] [--unfindable-users <string>] [--unique-group-members-attribute <string>] [--unlistable-groups <string>] [--unlistable-users <string>] [--user-base-dn <string>] [--user-domain <string>] [--user-filter <string>] [--user-search-scope <scope>] [--groupnet <groupnet>] [--template {default | rfc2307 | ad-idmu | ldapsam} [--bind-password <string>] [--set-bind-password] [--force | -f] [--verbose] | -v
Options
- <name>
- Sets the LDAP provider name.
- --base-dn <string>
- Sets the root of the tree in which to search for identities. For example, CN=Users,DC=mycompany,DC=com.
- --server-uris <string>
- Specifies a list of LDAP server URIs to be used when accessing the server. Repeat this option to specify multiple list items.
Specify the LDAP server URI in the format ldaps://<server>:<port> for secure LDAP or ldap://<server>:<port> for non-secure LDAP.
The server can be specified as an IPv4 address, an IPv6 address, or a hostname.
If you do not specify a port number, the default port is used; 389 for secure LDAP or 636 for non-secure LDAP.
NOTE: If you specify non-secure LDAP, the bind password is transmitted to the server in clear text. - --alternate-security-identities-attribute <string>
- Specifies the name to be used when searching for alternate security identities. This name is used when OneFS attempts to resolve a Kerberos principal to a user.
- --authentication {yes | no}
- Enables or disables the use of the provider for authentication as well as identity. The default value is yes.
- --balance-servers {yes | no}
- Makes the provider connect to a random server on each request.
- --bind-dn <string>
- Specifies the distinguished name to use when binding to the LDAP server. For example, CN=myuser,CN=Users,DC=mycompany,DC=com.
- --bind-timeout <integer>
- Specifies the timeout in seconds when binding to the LDAP server.
- --certificate-authority-file <path>
- Specifies the path to the root certificates file for TLS connection. Required when --require-secure-connection is yes.
- --check-online-interval <duration>
- Specifies the time between provider online checks, in the format <integer>[{Y | M | W | D | H | m | s}].
- --cn-attribute <string>
- Specifies the LDAP attribute that contains common names. The default value is cn.
- --create-home-directory {yes | no}
- Specifies whether to automatically create a home directory the first time a user logs in, if a home directory does not already exist for the user.
- --crypt-password-attribute <string>
- Specifies the LDAP attribute that contains UNIX passwords. This setting has no default value.
- --email-attribute <string>
- Specifies the LDAP attribute that contains email addresses. The default value is mail.
- --enabled {yes | no}
- Enables or disables the provider.
- --enumerate-groups {yes | no}
- Specifies whether to allow the provider to enumerate groups.
- --enumerate-users {yes | no}
- Specifies whether to allow the provider to enumerate users.
- --findable-groups <string>
- Specifies a list of groups that can be found in this provider if --restrict-findable is enabled. Repeat this option to specify each additional findable group. If populated, groups that are not included in this list cannot be resolved.
- --findable-users <string>
- Specifies a list of users that can be found in this provider if --restrict-findable is enabled. Repeat this option to specify each additional findable user. If populated, users that are not included in this list cannot be resolved.
- --gecos-attribute <string>
- Specifies the LDAP attribute that contains GECOS fields. The default value is gecos.
- --gid-attribute <string>
- Specifies the LDAP attribute that contains GIDs. The default value is gidNumber.
- --group-base-dn <string>
- Specifies the distinguished name of the entry at which to start LDAP searches for groups.
- --group-domain <string>
- Specifies the domain that the provider will use to qualify groups. The default group domain is LDAP_GROUPS.
- --group-filter <string>
- Sets the LDAP filter for group objects.
- --group-members-attribute <string>
- Specifies the LDAP attribute that contains group members. The default value is memberUid.
- --group-search-scope <scope>
- Defines the default depth from the base distinguished name (DN) to perform LDAP searches for groups.
The following values are valid:
- default
- Applies the setting in
--search-scope.
NOTE:You cannot specify --search-scope=default. For example, if you specify --group-search-scope=default, the search scope is set to the value of --search-scope.
- base
- Searches only the entry at the base DN.
- onelevel
- Searches all entries exactly one level below the base DN.
- subtree
- Searches the base DN and all entries below it.
- children
- Searches all entries below the base DN, excluding the base DN.
- --home-directory-template <path>
- Specifies the path to use as a template for naming home directories. The path must begin with /ifs and can include special character sequences that are dynamically replaced with strings at home directory creation time that represent specific variables. For example, %U, %D, and %Z are replaced with the user name, provider domain name, and zone name, respectively. For more information about home directory variables, see Home directories.
- --homedir-attribute <string>
- Specifies the LDAP attribute that contains home directories. The default value is homeDirectory.
- --ignore-tls-errors {yes | no}
- Specifies whether to continue secure connection when certificate errors occur. The default setting is no.
- If TLS is enabled ( --require-secure-connection is set to yes) and --ignore-tls-errors is set to yes, the LDAP provider uses TLS regardless of errors. TLS may issue certificate verification errors but the LDAP provider continues to use the certificate and TLS communication. TLS logs the errors.
- --listable-groups <string>
- Specifies a list of groups that can be viewed in this provider if --restrict-listable is enabled. Repeat this option to specify multiple list items. If populated, groups that are not included in this list cannot be viewed.
- --listable-users <string>
- Specifies a list of users that can be viewed in this provider if --restrict-listable is enabled. Repeat this option to specify multiple list items. If populated, users that are not included in this list cannot be viewed.
- --login-shell <path>
- Specifies the pathname of the user's login shell for users who access the file system through SSH.
- --member-lookup-method {default | rfc2307bis}
-
Sets the method by which group member lookups are performed. Use caution when changing this option directly.
- --member-of-attribute <string>
- Sets the attribute to be used when searching LDAP for reverse memberships. This LDAP value should be an attribute of the user type posixAccount that describes the groups in which the POSIX user is a member.
- --name-attribute <string>
- Specifies the LDAP attribute that contains UIDs, which are used as login names. The default value is uid.
- --netgroup-base-dn <string>
- Specifies the distinguished name of the entry at which to start LDAP searches for netgroups.
- --netgroup-filter <string>
- Sets the LDAP filter for netgroup objects.
- --netgroup-members-attribute <string>
- Specifies the LDAP attribute that contains netgroup members. The default value is memberNisNetgroup.
- --netgroup-search-scope <scope>
- Defines the depth from the base distinguished name (DN) to perform LDAP searches for netgroups.
The following values are valid:
- default
- Applies the setting in
--search-scope.
NOTE:You cannot specify --search-scope=default. For example, if you specify --group-search-scope=default, the search scope is set to the value of --search-scope.
- base
- Searches only the entry at the base DN.
- onelevel
- Searches all entries exactly one level below the base DN.
- subtree
- Searches the base DN and all entries below it.
- children
- Searches all entries below the base DN, excluding the base DN.
- --netgroup-triple-attribute <string>
- Specifies the LDAP attribute that contains netgroup triples. The default value is nisNetgroupTriple.
- --normalize-groups {yes | no}
- Normalizes group names to lowercase before lookup.
- --normalize-users {yes | no}
- Normalizes user names to lowercase before lookup.
- --nt-password-attribute <string>
- Specifies the LDAP attribute that contains Windows passwords. A commonly used value is ntpasswdhash.
- --ntlm-support {all | v2only | none}
- For users with NTLM-compatible credentials, specifies which NTLM versions to support.
- --ocsp-server-uris <uri-list>
- Specifies the location of revocation information for TLS certificates. This is an optional parameter to use with --tls-revocation-check-level. Revocation information is contained in Online Certificate Status Protocol (OCSP) responder URIs. If this option is not set, then the LDAP provider looks for the OCSP responder URI within the certificates.
- The <uri-list> is a comma-separated list of URIs.
- --provider-domain <string>
- Specifies the domain that the provider will use to qualify user and group names.
- --require-secure-connection {yes | no}
- Specifies whether to require a TLS connection. If set to yes, --certificate-authority-file is required.
- --restrict-findable {yes | no}
- Specifies whether to check the provider for filtered lists of findable and unfindable users and groups.
- --restrict-listable {yes | no}
- Specifies whether to check the provider for filtered lists of listable and unlistable users and groups.
- --search-scope <scope>
- Defines the default depth from the base distinguished name (DN) to perform LDAP searches.
The following values are valid:
- base
- Searches only the entry at the base DN.
- onelevel
- Searches all entries exactly one level below the base DN.
- subtree
- Searches the base DN and all entries below it.
- children
- Searches all entries below the base DN, excluding the base DN itself.
- --search-timeout <integer>
- Specifies the number of seconds after which to stop retrying and fail a search. The default value is 100.
- --shadow-user-filter <string>
- Sets the LDAP filter for shadow user objects.
- --shadow-expire-attribute <string>
-
Sets the attribute name that indicates the absolute date to expire the account.
- --shadow-flag-attribute <string>
-
Sets the attribute name that indicates the section of the shadow map that is used to store the flag value.
- --shadow-inactive-attribute <string>
-
Sets the attribute name that indicates the number of days of inactivity that is allowed for the user.
- --shadow-last-change-attribute <string>
-
Sets the attribute name that indicates the last change of the shadow information.
- --shadow-max-attribute <string>
-
Sets the attribute name that indicates the maximum number of days that a password can be valid.
- --shadow-min-attribute <string>
-
Sets the attribute name that indicates the minimum number of days between shadow changes.
- --shadow-warning-attribute <string>
-
Sets the attribute name that indicates the number of days before the password expires to warn the user.
- --shell-attribute <string>
- Specifies the LDAP attribute that contains a user's UNIX login shell. The default value is loginShell.
- --ssh-public-key-attribute <string>
- Sets the attribute name that contains the user's SSH Public Key.
- --tls-revocation-check-level {strict | allowNoSrc | allowNoData | none}
- When TLS is enabled, enforces additional verifications of certificates received from the LDAP server in the TLS handshake. Valid values are:
- strict
- Requires valid and current revocation information for all certificates received from the LDAP server in the TLS handshake. If any certificates do not comply, the LDAP provider ends the TLS session.
- allowNoSrc
- Accepts certificates from the LDAP server if no revocation retrieval information is available for them. A warning is logged for such certificates. Otherwise, the LDAP provider ends the TLS session if either of the following is true for any certificate:
- It is not possible to retrieve the revocation information
- The revocation state indicates that the certificate is not valid and current
- allowNoData
- Accepts certificates from the LDAP server if it is not possible to retrieve the revocation state. A warning is logged for such certificates. If revocation state is successfully retrieved, then it must indicate that the certificate is valid and current. Otherwise the LDAP provider ends the TLS session.
- none
- No revocation checking is performed. This is the default setting.
Also see --ocsp-server-uris.
- --uid-attribute <string>
- Specifies the LDAP attribute that contains UID numbers. The default value is uidNumber.
- --unfindable-groups <string>
- If --restrict-findable is enabled and the findable groups list is empty, specifies a list of groups that cannot be resolved by this provider. Repeat this option to specify multiple list items.
- --unfindable-users <string>
- If --restrict-findable is enabled and the findable users list is empty, specifies a list of users that cannot be resolved by this provider. Repeat this option to specify multiple list items.
- --unique-group-members-attribute <string>
- Specifies the LDAP attribute that contains unique group members. This attribute is used to determine which groups a user belongs to if the LDAP server is queried by the user’s DN instead of the user’s name. This setting has no default value.
- --unlistable-groups <string>
- If --restrict-listable is enabled and the listable groups list is empty, specifies a list of groups that cannot be listed by this provider that cannot be viewed. Repeat this option to specify multiple list items.
- --unlistable-users <string>
- If --restrict-listable is enabled and the listable users list is empty, specifies a list of users that cannot be listed by this provider that cannot be viewed. Repeat this option to specify multiple list items.
- --user-base-dn <string>
- Specifies the distinguished name of the entry at which to start LDAP searches for users.
- --user-domain <string>
- Specifies the domain that the provider will use to qualify users. The default user domain is LDAP_USERS.
- --user-filter <string>
- Sets the LDAP filter for user objects.
- --user-search-scope <scope>
- Defines the depth from the base distinguished name (DN) to perform LDAP searches for users.
The following values are valid:
- default
- Applies the search scope that is defined in the default query settings.
- base
- Searches only the entry at the base DN.
- onelevel
- Searches all entries exactly one level below the base DN.
- subtree
- Searches the base DN and all entries below it.
- children
- Searches all entries below the base DN, excluding the base DN itself.
- --groupnet <groupnet>
- Specifies the groupnet referenced by the LDAP provider. The groupnet is a top-level networking container that manages hostname resolution against DNS nameservers and contains subnets and IP address pools. The groupnet specifies which networking properties the LDAP provider will use when communicating with external servers.
- --template {default | rfc-2307 | ad-idmu | ldapsam}
- Specifies a template to be used to configure the LDAP provider. The templates provide pre-selected attributes. The templates are: RFC 2307, Active Directory Identity Management for UNIX (ad-idmu), and LDAP for Samba (ldapsam).
- --bind-password <string>
- Sets the password for the distinguished name that is used when binding to the LDAP server. To set the password interactively, use the --set-bind-password option instead.
- --set-bind-password
- Interactively sets the password for the distinguished name that is used when binding to the LDAP server. This option cannot be used with --bind-password.
- [--force | -f
- Specifies to ignore warnings when creating or modifying an LDAP provider.
- {--verbose | -v}
- Displays the results of running the command.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\