LDAP (Lightweight Directory Access Protocol) is a directory service for centralizing management of users, groups, hostnames and other resources (called objects). This service on the appliance acts as an LDAP client so that:
LDAP user names (instead of numerical ids) can be used to configure root directory ACLs on a share.
LDAP users can be granted privileges for appliance administration. The appliance supplements LDAP information with its own privilege settings.
The LDAP server's certificate can be self-signed.
You cannot supply a list of trusted CA certificates; each certificate must be individually accepted by the appliance administrator.
When an LDAP server's certificate expires, you must delete the server from the list and then re-add it to accept its new certificate.
Note UIDs from 0-99 inclusive are reserved by the operating system vendor for use in future applications. Their use by end system users or vendors of layered products is not supported and can cause security issues with other applications.