| Info |
|---|
Currently, SoftNAS supports OpenLDAP but does not support it out of the box. Because of this, there are a few manual steps that must be performed in order to successfully configure your SoftNAS instance as an LDAP Client. |
CLI Configuration
Log in as the root user and install the OpenLDAP client and other client utilities:
| Code Block | ||
|---|---|---|
| ||
dnf install openldap-clients sssd sssd-ldap -y |
Create an sssd.conf file in the /etc/sssd directory:
| Code Block |
|---|
touch /etc/sssd/sssd.conf |
Edit the sssd.conf file and paste one of the following configurations:
| Info |
|---|
These |
| Note |
|---|
Replace |
| Note |
|---|
Replace |
TLS Communication
| Code Block |
|---|
[sssd] config_file_version = 2 services = nss, pam domains = yourDomain [nss] homedir_substring = /home [pam] [domain/yourDomain] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldapServer-IP ldap_search_base = dc=your,dc=Domain,dc=com ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_tls_reqcert = allow |
SSL Communication
| Code Block |
|---|
[domain/yourDomain] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldaps://ldapServer-IP:636 ldap_chpass_uri = ldaps://ldapServer-IP:636 ldap_search_base = dc=your,dc=Domain,dc=com ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_tls_reqcert = demand entry_cache_timeout = 600 ldap_network_timeout = 3 ldap_connection_expire_timeout = 60 |
Non-TLS / Non-SSL Communication
| Code Block |
|---|
[sssd] config_file_version = 2 services = nss, pam domains = yourDomain.com [nss] homedir_substring = /home [pam] [domain/yourDomain.com] enumerate = true debug_level = 6 id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldapServer-IP ldap_user_search_base = ou=users,dc=your,dc=Domain,dc=com ldap_group_search_base = ou=groups,dc=your,dc=Domain,dc=com ldap_search_base = dc=your,dc=Domain,dc=com ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_tls_reqcert = allow |
Change ownership of sssd.conf file to the root user:
| Code Block |
|---|
chown root:root sssd.conf |
Change permissions of the sssd.conf file to 600:
| Code Block |
|---|
chmod 600 sssd.conf |
Restart the sssd service:
| Code Block |
|---|
systemctl restart sssd |
Edit the /etc/openldap/ldap.conf file and replace the BASE and URI parameters with the following:
| Note |
|---|
Replace |
| Note |
|---|
Replace |
| Code Block |
|---|
BASE dc=your,dc=Domain,dc=com URI ldap://ldapServer-IP |
Switch to the home directory:
| Code Block |
|---|
cd ~ |
Use authselect to configure the system:
| Code Block |
|---|
authselect select sssd with-mkhomedir --force |
Restart the sssd service:
| Code Block |
|---|
systemctl restart sssd |
Start and Enable the oddjobd.service:
| Code Block |
|---|
systemctl start oddjobd.service |
| Code Block |
|---|
systemctl enable oddjobd.service |
Verify your LDAP user(s):
| Note |
|---|
If your user does not appear here, something was configured incorrectly. |
| Code Block |
|---|
id user |
StorageCenter UI Configuration
From the StorageCenter UI, navigate to Settings > Identity and Access Control > LDAP Client:
From the LDAP Client page, click the Start LDAP Client Daemon button:
From the LDAP Client page, select LDAP Search Bases:
In the Global search base text box enter
ou=users,dc=your,dc=Domain,dc=comand click the Save button:
| Note |
|---|
Replace |
From the LDAP Client page, select LDAP Server Configuration:
In the Hostname text box enter the IP Address of your LDAP Server and click the Save button:
From the LDAP Client page, click the Validate Configuration button:
From here you should see some similar output resulting in your system being successfully configured as an LDAP client:
