Versions Compared

Old Version 5

changes.mady.by.user Shawn Fletcher

Saved on

compared with

New Version Current

changes.mady.by.user Shawn Fletcher

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
typelist
printablefalse
Info

Currently, SoftNAS supports OpenLDAP but does not support it out of the box. Because of this, there are a few manual steps that must be performed in order to successfully configure your SoftNAS instance as an LDAP Client.

CLI Configuration - SSSD Configuration

Log in as the root user and install the OpenLDAP client and other client utilities:

Code Block
languagenone
dnf install

...

sssd sssd-ldap -y

Create an sssd.conf file in the /etc/sssd directory:

Code Block
touch /etc/sssd/sssd.conf

Edit the sssd.conf file and paste one of the following configurations:

Info

These sssd.conf files might not work for your network and LDAP Server configuration. These files are meant to serve as templates and are not guaranteed to work in your environment. Adjustments might have to be made.

Note

Replace ldap_uri = ldap://ldapServer-IP with your LDAP servers IP or hostname.

Note

Replace yourDomain with your configured LDAP server domain.

TLS Communication

Code Block
[sssd]
config_file_version = 2
services = nss, pam
domains = yourDomain

[nss]

homedir_substring = /home

[pam]

[domain/yourDomain]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri =  ldap://ldapServer-IP
ldap_search_base = dc=your,dc=Domain,dc=com
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = True
ldap_tls_reqcert = allow

SSL Communication

Code Block
[domain/yourDomain]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://ldapServer-IP:636
ldap_chpass_uri = ldaps://ldapServer-IP:636
ldap_search_base = dc=your,dc=Domain,dc=com
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = True
ldap_tls_reqcert = demand
entry_cache_timeout = 600
ldap_network_timeout = 3
ldap_connection_expire_timeout = 60

Non-TLS / Non-SSL Communication

Code Block
[sssd]
config_file_version = 2
services = nss, pam
domains = yourDomain.com

[nss]
homedir_substring = /home

[pam]

[domain/yourDomain.com]
enumerate = true
debug_level = 6
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldapServer-IP
ldap_user_search_base = ou=users,dc=your,dc=Domain,dc=com
ldap_group_search_base = ou=groups,dc=your,dc=Domain,dc=com
ldap_search_base = dc=your,dc=Domain,dc=com
ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = True
ldap_tls_reqcert = allow

Change ownership of sssd.conf file to the root user:

Code Block
chown root:root sssd.conf

Change permissions of the sssd.conf file to 600:

Code Block
chmod 600 sssd.conf

Restart the sssd service:

Code Block
systemctl restart sssd

Edit the /etc/openldap/ldap.conf file and replace the BASE and URI parameters with the following:

Note

Replace ldap_uri = ldap://ldapServer-IP with your LDAP servers IP or hostname.

Note

Replace yourDomain with your configured LDAP server domain.

Code Block
BASE  dc=your,dc=Domain,dc=com
URI   ldap://ldapServer-IP

Switch to the home directory:

Code Block
cd ~

Use authselect to configure the system:

Code Block
authselect select sssd with-mkhomedir --force

Restart the sssd service:

Code Block
systemctl restart sssd

Start and Enable the oddjobd.service:

Code Block
systemctl start oddjobd.service
Code Block
systemctl

...

enable oddjobd.service

Verify your LDAP user(s):

Note

If your user does not appear here, something was configured incorrectly.

Code Block
id user

CLI Configuration - Direct LDAP Configuration

Edit the /etc/openldap/ldap.conf file and replace the BASE and URI parameters with the following:

Note

Replace ldap_uri = ldap://ldapServer-IP with your LDAP servers IP or hostname.

Note

Replace yourDomain with your configured LDAP server domain.

Code Block
BASE  dc=your,dc=Domain,dc=com
URI   ldap://ldapServer-IP

StorageCenter UI Configuration

  • From the StorageCenter UI, navigate to Settings > Identity and Access Control > LDAP Client:

page11image41061424Image Modified

  • From the LDAP Client page, click the Start LDAP Client Daemon button:

page11image41064128Image Modified

  • From the LDAP Client page, select LDAP Search Bases:

page11image41060176Image Modified

  • In the Global search base text box enter ou=users,dc=your,dc=Domain,dc=com and click the Save button:

Note

Replace yourDomain with your configured LDAP server domain.

Image Modified

  • From the LDAP Client page, select LDAP Server Configuration:

page12image41789808Image Modified

  • In the Hostname text box enter the IP Address of your LDAP Server and click the Save button:

page12image41788976Image Modified

  • From the LDAP Client page, select Services Using LDAP:

Image Added

  • From the Services Using LDAP module, change the Second data source to LDAP for both the Unix users and Unix groups services.

Image Added

Image Added

Image Added

  • From the LDAP Client page, click the Validate Configuration button:

Image Modified

  • From here you should see some similar output resulting in your system being successfully configured as an LDAP client:

Image Modified