Currently, SoftNAS supports OpenLDAP but does not support it out of the box. Because of this, there are a few manual steps that must be performed in order to successfully configure your SoftNAS instance as an LDAP Client.
CLI Configuration
Log in as the root user and install the OpenLDAP client and other client utilities:
dnf install openldap-clients sssd sssd-ldap -y
Create an sssd.conf file in the /etc/sssd directory:
touch /etc/sssd/sssd.conf
Edit the sssd.conf file and paste one of the following configurations:
These sssd.conf files might not work for your network and LDAP Server configuration. These files are meant to serve as templates and are not guaranteed to work in your environment. Adjustments might have to be made.
Replace ldap_uri = ldap://ldapServer-IP with your LDAP servers IP or hostname.
Replace yourDomain with your configured LDAP server domain.
TLS Communication
[sssd] config_file_version = 2 services = nss, pam domains = yourDomain [nss] homedir_substring = /home [pam] [domain/yourDomain] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldapServer-IP ldap_search_base = dc=your,dc=Domain,dc=com ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_tls_reqcert = allow
SSL Communication
[domain/yourDomain] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldaps://ldapServer-IP:636 ldap_chpass_uri = ldaps://ldapServer-IP:636 ldap_search_base = dc=your,dc=Domain,dc=com ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_tls_reqcert = demand entry_cache_timeout = 600 ldap_network_timeout = 3 ldap_connection_expire_timeout = 60
Non-TLS / Non-SSL Communication
[sssd] config_file_version = 2 services = nss, pam domains = yourDomain.com [nss] homedir_substring = /home [pam] [domain/yourDomain.com] enumerate = true debug_level = 6 id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldapServer-IP ldap_user_search_base = ou=users,dc=your,dc=Domain,dc=com ldap_group_search_base = ou=groups,dc=your,dc=Domain,dc=com ldap_search_base = dc=your,dc=Domain,dc=com ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_tls_reqcert = allow
Change ownership of sssd.conf file to the root user:
chown root:root sssd.conf
Change permissions of the sssd.conf file to 600:
chmod 600 sssd.conf
Restart the sssd service:
systemctl restart sssd
Edit the /etc/openldap/ldap.conf file and replace the BASE and URI parameters with the following:
Replace ldap_uri = ldap://ldapServer-IP with your LDAP servers IP or hostname.
Replace yourDomain with your configured LDAP server domain.
BASE dc=your,dc=Domain,dc=com URI ldap://ldapServer-IP
Switch to the root directory:
cd ~
Use authselect to configure the system:
authselect select sssd with-mkhomedir --force
Restart the sssd service:
systemctl restart sssd
Start and Enable the oddjobd.service:
systemctl start oddjobd.service
systemctl start oddjobd.service
Verify your LDAP user(s):
If your user does not appear here, something was configured incorrectly.
id user
StorageCenter UI Configuration
From the StorageCenter UI, navigate to Settings > Identity and Access Control > LDAP Client:
From the LDAP Client page, click the Start LDAP Client Daemon button:
From the LDAP Client page, select LDAP Search Bases:
In the Global search base text box enter
ou=users,dc=your,dc=Domain,dc=comand click the Save button:
Replace yourDomain with your configured LDAP server domain.
From the LDAP Client page, select LDAP Server Configuration:
In the Hostname text box enter the IP Address of your LDAP Server and click the Save button:
From the LDAP Client page, click the Validate Configuration button:
From here you should see some similar output resulting in your system being successfully configured as an LDAP client:
