Configuring SoftNAS Instance as an LDAP Client

1 CLI Configuration - SSSD Configuration
- 1.1 TLS Communication
- 1.2 SSL Communication
- 1.3 Non-TLS / Non-SSL Communication
2 CLI Configuration - Direct LDAP Configuration
3 StorageCenter UI Configuration

Currently, SoftNAS supports OpenLDAP but does not support it out of the box. Because of this, there are a few manual steps that must be performed in order to successfully configure your SoftNAS instance as an LDAP Client.

CLI Configuration - SSSD Configuration

Log in as the root user and install the OpenLDAP client and other client utilities:

dnf install sssd sssd-ldap -y

Create an sssd.conf file in the /etc/sssd directory:

touch /etc/sssd/sssd.conf

Edit the sssd.conf file and paste one of the following configurations:

These sssd.conf files might not work for your network and LDAP Server configuration. These files are meant to serve as templates and are not guaranteed to work in your environment. Adjustments might have to be made.

Replace ldap_uri = ldap://ldapServer-IP with your LDAP servers IP or hostname.

TLS Communication

[sssd]
config_file_version = 2
services = nss, pam
domains = yourDomain

[nss]

homedir_substring = /home

[pam]

[domain/yourDomain]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri =  ldap://ldapServer-IP
ldap_search_base = dc=your,dc=Domain,dc=com
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = True
ldap_tls_reqcert = allow

SSL Communication

Non-TLS / Non-SSL Communication

Change ownership of sssd.conf file to the root user:

Change permissions of the sssd.conf file to 600:

Restart the sssd service:

Edit the /etc/openldap/ldap.conf file and replace the BASE and URI parameters with the following:

Switch to the home directory:

Use authselect to configure the system:

Restart the sssd service:

Start and Enable the oddjobd.service:

Verify your LDAP user(s):

CLI Configuration - Direct LDAP Configuration

Edit the /etc/openldap/ldap.conf file and replace the BASE and URI parameters with the following:

StorageCenter UI Configuration

From the StorageCenter UI, navigate to Settings > Identity and Access Control > LDAP Client:

From the LDAP Client page, click the Start LDAP Client Daemon button:

From the LDAP Client page, select LDAP Search Bases:

In the Global search base text box enter ou=users,dc=your,dc=Domain,dc=com and click the Save button:

From the LDAP Client page, select LDAP Server Configuration:

In the Hostname text box enter the IP Address of your LDAP Server and click the Save button:

From the LDAP Client page, select Services Using LDAP:

From the Services Using LDAP module, change the Second data source to LDAP for both the Unix users and Unix groups services.

From the LDAP Client page, click the Validate Configuration button:

From here you should see some similar output resulting in your system being successfully configured as an LDAP client: