You can use Identity and Access Control to configure the following:
The idmapd.conf configuration file consists of several sections, initiated by strings of the form [General] and [Mapping]. Each section may contain lines of the form.
LDAP server directory.
The local NFSv4 domain name. An NFSv4 domain is a namespace with a unique username<>UID and groupname<>GID mapping. (Default: Host's fully-qualified DNS domain name)
Local user name to be used when a mapping cannot be completed.
Local group name to be used when a mapping cannot be completed.
LDAP Serverenables the configuration of the fields of the LDAP configuration.
Buurst's SoftNASprovides support for NFSv4 Kerberos and LDAP Support, which enables multi-user security access rights to files and directories managed by theSoftNASfiler.
OpenLDAP Server Configuration
LDAP Serverconfiguration allows the establishment of a connection betweenOpenLDAPand domain users.
Root DN for LDAP database
The domain of the local domain controller that hosts the users.
The directory starts out completely empty, without even a root structure present. Initializing the directory with a root record and other supporting directory sub-structures (i.e., sub-directories) is required before adding any user data.
Administration login DN
By default, Active Directory does not allow anonymous LDAP connections. To change this, to enter the DN of a user that's allowed to connect to the server and read all user and group data. Unless a special user account has already been created for this purpose, an easy choice is to use the built-in administrator account. By default, the administrator DN is in the form cn=Administrator,dc=<Local Domain>.
Existing Administration password.
New administration password
Create a new password for OpenLDAP directory management.
Indexes to cache
Number of indexes to cache to improve performance tuning for user lookups.
Database entries to cache
Number of database entries to cache to improve performance tuning for user lookups.
Access control options
Setting which determines access control setting between SoftNAS and the LDAP server.
Maximum number of search results
Max. number of search results for user lookups.
Maximum time for searches
Max. amount of time for user lookup searches.
Encryption options enables generation of an SSL Certificate. It enables the creation of a self-signed certificate for the LDAP system.
LDAP Access Control
This is where you can grant different access permissions on a per Object basis.
Manage LDAP Schema
The LDAP schema determines which object classes and attributes can be stored in the LDAP database. This page allows administrators to decide which schema types are supported by the server - but be careful de-selecting any entries that are used by existing objects.
This page provided a convenient way to create DN that will be the base of a new tree in the database. It can also create an example user or email alias under the tree as an object template.
Name for new DN
Name of the new Domain name to be created.
Create example object under new DN?
Setting which determines if a new object will be created under the newly created tree.
One of the following:
Unix user with mail
LDAP Clients enables the configuration of required fields of LDAP Client configuration. SoftNAS provides support for NFSv4 Kerberos and LDAP Support, which enables multi-user security access rights to files and directories managed by the SoftNAS deployment.
LDAP Server Configuration
The IP address of the LDAP Server is provided to configure a link to the client.
Specify a port number for LDAP traffic.
Specify a protocol for your LDAP traffic.
Specify the desired protocol version, or set to default.
Configure a connection time limit - either set to default, or enter a number (in seconds).
Add a login for non-root users ( or allow anonymous user access)
Provide the password for your non-root user.
Add a login for the root user.
Provide the password for your root user.
Select whether to use encrypted connection.
Verify LDAP SSL Certificate.
Browse to and select the CA Certificate File, if there is one.
LDAP Search Bases
In this section you can set the Base DN (Domain Name) for every service you want to discover LDAP records for. Enter the Base Domain Name for each service you wish to add.
Users can define the search depth within the search base.
If the Default is selected, the entire sub-tree will be searched, meaning the search will drill down through each group or organization, and search within them.
A one level search means that the search will go through any groups found within, but will not go through any sub-groups within those groups.
A base only search will not search any groups within the search base.
Users can also set a search filter, to filter records by an LDAP attribute or attribute's value.
Additional LDAP filter to help find users in the LDAP.
Attribute name to extract the username from.
LDAP group DN to force membership for every LDAP user.
Attribute name of the LDAP group to discover members of this group.
Password storage method.
Services Using LDAP
In this section you will be able to choose which services will look up records in the LDAP.
Until connected to the LDAP server, the LDAP browser will be unable to connect (seen in the first screenshot here).
Once connected, you will see the Child objects and attributes displayed (seen here in the second screenshot).
The Kerberos helps in communicating over a non-secure network to prove identity to one another in a secure manner. Configure Kerberos from SoftNAS.
Configuring Kerberos Panel
Set the path to theKerberosconfiguration file in theKerberosmodule configuration.
To do so, click theModule Configlink. The Configuration for Kerberos5 Module page will be displayed.
Enter the path for theKerberos5configuration file in the text entry box.