Latest News:
2018-11-29: XigmaNAS 11.2.0.4.6229 - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS cost money, please consider a donation to our project so we can continue to offer you the best.
We need your support! eg: PAYPAL

[SOLVED]Secure ldap possible or not ??

Authenticating XigmaNAS users using LDAP.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
eago
NewUser
NewUser
Posts: 2
Joined: 13 Oct 2014 16:21
Status: Offline

[SOLVED]Secure ldap possible or not ??

#1

Post by eago » 13 Oct 2014 17:44

Hello,

(I speak a little english so i will try to explain my problem with my words!!)

Problem : I try to configure nas4free to connect to freebsd 10 secure ldap server (more generally : secure ldap server)!!

What I'have done : I have already linked my nas4free 9.2.0.1 (Shigawire révision 972) to Ubuntu 14.04LTS unsecure ldap server, and it work: in ssh on my nas4free, commands line getent passwd and getent group give me ldap users and groups!!

When i try to connect my nas4free to freebsd 10 secure ldap server, i add two auxiliary parameters in Access -> LDAP :

Code: Select all

ssl start_tls
and

Code: Select all

tls_cacert /var/etc/ssl/mycerts/cert.crt
I have copied my certificate cert.crt in /var/etc/ssl/mycerts on nas4free.

I don't know if i need to add modifications in /etc/pam.d/... files.
ldap.conf file (/var/etc/ldap.conf) seem to be file which is filed when i configure ldap in GUI so i don't touch it.

Maybe connection between nas4free and secure ldap server is not possible or very hard to achieve?! If someone know about it or have configure it successfully, i need help or confirmation that this features can't be done.

Thank you.

jandegr
Starter
Starter
Posts: 44
Joined: 23 Jun 2012 17:41
Location: Belgium
Status: Offline

Re: Secure ldap possible or not ??

#2

Post by jandegr » 13 Oct 2014 17:50

Hi,
I worked with daniel_m a while ago to get ldap+netatalk3 going on 9.3
Maybe you can use some info from it :
viewtopic.php?f=69&t=5365&start=75#p38532

regards,
Jan

eago
NewUser
NewUser
Posts: 2
Joined: 13 Oct 2014 16:21
Status: Offline

Re: Secure ldap possible or not ??

#3

Post by eago » 14 Oct 2014 16:28

I have not found interesting informations for my case Jandegr but thank you.

It's amazing, i can't found tutorial on web which explain how to configure features on nas4free, i find always things about freenas.
There are very few documentation on nas4free website. In my opinion, it's not good for nas4free.

davidgordonca
NewUser
NewUser
Posts: 4
Joined: 07 Jun 2016 19:25
Status: Offline

Re: Secure ldap possible or not ??

#4

Post by davidgordonca » 07 Jun 2016 19:54

We got LDAPS to work with the following setup on NAS4Free 10.3.0.3 Embedded. This assumes that you have signed your certificate by a trusted authority that is in the ca_root_nss package (as most are).

[System \ Advanced \ Command scripts ]
sudo pkg install ca_root_nss
mkdir -p /usr/local/etc/openldap
cp /cf/conf/openldap-client/ldap.conf /usr/local/etc/openldap/
sed -i -e 's:dc=yourdomain,dc=com?one:dc=yourdomain,dc=com:' /var/etc/ldap.conf


[/cf/conf/openldap-client/ldap.conf]
BASE dc=yourdomain,dc=com
URI ldaps://ldap.yourdomain.com/
TLS_CACERT /etc/ssl/cert.pem
TLS_REQCERT demand


In the menu Access \ LDAP, we configured LDAPS accordingly with the following auxiliary parameters:
ldap_version 3
timelimit 30
bind_timelimit 30
bind_policy soft
pam_ldap_attribute uid
tls_cacert /etc/ssl/cert.pem
tls_reqcert demand

Post Reply

Return to “LDAP (Lightweight Directory Access Protocol)”