Sorry we lost some posts because of database errors!

*New 12.1 series Release:
2020-09-01: XigmaNAS 12.1.0.4.7728 - released

*New 11.4 series Release:
2020-08-27: XigmaNAS 11.4.0.4.7718 - released!


We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

Howto specify master+backup ldap server?

Authenticating XigmaNAS users using LDAP.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
harryc
Starter
Starter
Posts: 25
Joined: 08 Nov 2012 22:12
Status: Offline

Howto specify master+backup ldap server?

#1

Post by harryc »

On the Access | LDAP page there is 'Host name' and 'The name or IP address of the LDAP server'.

However, almost everyone who bothers with LDAP doesn't trust their whole world to one LDAP machine. Like DHCP and DNS and WINS there needs to be a way to specify more than one server. I suppose there is here too-- but as this forum is empty I hope someone will give a howto.

Thanks

Harry Coin

harryc
Starter
Starter
Posts: 25
Joined: 08 Nov 2012 22:12
Status: Offline

Re: Howto specify master+backup ldap server?

#2

Post by harryc »

So, with some IRC help the partial answer is on the 'Hostname' LDAP line put:

host1.whatnot.com ldap://host2.whatnot.com

The interface will put an 'ldap://' in front of host 1 for you. Which actually is a very bad idea since it blocks the use of 'ldaps://' (TLS) or 'ldapi://'. Well, in retrospect it's not a good answer since nas4free puts 'ldap://' on the URI line, and leaves it bare on the deprecated 'HOST' line. So, the HOST line will fail on the second ldap:// and the URI line will fail if you include ldap://host1.

What needs to happen is to have the configurator look for ldap*:// on the host name line after eating the white space and if found use the line as it is, and if not prepend the ldap:// for backward compatibility.

User avatar
daoyama
Developer
Developer
Posts: 422
Joined: 25 Aug 2012 09:28
Location: Japan
Status: Offline

Re: Howto specify master+backup ldap server?

#3

Post by daoyama »

I use ActiveDirectory. So I didn't use LDAP and didn't test LDAP but it seems NAS4Free should be fixed.
harryc wrote:host1.whatnot.com ldap://host2.whatnot.com
This is nonsense. There is no reason to keep backward compatibility.
You should always use URI scheme instead host name:

ldap://host:port/ ldap://host2:port/ ...

Also if your LDAP server have no restricted configuration, rootbindn can be omitted.
If a user can not permit doing but only root user can, you must specify rootbinddn.

However, currently samba config of NAS4Free use admin bind with rootbinddn.
So you can not omit rootbinddn on LDAP setting page.

Daisuke Aoyama
NAS4Free 10.2.0.2.2115 (x64-embedded), 10.2.0.2.2258 (arm), 10.2.0.2.2258(dom0)
GIGABYTE 5YASV-RH, Celeron E3400 (Dual 2.6GHz), ECC 8GB, Intel ET/CT/82566DM (on-board), ZFS mirror (2TBx2)
ASRock E350M1/USB3, 16GB, Realtek 8111E (on-board), ZFS mirror (2TBx2)
MSI MS-9666, Core i7-860(Quad 2.8GHz/HT), 32GB, Mellanox ConnectX-2 EN/Intel 82578DM (on-board), ZFS mirror (3TBx2+L2ARC/ZIL:SSD128GB)
Develop/test environment:
VirtualBox 512MB VM, ESXi 512MB-8GB VM, Raspberry Pi, Pi2, ODROID-C1

harryc
Starter
Starter
Posts: 25
Joined: 08 Nov 2012 22:12
Status: Offline

Re: Howto specify master+backup ldap server?

#4

Post by harryc »

Thanks for this thought. The present interface in nas4free makes your excellent suggestions impossible. The current configurator puts ldap:// in front of the text in the host line, and emits both host <hostname> and uri <hostname> in the ldap.conf.
Whether maintaining backward compatibility or adding code to backup restoration and upgrade software to change thigns is up to the developers.

In the meantime, here's an actual workaround: It appears to be a happy fact that URI and HOST lines are not cumulative in ldap.conf, later lines replace earlier ones. So, just put 'foo' in as the hostname, and put
host
uri ldaps://host1.whatnot.com ldaps://host2.whatnot.com
in at the custom parameters section.
Don't use the 's' if your ldap traffic is not tls secured.

Post Reply

Return to “LDAP (Lightweight Directory Access Protocol)”