*New 11.3 series Release:
2019-10-19: XigmaNAS 11.3.0.4.7014 - released

*New 12.0 series Release:
2019-10-05: XigmaNAS 12.0.0.4.6928 - released!

*New 11.2 series Release:
2019-09-23: XigmaNAS 11.2.0.4.6881 - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

[SOLVED]Secure ldap possible or not ??

Authenticating XigmaNAS users using LDAP.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
eago
NewUser
NewUser
Posts: 2
Joined: 13 Oct 2014 16:21
Status: Offline

[SOLVED]Secure ldap possible or not ??

#1

Post by eago » 13 Oct 2014 17:44

Hello,

(I speak a little english so i will try to explain my problem with my words!!)

Problem : I try to configure nas4free to connect to freebsd 10 secure ldap server (more generally : secure ldap server)!!

What I'have done : I have already linked my nas4free 9.2.0.1 (Shigawire révision 972) to Ubuntu 14.04LTS unsecure ldap server, and it work: in ssh on my nas4free, commands line getent passwd and getent group give me ldap users and groups!!

When i try to connect my nas4free to freebsd 10 secure ldap server, i add two auxiliary parameters in Access -> LDAP :

Code: Select all

ssl start_tls
and

Code: Select all

tls_cacert /var/etc/ssl/mycerts/cert.crt
I have copied my certificate cert.crt in /var/etc/ssl/mycerts on nas4free.

I don't know if i need to add modifications in /etc/pam.d/... files.
ldap.conf file (/var/etc/ldap.conf) seem to be file which is filed when i configure ldap in GUI so i don't touch it.

Maybe connection between nas4free and secure ldap server is not possible or very hard to achieve?! If someone know about it or have configure it successfully, i need help or confirmation that this features can't be done.

Thank you.

jandegr
Starter
Starter
Posts: 44
Joined: 23 Jun 2012 17:41
Location: Belgium
Status: Offline

Re: Secure ldap possible or not ??

#2

Post by jandegr » 13 Oct 2014 17:50

Hi,
I worked with daniel_m a while ago to get ldap+netatalk3 going on 9.3
Maybe you can use some info from it :
viewtopic.php?f=69&t=5365&start=75#p38532

regards,
Jan

eago
NewUser
NewUser
Posts: 2
Joined: 13 Oct 2014 16:21
Status: Offline

Re: Secure ldap possible or not ??

#3

Post by eago » 14 Oct 2014 16:28

I have not found interesting informations for my case Jandegr but thank you.

It's amazing, i can't found tutorial on web which explain how to configure features on nas4free, i find always things about freenas.
There are very few documentation on nas4free website. In my opinion, it's not good for nas4free.

davidgordonca
NewUser
NewUser
Posts: 4
Joined: 07 Jun 2016 19:25
Status: Offline

Re: Secure ldap possible or not ??

#4

Post by davidgordonca » 07 Jun 2016 19:54

We got LDAPS to work with the following setup on NAS4Free 10.3.0.3 Embedded. This assumes that you have signed your certificate by a trusted authority that is in the ca_root_nss package (as most are).

[System \ Advanced \ Command scripts ]
sudo pkg install ca_root_nss
mkdir -p /usr/local/etc/openldap
cp /cf/conf/openldap-client/ldap.conf /usr/local/etc/openldap/
sed -i -e 's:dc=yourdomain,dc=com?one:dc=yourdomain,dc=com:' /var/etc/ldap.conf


[/cf/conf/openldap-client/ldap.conf]
BASE dc=yourdomain,dc=com
URI ldaps://ldap.yourdomain.com/
TLS_CACERT /etc/ssl/cert.pem
TLS_REQCERT demand


In the menu Access \ LDAP, we configured LDAPS accordingly with the following auxiliary parameters:
ldap_version 3
timelimit 30
bind_timelimit 30
bind_policy soft
pam_ldap_attribute uid
tls_cacert /etc/ssl/cert.pem
tls_reqcert demand

Post Reply

Return to “LDAP (Lightweight Directory Access Protocol)”