Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE TrueCommand Compare Editions Software Status FreeNAS
Compare Systems M-Series X-Series R-Series Mini Series
Contact Us iXsystems Careers Clients Reviews
TrueNAS GitHub Community Forum Discord TrueNAS Merch Store
Application Backup and Archival Cloud Media Workflows Video Surveillance Virtualization
Industry Education Government Healthcare Research / AI / ML Media & Entertainment
Enterprise Support Community Support Documentation TrueNAS Security FAQ iX Blog TrueNAS Blog
Case Studies White Papers Solution Briefs iX Portal Plugins & Apps ZFS Videos
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Where to Buy
  1. TrueCommand
  2. /
  3. Admin
  4. /
  5. Administration
  6. /
  7. LDAP Servers
Edit page
TrueNAS SCALETrueCommand Version Documentation
This content follows TrueCommand 2.3 releases. Use the Product and Version selectors above to view content specific to TrueNAS software or major versions.

LDAP Servers

  2 minute read.

Last Modified 2023-09-21 09:21 EDT

Users can configure TrueCommand to use LDAP servers for security and authentication management among connected TrueNAS systems.

Add an LDAP Server in TrueCommand

Click the gear icon in the upper toolbar and select Administration. Scroll down to the LDAP Servers widget and click ADD.

AddLDAPServer

SettingDescription
HostnameHost name of LDAP/AD server, with optional port. e.g. example.com:636.
DomainLDAP base domain. e.g. dc=example,dc=com.
Group DomainOptional for admins that want to avoid issues with unwanted groups by forcing group searches to start at a deeper domain.
User ID FieldClass mapped to login username. The default is uid.
Group ID FieldClass for finding groups associated with a user. The default is cn.
BIND User DomainFull user domain for binding before finding user fully qualified ID (FQID). Optional.
RealmThe realm that performs authentication against the LDAP server.
BIND PasswordIf bind user is set, use this password when performing a simple bind on user search.
KDCThe Kerberos Key Distribution Center that supplies session tickets and temporary session keys to users and computers within the LDAP server.

After you fill the form according to your server, click ADD SERVER.

Click CONFIGURE in the Configuration widget and enable Allow LDAP user creation, then click SAVE.

Updating the LDAP Server

TrueCommand only checks for usernames and passwords when authenticating LDAP credentials. You may add entries for email, phone number, or URLs, but TrueCommand does not check for them.

The LDAP server uses an LDAP Data Interchange Format (LDIF) file to add or modify entries in the server.

For more in-depth LDAP configuration methods, see this LDAP System Administration guide.

Add New Entries to the Directory

Enter the following command to add entries to the LDIF file. Separate specifications (cn, dc, etc.) with a comma.

$ ldapmodify -D "uid=USER,dc=DOMAIN,dc=DOMAIN" -w secret \
> -x -a -f /tmp/users.ldif

USER is the user ID. DOMAIN is a domain component like com, edu, org, etc.

If the command succeeds, you will see an output like this:

adding new entry "uid=USER,dc=DOMAIN,dc=DOMAIN"

Modify Entries on the Directory

If, for instance, the user you added does not yet have a password, you can add it with the following command.

dn: uid=USER,dc=DOMAIN,dc=DOMAIN"
changetype: modify
add: password
password: USER@DOMAIN.DOMAIN

Related Content

Have more questions or want to discuss your specific configuration? For further discussion or assistance, see these resources:

Found content that needs an update? You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).