abracadabra
Cadet
- Joined
- Jun 29, 2016
- Messages
- 1
Hi, I'm new to AD, LDAP and Freenas.
I'm trying to get FreeNAS (FreeNAS-9.10-STABLE-201606270534) to communicate with a Centrify LDAP proxy (v5.3.1-398) in Zone mode running on another machine. This has been considered before (https://bugs.pcbsd.org/issues/6855) but I can't get it to work. I can ldapsearch the proxy (filtering for posixaccount or posixgroup) from the Freenas CLI so the proxy is working. I then configured the Freenas LDAP tab with the proxy specifications. If I run tcpdump on the proxy machine I can see the requests freenas is making.
It binds, then searches for users using this filter:
(&(|(|(objectclass=person)(objectclass=posixaccount))(objectclass=account))(uid=*))
which returns ' no such object'. I can replicate this from the Freenas CLI.
Splitting up the filter into its individual components, then only 'person' and 'posixaccount' return results, account returns "no such object". When combined with 'uid' only 'posixaccount' returns results (and these are the ones that I need.)
If I move posixaccount to the first search term then it does return the users. Is there a way to change this in the Freenas GUI?
Similarly for groups:
(&(|(objectclass=posixgroup)(objectclass=group))(gidnumber=*))
Here posixgroup is the first search term and my 3 groups are returned. It then tries to retrieve all the attributes, but uses this filter:
(&(&(&(&(cn=GROUP_ONE)(objectClass=posixGroup))(cn=*))(&(gidNumber=*)(!(gidNumber=0))))(objectclass=posixGroup))
Which fails due to a “bad search filter”. Is there a way to specify the search filters directly from the GUI, in files, or am I missing something?
I'm trying to get FreeNAS (FreeNAS-9.10-STABLE-201606270534) to communicate with a Centrify LDAP proxy (v5.3.1-398) in Zone mode running on another machine. This has been considered before (https://bugs.pcbsd.org/issues/6855) but I can't get it to work. I can ldapsearch the proxy (filtering for posixaccount or posixgroup) from the Freenas CLI so the proxy is working. I then configured the Freenas LDAP tab with the proxy specifications. If I run tcpdump on the proxy machine I can see the requests freenas is making.
It binds, then searches for users using this filter:
(&(|(|(objectclass=person)(objectclass=posixaccount))(objectclass=account))(uid=*))
which returns ' no such object'. I can replicate this from the Freenas CLI.
Splitting up the filter into its individual components, then only 'person' and 'posixaccount' return results, account returns "no such object". When combined with 'uid' only 'posixaccount' returns results (and these are the ones that I need.)
If I move posixaccount to the first search term then it does return the users. Is there a way to change this in the Freenas GUI?
Similarly for groups:
(&(|(objectclass=posixgroup)(objectclass=group))(gidnumber=*))
Here posixgroup is the first search term and my 3 groups are returned. It then tries to retrieve all the attributes, but uses this filter:
(&(&(&(&(cn=GROUP_ONE)(objectClass=posixGroup))(cn=*))(&(gidNumber=*)(!(gidNumber=0))))(objectclass=posixGroup))
Which fails due to a “bad search filter”. Is there a way to specify the search filters directly from the GUI, in files, or am I missing something?
Last edited:
