Hi forum,
we have been using LDAP on our NAS as a user/group ID provider for quite a while and had to do a LDAP migration recently. The new setup is LDAPS-only versus StartTLS before and we are struggling badly to get the integration to work again. Networking is OK (server logs show the conn attemps) but there's something on the NAS' side that leads to the error
What I've tried as well:
- imported CA cert via the GUI, imported server certificate via the GUI, setting them in the "Certificate" field, testing with and without validation => always the same error
- looked at the pre-installed openldap clients with the configuration
Questions:
- does anybody know what that mysterious file may be? A path in the error message would have been nice...
- the GUI has a "auxiliary parameters" field supposed to configure a sssd.conf, according to the hint. Where is the sssd.conf and how can one effectively enter values here? Never managed to get anything take effect and a search for
Thanks,
Tilman
we have been using LDAP on our NAS as a user/group ID provider for quite a while and had to do a LDAP migration recently. The new setup is LDAPS-only versus StartTLS before and we are struggling badly to get the integration to work again. Networking is OK (server logs show the conn attemps) but there's something on the NAS' side that leads to the error
[EFAULT] {'desc': "Can't contact LDAP server", 'errno': 2, 'info': 'No such file or directory'}. The file that comes immediately into one's mind is the CA certificate which signed the LDAP server's certificate of course, but the error happens regardless whether "Validate certificate" is enabled or not. As I understood from another post, validation is default now, but this specific error cause still remains a mystery: a look at the middlewared/plugins/ldap.py code shows it looks for /etc/ssl/truenas_cacerts.pem, which exists... What I've tried as well:
- imported CA cert via the GUI, imported server certificate via the GUI, setting them in the "Certificate" field, testing with and without validation => always the same error
- looked at the pre-installed openldap clients with the configuration
/etc/local/openldap/ldap.conf - when I fill it with the proper values, ldapsearch, ldapadd etc work... so it's seems more like a GUI/python matterQuestions:
- does anybody know what that mysterious file may be? A path in the error message would have been nice...
- the GUI has a "auxiliary parameters" field supposed to configure a sssd.conf, according to the hint. Where is the sssd.conf and how can one effectively enter values here? Never managed to get anything take effect and a search for
sssd.conf on the whole system shows no results. If somebody knows more about this, please shareThanks,
Tilman
