blockserver
Cadet
- Joined
- Jan 18, 2015
- Messages
- 3
The port used to contact an LDAP server in 9.3 (Dec 8 stable release) is hard-coded to 389, effectively preventing people from using ldaps over the secure port (636). If we replace the hard-coded values with 636, everything seems to work fine when querying against a ldaps-only server provided that encryption method is set to "SSL".
The port number was changed in 3 places in usr/local/www/freenasUI/common/freenasldap.py, at lines 101, 497, and 1503-- basically a search/replace operation. The port number must also be changed in /etc/directoryservices/LDAP/config. I did see some code in there to set the port based on whether SSL is enabled, but it doesn't appear to actually do anything.
The most general solution is probably to add a box for to the GUI, as this will also help people with non-standard setups.
Also, a failure to connect to the LDAP server prevents name resolution of local users as well as LDAP-served users in the GUI. I'm not sure if that's a bug, but its certainly very inconvenient. Fixing it looks like it would be a non-trivial code change.
The port number was changed in 3 places in usr/local/www/freenasUI/common/freenasldap.py, at lines 101, 497, and 1503-- basically a search/replace operation. The port number must also be changed in /etc/directoryservices/LDAP/config. I did see some code in there to set the port based on whether SSL is enabled, but it doesn't appear to actually do anything.
The most general solution is probably to add a box for to the GUI, as this will also help people with non-standard setups.
Also, a failure to connect to the LDAP server prevents name resolution of local users as well as LDAP-served users in the GUI. I'm not sure if that's a bug, but its certainly very inconvenient. Fixing it looks like it would be a non-trivial code change.
