save custom configuration

[scrabblecy]

Hi,

I have recently installed freenas and had to use a custom ldap.conf file. (I tried to use the web-gui to configure ldap but I could not get it to behave the way I wanted). The custom ldap config works fine (ie getent group outputs the ldap groups) but it does not stay committed on reboot. I assume freenas tries to overwrite its own ldap configuration on reboot. How can I disable this behaviour and prevent it from overwriting my own ldap.conf ?

Kind regards,
Lucas

 

[William Grzybowski]

What about creating a ticket in support.freenas.org telling what was wrong an what you've changed to make it work?

 

[scrabblecy]

What about creating a ticket in support.freenas.org telling what was wrong an what you've changed to make it work?

Hi,

So the problem was that I had multiple certificates for the TLS and had to use the TLS_CACERTDIR directive... The problem being that at reboot, the directory I defined in /etc/local/openldap/cacerts was erased. I could have used a directory in my zfs pool but I'd prefer not to do that. In the end I simply concatenated the crt files into one (simply copy and pasting their contents into one file) and then pasted all of it into the "Self signed certificate" field of the ldap service configuration.

The second issue was that since I did not have root bind access to the LDAP (I am not the administrator of it), cifs would fail to start (since to my understanding it needs an administrator binding and cannot function simply with anonymous bind). To disable the ldap binding in the cifs, I placed the following in the auxiliary parameters box of the cifs service (essentially to cancel all commands passed on by enabling the ldap service).

Code:

passdb backend = tdbsam
ldap suffix = 
ldap ssl =
ldap replication sleep = 
ldap passwd sync = 
ldapsam:trusted = 
idmap uid = 
idmap gid = 

I am not really bothered with cifs not being integrated with the ldap as my primary concern are the nfs shares to have synced uid / gid with the other clients in my network. The cifs shares I will rarely use.