Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode
TrueNAS.com Software Systems Company Community Security iX Portal Download

  1. Documentation Hub
  2. /
  3. TrueNAS CORE and Enterprise
  4. /
  5. Configuration Tutorials
  6. /
  7. Directory Services
  8. /
  9. Setting Up LDAP
Edit this page

Setting Up LDAP

  2 minute read.

Last Modified 2022-05-14 23:42 +0300

TrueNAS includes an Open LDAP client for accessing information from an LDAP server. An LDAP server provides directory services for finding network resources such as users and their associated permissions.

LDAP authentication for SMB shares is disabled unless the LDAP directory is configured for and populated with Samba attributes. The most popular script for performing this task is smbldap-tools. The LDAP server must support SSL/TLS and the certificate for the LDAP server CA must be imported. Non-CA certificates are not currently supported.

Integrating an LDAP Server with TrueNAS

To integrate an LDAP server with TrueNAS, go to Directory Services > LDAP.

DirectoryServicesLDAP

Enter any LDAP server host names or IP addresses. Separate entries with an empty space. Entering multiple host names or IP addresses creates an LDAP failover priority list.

If a host does not respond, the next host in the list is tried until a new connection is established.

Enter the Base DN. This is the top level of the LDAP directory tree used when searching for resources. For example, dc=test,dc=org.

Enter the Bind DN. This is the administrative account name on the LDAP server. For example, cn=Manager,dc=test,dc=org.

Next, enter the Bind Password. This is the password associated with the account in Bind DN.

The final basic option is Enable. Leaving the Enable checkbox clear disables the LDAP configuration without deleting it. It can be enabled at a later time without reconfiguring the options.

To further modify the LDAP configuration, click ADVANCED OPTIONS.

See LDAP Screen for information on basic and advanced option settings.

See Kerberos for more information on using Kerberos..

To configure LDAP certificate-based authentication for the LDAP provider to sign, see Certificate Signing Requests.

Samba Schema is deprecated in Samba 4.13.0. Set Samba Schema if LDAP authentication for SMB shares is required and the LDAP server is already configured with Samba attributes. If Samba Schema is set, select the type of schema from the Schema dropdown.