Get a Quote     (408) 943-4100   TrueNAS Discord VendOp_Icon_15x15px Commercial Support
TrueNAS.com Software Systems Company Community Security iX Portal Download
TrueNAS CORE TrueNAS Enterprise TrueNAS SCALE Compare Editions TrueCommand Software Status FreeNAS
Compare Systems F-Series M-Series X-Series R-Series Mini Series
About iXsystems Our Clients Reviews Careers Awards iX Blog & News iX Website Contact Us
Community Forum Discord TrueNAS GitHub TrueNAS Merch Store
Application Analytics Backup and Archival Cloud Data Mobility File Sharing iX Storj Media Creation Video Surveillance Virtualization
Industry Automotive Education Gaming Government Healthcare MSP Manufacturing Research & AI Media & Entertainment
Download TrueNAS CORE Download TrueNAS SCALE Get TrueNAS Enterprise Compare TrueNAS Editions Where to Buy
  1. Documentation Hub
  2. /
  3. TrueNAS CORE
  4. /
  5. Configuration Tutorials
  6. /
  7. Directory Services
  8. /
  9. Setting Up LDAP
Edit page

Setting Up LDAP

  2 minute read.

Last Modified 2023-11-16 16:21 EST

Lightweight Directory Access Protocol (LDAP) is an open and cross-platform protocol. It is often used to centralize authentication. TrueNAS includes an Open LDAP client for accessing information from an LDAP server. An LDAP server provides directory services for finding network resources. This includes finding users and their associated permissions.

Does LDAP work with SMB? LDAP authentication for SMB shares is not enabled. To enable, first determine if LDAP authentication for SMB shares is a requirement. If so, configure the LDAP directory and populate it with Samba attributes. The most popular script for performing this task is smbldap-tools. The LDAP server must support SSL/TLS. Import the certificate for the LDAP server CA. Non-CA certificates are not currently supported.

Integrating an LDAP Server with TrueNAS

To integrate an LDAP server with TrueNAS, go to Directory Services > LDAP.

DirectoryServicesLDAP

Enter any LDAP server host names or IP addresses. Separate entries with an empty space. Entering more than one host name or IP address creates an LDAP failover priority list.

What does this do? If a host does not respond, the system tries the next host in the list until it establishes a new connection.

Enter the Base DN. This is the top level of the LDAP directory tree used when searching for resources. For example, dc=test,dc=org.

Enter the Bind DN. This is the administrative account name on the LDAP server. For example, cn=Manager,dc=test,dc=org.

Enter the Bind Password. This is the password associated with the account in Bind DN.

The final basic option is Enable. Clearing the Enable checkbox disables the LDAP configuration without deleting it. Enable it at a later time without reconfiguring the options.

To make further changes to the LDAP configuration, click ADVANCED OPTIONS.

See LDAP Screen for information on basic and advanced option settings.

See Kerberos for more information on using Kerberos.

To configure LDAP certificate-based authentication for the LDAP provider to sign, see Certificate Signing Requests.

Samba 4.13.0 deprecated Samba Schema. Select if SMB shares need LDAP authentication and the LDAP server is already configured with Samba attributes. If selected, specify the type of schema from the Schema dropdown list.

Related Content

CORE Tutorials

CORE UI Reference

Have more Questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).