Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

LDAP Screen

  3 minute read.

Last Modified 2022-05-09 15:05 EDT

Use the Directory Services LDAP screen to configure LDAP server settings on your TrueNAS.


Use SAVE to save settings.

Use EDIT IDMAP to navigate to the Directory Services > Idmap screen.

Use REBUILD DIRECTORY SERVICE CACHE to resync the cache if it becomes out of sync or fewer users than expected are available in the permissions editors.

Basic Options


NostnameEnter the LDAP server host names or IP addresses. Separate entries with an empty space. Mutltiple host names or IP addresses entered can be used to create an LDAP failover priority list. If a host does not respond, the next host on the list is tried until a new connection is established.
Base DNTop leve of the LDAP directory tree to use when searching for resources. For example, dc=test,dc=org.
Bind DNEnter an administrative account name on the LDAP server. For example, cn=Manager,dc=test,dc=org.
Bind PasswordEnter the password for the administrative account in Bind DN.
EnableSelect to activate the configuration. Leave checkbox clear to disable the configuration without deleting it.

Advanced Options


Allow Anonymous BindingSelect to disable authentication and allow read and write access to any client.
Kerberos RealmSelect an option configured on your system from the dropdown list.
Kerberos PrincipleSelect an option configured on your system from the dropdown list.
Encryption ModeSelect an encryption mode for the LDAP connection from the dropdown list. Select OFF to not encrypt the LDAP connection. Select ON to encrypt the LDAP connection with SSL on port 636. Select START_TLS to encrypt the LDAP connection with STARTTLS on the default LDAP port 389.
CertificateA certificate is not required when using a username and password or Kerberos authentication. Select a certificate added to your system from the dropdown list (default option is freenas_default) or add a new LDAP certificate-based authentication for the LDAP provdier to sign. See Certificate Signing Requests for more information.
Validate CertificatesSelect to validate the authenticity of the certificate.
Disable LDAP User/Group CacheSelect to disable chaching LDAP users and groups in large LDAP environments. When disabled, LDAP users and groups do no display on the dropdown lists but are still accepted when typed into fields.
LDAP timeoutDefault value is 10 seconds. Increase if Kerberos ticket queuries are not responding within the default time.
DNS timoutDefault value is 10 seconds. Increase if DNS queries take too long to respond.
Samba Schema (DEPRECATED - see help text)Select if LDAP authentication for SMB shares is required and the LDAP server is already configured with Samba attributes. If selected, select the type of schema in the Schema dropdown list. Samba Schema is deprecated in Samba 4.13.0.
Auxiliary ParametersEnter for nslcd.conf.
SchemaSelect the Samba schema from the dropdown list. Options are RFC2307 or RFC2307BIS.

Additional Information

Idmap Screen

Setting Up LDAP