TrueNAS
Products
Support & Resources
Solutions
Company
  1. TrueNAS 25.10
  2. /
  3. UI Reference Guide
  4. /
  5. Credentials
  6. /
  7. Directory Services Screens
  8. /
  9. LDAP Screens
Edit page
TrueNAS TrueNAS Stable Version Documentation
This content follows TrueNAS 25.10 (Goldeye) releases.
Use the Product and Version selectors above to view content specific to a different software release.

LDAP Screens

  4 minute read.

Support for LDAP Samba Schema is deprecated in TrueNAS 22.02 (Angelfish) and removed in 24.10 (Electric Eel). Migrate legacy Samba domains to Active Directory before upgrading to 24.10 or later.

Configuring LDAP

The LDAP directory service configuration screen shows after selecting LDAP in the Configuration Type dropdown list in the Directory Services Configuration screen.

For detailed configuration instructions, see Configuring LDAP.

LDAP Widget

The LDAP widget displays after configuring TrueNAS settings for your LDAP instance. The widget includes Status, and the Hostname, Base DN, and Bind DN configured.

LDAPwidgett

Settings opens the LDAP configuration screen.

Rebuild Directory Service Cache resyncs the cache if it gets out of sync or there are fewer users than expected available in the permissions editors.

Directory Services LDAP Configuration Screen

The Directory Services Configuration screen organizes settings into multiple sections: Basic Configuration, Credential Configuration, and LDAP Configuration (with subsections for Auxiliary Parameters, Search Bases, and Attribute Maps).

The Directory Services Configuration screen is used to configure one of three directory services: Active Directory, IPA, or LDAP. The configuration sections and settings change based on the Configuration Type selected.

LDAP Basic Configuration Section

The Basic Configuration section settings control core LDAP service settings.

LDAP Basic Configuration
Figure 1: LDAP Basic Configuration
Basic Configuration Settings
SettingDescription
Configuration TypeSets the type of directory service. LDAP shows LDAP directory service integration settings.
Enable ServiceActivates the LDAP configuration. Enabled by default. Clear to disable the configuration without deleting it. Re-enable it later without reconfiguring it. The Directory Services screen returns to the default and provides the options to configure AD, LDAP, or IPA.
Enable Account CacheCaches user and group information. Caching makes directory users and groups available in UI dropdown menus. Enabled by default.
Enable DNS UpdatesAllows the directory service to update DNS records. Enabled by default.
Timeout (seconds)The number of seconds before the directory service connection times out. Valid range is 1-40 seconds.
Kerberos RealmDefines the Kerberos realm for authentication (usually the uppercase version of the domain name, for example, EXAMPLE.COM).

LDAP Credential Configuration Section

The Credential Configuration section settings define authentication methods for LDAP access.

Credential Configuration Settings
SettingDescription
Credential Type(Required) Sets the credential type for LDAP authentication. Options include LDAP Anonymous, LDAP Plain, LDAP MTLS, Kerberos Principal, and Kerberos User.
Bind DNThe administrative account name for the LDAP server. Displays when LDAP Plain is selected. For example, cn=Manager,dc=test,dc=org.
Bind PasswordThe password for the Bind DN. Displays when LDAP Plain is selected.
Client CertificateThe certificate to use for LDAP MTLS authentication. Displays when LDAP MTLS is selected.
Kerberos PrincipalThe location of the principal in the keytab. Displays when Kerberos Principal is selected.
UsernameThe LDAP administrative account username. Displays when Kerberos User is selected.
PasswordThe password for the administrative account. Displays when Kerberos User is selected.

LDAP Configuration Section

The LDAP Configuration section settings define the connection parameters and validation options.

LDAP Configuration
Figure 2: LDAP Configuration
LDAP Configuration Settings
SettingDescription
Server URLs(Required) The LDAP server URLs. Separate multiple entries by pressing Enter. Multiple URLs create an LDAP failover priority list. If a host does not respond, TrueNAS tries the next host until it establishes a connection. If using a cloud service LDAP server, do not include the full URL.
Base DN(Required) The top level of the LDAP directory tree to use when searching for resources. For example, dc=test,dc=org.
Start TLSEncrypts the LDAP connection with STARTTLS on the default LDAP port 389.
Validate CertificatesVerifies certificate authenticity when connecting to the LDAP server.
Schema(Required) The LDAP NSS schema. Options are RFC2307 or RFC2307BIS.

Auxiliary Parameters Subsection

The Auxiliary Parameters subsection allows customization of auxiliary parameters.

Auxiliary parameters are an unsupported configuration. Parameters entered here are not validated and can cause undefined system behavior, including data corruption or data loss.
Auxiliary Parameters Settings
SettingDescription
Use Standard Auxiliary ParametersUses default auxiliary parameters. Enabled by default. Clear to reveal the Auxiliary Parameters text field for custom options for nslcd.conf.

Search Bases Subsection

The Search Bases subsection allows customization of search base DNs.

Search Bases Settings
SettingDescription
Use Standard Search BasesUses default search bases. Enabled by default. Clear to reveal User Base DN, Group Base DN, and Netgroup Base DN fields for custom search base configuration.

Attribute Maps Subsection

The Attribute Maps subsection allows customization of attribute mappings.

Attribute Maps Settings
SettingDescription
Use Standard Attribute MapsUses default attribute mappings. Enabled by default. Clear to reveal four subsections for customization: LDAP Password Attributes, LDAP Shadow Attributes, LDAP Group Attributes, and LDAP Net Group Attributes.

Related Content

UI Reference
Tutorials

Have more questions?

For further discussion or assistance, see these resources:

Found content that needs an update?  You can suggest content changes directly! To request changes to this content, click the Feedback button located on the middle-right side of the page (might require disabling ad blocking plugins).