Greets - I have been happy with OMV (Erasmus 3.0.94) for some time and have been using local user authentication for the time being. I recently eradicated all my M$ server needs (AD was the last holdout) and thought it would be a nice experiment to have user auth coming from the LDAP catalogue instead of local db. I have used OpenLDAP in the past, but prefer Apache Directory Studio (apacheds) as it has shown itself to be more stable in replication (at least in my testing), however it doesn't implement an AD-standard schema by default. I am happy with the default.
I tried linking OMV with the ldap plugin (3.1.6) and looking at logs; it does attempt to bind, however there are extra attributes sent in the bind request:
<snip>:/var/lib/apacheds-2.0.0-M24/default/log# tail apacheds.log
[13:11:18] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] - Requested attribute sambaNextUserRid does not exist in the schema, it will be ignored
[13:11:18] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] - Requested attribute sambaNextGroupRid does not exist in the schema, it will be ignored
[13:11:18] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] - Requested attribute sambaSID does not exist in the schema, it will be ignored
[13:11:18] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext] - Requested attribute sambaAlgorithmicRidBase does not exist in theschema, it will be ignored
[13:11:18] DEBUG [org.apache.directory.server.OPERATION_LOG] - >> SearchOperation : SearchContext for Dn 'dc=<redacted>,dc=com', filter :'(&(sambaDomainName=MYNAS03)(objectclass=sambaDomain))'
[13:11:18] WARN [org.apache.directory.server.core.normalization.NormalizationInterceptor] - undefined filter based on undefined attributeType not evaluted at all. Returning empty enumeration.
[13:11:18] DEBUG [org.apache.directory.server.OPERATION_LOG] - << SearchOperation successful
[13:11:18] ERROR [org.apache.directory.api.ldap.model.name.Dn] - ERR_04268_OID_NOT_FOUND OID 'sambaDomainName' not found in oid to schema name map!
[13:11:18] WARN [org.apache.directory.api.ldap.model.entry.DefaultEntry] - The Dn 'sambaDomainName=MYNAS03,dc=<redacted>,dc=com' cannot be normalized
[13:11:18] WARN [org.apache.directory.api.ldap.model.entry.DefaultEntry] - The attribute 'sambadomainname' cannot be stored
So per the above log lines, there are AD_like attributes (which would be fine if I was connecting to a full-blown AD server - but I'm connecting to an LDAP catalogue only, without the extra AD schema) - is there a way through the options, or even by editing a conf or other script to change what is being requested?
My ldap-plugin config has a base dn and root bind dn, know to work on other platforms (yes, my LDAP server is functioning as expected).
Base is dc={redacted},dc=com
root bind DN is cn={redacted},ou=Users,dc={redacted},dc=com
USers suffix is ou=Users
Group suffix is ou=Groups
The Users entity and Groups ou's exist. The bind user exists in the Users ou.
I think the first part to find is that the bind attempt is using 'sambaDomainName=MYNAS03,dc=<redacted>,dc=com' instead of the bind dn specified in the settings. If I can get that part to work correctly, I expect that is going to be half the battle. The attributes I would like to auth against would be cn (for username) and userPassword (for password). I am open to adding additional attributes if a specific groups tag is needed, but that's all I really expect I need to implement.
Any idea where to look?
Thanks,
Ted.