LDAP plugin questions...

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • buranov wrote:

      the plugin don't include all necessary software for work (i shuld install sssd for example)
      sssd can be more than ldap and is just another option. So, it depends on what you are connecting to.

      buranov wrote:

      main part of configuration I shoild do not in web interface (I shuld do it in cli)
      that also depends. If you are just trying to make your OMV system an ldap client, you shouldn't need to use the CLI.
      omv 4.1.17 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Right now I only need ldap client.
      And I can't do this. :(
      I use openldap. I check it:
      buranov@buranov-ThinkPad-T460:~$ ldapsearch -h ldap.buranov.org -p 389 -D cn=test,ou=omv,dc=buranov,dc=org -w test -b "ou=omv,dc=buranov,dc=org"
      # extended LDIF
      #
      # LDAPv3
      # base <ou=omv,dc=buranov,dc=org> with scope subtree
      # filter: (objectclass=*)
      # requesting: ALL
      #

      # omv, buranov.org
      dn: ou=omv,dc=buranov,dc=org
      objectClass: organizationalUnit
      objectClass: top
      ou: omv

      # test, omv, buranov.org
      dn: cn=test,ou=omv,dc=buranov,dc=org
      cn: test
      givenName: test
      gidNumber: 502
      sn: test
      objectClass: inetOrgPerson
      objectClass: posixAccount
      objectClass: top
      userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
      uidNumber: 1000
      homeDirectory: /home/users/test
      uid: test

      # omv_ro, omv, buranov.org
      dn: cn=omv_ro,ou=omv,dc=buranov,dc=org
      gidNumber: 502
      cn: omv_ro
      objectClass: posixGroup
      objectClass: top

      # search result
      search: 2
      result: 0 Success

      # numResponses: 4
      # numEntries: 3
      buranov@buranov-ThinkPad-T460:~$


      And I can't see this user and group in OMV. :(
    • OMV has a user and group ID minimum of 1000 to show up in the web interface. Try adding your test user to a group with a gid of 1000 or more.
      omv 4.1.17 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • I tryed it in omv3... And I got the same result. :(
      root@omv3:~# ldapsearch -h ldap.buranov.org -D cn=test,ou=omv,dc=buranov,dc=org -w test -b "ou=omv,dc=buranov,dc=org"
      # extended LDIF
      #
      # LDAPv3
      # base <ou=omv,dc=buranov,dc=org> with scope subtree
      # filter: (objectclass=*)
      # requesting: ALL
      #

      # omv, buranov.org
      dn: ou=omv,dc=buranov,dc=org
      objectClass: organizationalUnit
      objectClass: top
      ou: omv

      # test, omv, buranov.org
      dn: cn=test,ou=omv,dc=buranov,dc=org
      cn: test
      givenName: test
      gidNumber: 1100
      homeDirectory: /home/users/test
      sn: test
      loginShell: /bin/bash
      objectClass: inetOrgPerson
      objectClass: posixAccount
      objectClass: top
      userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
      uid: test
      uidNumber: 1100

      # omv_ro, omv, buranov.org
      dn: cn=omv_ro,ou=omv,dc=buranov,dc=org
      cn: omv_ro
      objectClass: posixGroup
      objectClass: top
      gidNumber: 1100

      # search result
      search: 2
      result: 0 Success

      # numResponses: 4
      # numEntries: 3
      root@omv3:~#


      In /var/log/auth.log no any errors about ldap.

      Does anybody use ldap in omv?
      Any ideas?
      Images
      • Screenshot from 2019-01-09 16-04-31.png

        80.8 kB, 2,336×783, viewed 13 times
      • Screenshot from 2019-01-09 16-04-44.png

        10.44 kB, 772×368, viewed 12 times
    • I use active directory (2012r2) so this is general advise. Does it work on another not omv debian install? If yes try to see what is different between them. Did you join the domain? Do you see domain users or groups with getent? getent passwd getent group

      I gave up on the plugin years ago but I think it should work for openldap. There were a few good threads in the old bug tracker. Unfortunately progress ate it. sssd and realmd are more modern ways of doing this task. They detect things and take lots of the guess work out of it. Google has lots of howto articles.

      Here is how I do it on windows. You might get a hint reading it.
      forum.openmediavault.org/index…-Active-Directory-Sumary/

      Good luck
      If you make it idiot proof, somebody will build a better idiot.