Ldap – Connecting FreeNAS 8 to Mac OS X Lion LDAP Server

ldapmac-osx-serveropendirectorytruenas

I currently have Mac OS X Lion Server running from a MacMini and want to use it purely as an LDAP server for authentication for FreeNAS 8. I have FreeNAS setup and running on a VM, all features working correctly and as expected however I cannot connect to my LDAP server (MacMini).

Error message;

**Nss_ldap: could not search LDAP server – server is unavailable**

For LDAP service settings in FreeNAS, I know my Hostname and Base DN are correct (exact copies of what I set originally and ones that are shown in server:open directory overview) however I am unsure what to enter for Root bind DN, password and Suffix’s. I have researched into where I can find these out and other than following the FreeNAS examples it appears there is a way to find out within the Server Workgroup Manager specific to my settings – however this function is unavailable to me and cannot be ‘ticked’ to view for some strange reason.

Some forums explain how Root bind DN should be uid=admin, dc=… and others cn=admin, dc=… – I’m rather confused and would appreciate your help or advice with this.

Best Answer

I'm running FreeNAS 8.3.x, OD Master server runs on Mac OS Server 10.7.4 and I was able to get these working together as follows.

  • Using the FreeNAS web interface go to Services > LDAP
  • I used "host.domain.com" for the Hostname field where the Hostname is that of my OD Master.
  • Set the Base DN to "dc=host,dc=domain,dc=com", e.g.
  • I set my Root bind DN to "uid=mydiradmin,cn=users,dc=host,dc=domain,dc=com"
  • I entered my Directory Admin password in and chose md5 for password encryption
  • Set the Group Suffix to "cn=groups"
  • Left the "Password Suffix" blank
  • Set "Machine Suffix" to "cn=machines"
  • I left encryption off, not currently requiring it due to having some devices on the network not work well with it on.

To test I setup an AFP share with allowing my group for all staff and I was able to authenticate without any issues. I got a good quick test that I used was looking in my NFS share properties for "Map root user" and/or "Map root group" and when I got it working I was able to see my users and groups in the list.

Related Topic