Cloud LDAP Service

[dash]

Looking to add LDAP to my current setup and we use a service called foxpass to run our LDAP binders and auth. Since we do most things in the cloud there isn't a need for local auth.

However when connecting to the cloud ldap service (ldaps://ldap.foxpass.com (ldaps port is 636)) My only options are selecting SSL where it will ask for an certificate to specify.

When adding the cert, it is mandatory to add the Private Key. Which the 3rd party vendor will not give me, understandably. Any suggestions or am I just stuck on this one?

 

[dlavigne]

I'm pretty sure the key isn't mandatory. Is it requiring you to enter one for that certificate? If not, I'll update the docs to remove the mandatory word in the key field's description.

 

[dash]

I wish it was as simple as a documentation change. However FreeNas will not allow you to enter a cert without a private key. If there is a way to add it without that should be the change within the docs.

 

[dlavigne]

In that case, please create a bug at bugs.freenas.org and post the issue number here.

 

[dash]

Thanks for the help @dlavigne
https://bugs.freenas.org/issues/13832

 

[dash]

Hey @dlavigne

I found this old thread that was able to help me quite a bit: https://forums.freenas.org/index.php?threads/ldap-config-certificate-drop-down-list-empty.27762/

The documentation for adding a cert in LDAP (https://doc.freenas.org/9.3/freenas_directoryservice.html#ldap) says :

"only available in “Advanced Mode”; select the certificate of the LDAP server or the CA that signed that certificate (required if authentication is used); iIf your LDAP server does not already have a certificate, create a CA using CAs, then the certificate using Certificates and install the certificate on the LDAP server"​

It should add the ability to import external certs via System -> CA.
Also could you fix the typo with "iIf your LDAP..."

I also found another user had the same problem. (https://bugs.pcbsd.org/issues/7749)