Difference between revisions of "Active Directory & LDAP/9.2"

From PC-BSD Wiki
Jump to: navigation, search
(Connecting to an OpenLDAP Server)
 
(33 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<noinclude>{{NavHeader|back=About|forward=Hardware Compatibility}}</noinclude>
+
<noinclude><translate>
  
Beginning with PC-BSD® 9.1, the Control Panel contains an "Active Directory & LDAP" icon for managing connections to an Active Directory or OpenLDAP domain. If your network contains an Active Directory or OpenLDAP server, use this icon to input the settings needed to connect to your account information stored on the network. At this time, these settings can not be set during installation of PC-BSD® 9.1; this will be added as a feature of version 9.2.
+
<!--T:1-->
 +
{{UseTOC{{putVers}}|Nav}}</noinclude>
  
'''NOTE:''' this utility is to manage the settings of the client, not the Active Directory or OpenLDAP server itself.
+
<!--T:2-->
 +
The “Active Directory & LDAP” icon is used for managing connections to an Active Directory or OpenLDAP domain. If your network contains an Active Directory or OpenLDAP server, use this icon to input the settings needed to connect to your account information stored on the network.[[File:ldap.png|thumb|393px|'''Figure 8.3b: Managing LDAP Client Settings''']]
  
To start the application, double-click its icon in Control Panel or type '''pc-su pc-adsldap'''. You will be prompted to input the administrative password. Figure 8.3a shows the configuration utility with the Active Directory tab open.
+
<!--T:32-->
 +
{{note|icon64=This utility is used to manage the settings of the client, not the Active Directory or OpenLDAP server itself. This application also needs more testing from users. If you have trouble using this utility or find a bug, please post the details using the {{local|link=PC-BSD® Bug Reporting}} tool.}}
  
'''Figure 8.3a: Initial Active Directory & LDAP Screen'''
+
<!--T:4-->
 +
To start the application, double-click its icon in Control Panel or type '''pc-su pc-adsldap'''. You will be prompted to input your password. Figure 8.3a shows the configuration utility with the Active Directory tab open.
  
[[File:Ad2.png]]
+
=== Connecting to Active Directory === <!--T:5-->
 
+
=== Connecting to Active Directory ===
+
  
 +
<!--T:6-->
 
If you need to connect to a network running Active Directory, check the box "Enable Active Directory". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:
 
If you need to connect to a network running Active Directory, check the box "Enable Active Directory". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:
  
 +
<!--T:7-->
 
* '''Domain Name (DNS/Realm-Name):''' input the name of the Active Directory domain (e.g. example.com) or child domain (e.g. sales.example.com). This setting is mandatory.
 
* '''Domain Name (DNS/Realm-Name):''' input the name of the Active Directory domain (e.g. example.com) or child domain (e.g. sales.example.com). This setting is mandatory.
  
* '''NetBIOS Name:''' input the hostname of the PC-BSD® system as listed in the [[About]] icon.
+
<!--T:8-->
 +
* '''NetBIOS Name:''' input the hostname of the PC-BSD® system as listed in the {{local|link=About}} icon.
  
 +
<!--T:9-->
 
* '''Workgroup Name:''' input the name of the Windows workgroup. Unless the administrator has changed it, the default workgroup name is ''WORKGROUP''.
 
* '''Workgroup Name:''' input the name of the Windows workgroup. Unless the administrator has changed it, the default workgroup name is ''WORKGROUP''.
  
 +
<!--T:10-->
 
* '''Allow Trusted Domains:''' only check this box if the network has {{citelink|url=http://technet.microsoft.com/en-us/library/cc757352%28WS.10%29.aspx|txt=active domain/forest trusts}}.
 
* '''Allow Trusted Domains:''' only check this box if the network has {{citelink|url=http://technet.microsoft.com/en-us/library/cc757352%28WS.10%29.aspx|txt=active domain/forest trusts}}.
  
 +
<!--T:11-->
 
* '''Administrator Name:''' input the name of the Active Directory Administrator account.
 
* '''Administrator Name:''' input the name of the Active Directory Administrator account.
  
 +
<!--T:12-->
 
* '''Administrator Password:''' input and confirm the password for the Active Directory Administrator account.
 
* '''Administrator Password:''' input and confirm the password for the Active Directory Administrator account.
  
=== Connecting to an OpenLDAP Server ===
+
<!--T:13-->
 +
The values that you input using this GUI are saved to ''/usr/local/etc/pc-activedirectory.conf''.
  
Figure 8.3b shows the configuration utility with the LDAP tab open.
+
<!--T:35-->
 +
{{note|icon64=Once you enable AD, you can no longer use {{local|link=GDM_Manager|auto login}} as users will now authenticate with the Active Directory server.}}
  
'''Figure 8.3b: Managing LDAP Client Settings'''
+
=== Connecting to an OpenLDAP Server === <!--T:14-->
  
[[File:ldap.png]]
+
<!--T:15-->
 +
Figure 8.3b shows the configuration utility with the LDAP tab open.
  
 +
<!--T:16-->
 
If you need to connect to a network which contains a configured LDAP server, check the box "Enable LDAP". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:
 
If you need to connect to a network which contains a configured LDAP server, check the box "Enable LDAP". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:
 
+
[[File:Ad2.png|thumb|393px|'''Figure 8.3a: Initial Active Directory & LDAP Screen''']]
 
* '''Hostname:''' input the hostname or IP address of the OpenLDAP server. This setting is mandatory.
 
* '''Hostname:''' input the hostname or IP address of the OpenLDAP server. This setting is mandatory.
  
 +
<!--T:17-->
 
* '''Base DN:''' input the top level of the LDAP directory tree to be used when searching for resources (e.g. dc=test,dc=org).
 
* '''Base DN:''' input the top level of the LDAP directory tree to be used when searching for resources (e.g. dc=test,dc=org).
  
 +
<!--T:18-->
 
* '''Allow Anon Binding:''' only check this box if the LDAP server allows read and write access without requiring authentication.
 
* '''Allow Anon Binding:''' only check this box if the LDAP server allows read and write access without requiring authentication.
  
 +
<!--T:19-->
 
* '''Root bind DN:''' input the name of the administrative account on the LDAP server (e.g. cn=Manager,dc=test,dc=org).
 
* '''Root bind DN:''' input the name of the administrative account on the LDAP server (e.g. cn=Manager,dc=test,dc=org).
  
 +
<!--T:20-->
 
* '''Root bind password:''' input the password for the ''Root bind DN''.
 
* '''Root bind password:''' input the password for the ''Root bind DN''.
  
 +
<!--T:21-->
 
* '''Password Encryption:''' select a type supported by the LDAP server, choices are: clear (unencrypted), crypt, md5, nds, racf, ad, or exop.
 
* '''Password Encryption:''' select a type supported by the LDAP server, choices are: clear (unencrypted), crypt, md5, nds, racf, ad, or exop.
  
 +
<!--T:22-->
 
* '''User Suffix:''' this setting is optional and is usually a dept. or company name. The input value will be added to the name when a user account is added to the LDAP directory  
 
* '''User Suffix:''' this setting is optional and is usually a dept. or company name. The input value will be added to the name when a user account is added to the LDAP directory  
  
 +
<!--T:23-->
 
* '''Group Suffix:''' this setting is optional and is usually a dept. or company name. The input value will be added to the name when a group is added to the LDAP directory.
 
* '''Group Suffix:''' this setting is optional and is usually a dept. or company name. The input value will be added to the name when a group is added to the LDAP directory.
  
 +
<!--T:24-->
 
* '''Password Suffix:''' this setting is optional. The input value will be added to the password when a password is added to the LDAP directory.
 
* '''Password Suffix:''' this setting is optional. The input value will be added to the password when a password is added to the LDAP directory.
  
 +
<!--T:25-->
 
* '''Machine Suffix:''' this setting is optional and usually represents a description such as server or accounting. The input value will be added to the name when a system is added to the LDAP directory.
 
* '''Machine Suffix:''' this setting is optional and usually represents a description such as server or accounting. The input value will be added to the name when a system is added to the LDAP directory.
  
 +
<!--T:26-->
 
* '''Encryption Mode:''' choices are "Off", "SSL", or "TLS". The selected type must be supported by the LDAP server.
 
* '''Encryption Mode:''' choices are "Off", "SSL", or "TLS". The selected type must be supported by the LDAP server.
  
 +
<!--T:27-->
 
* '''Self Signed Certificate:''' used to verify the certificate of the LDAP server if SSL connections are used. Paste the output of the command '''openssl s_client -connect server:port -showcerts.'''
 
* '''Self Signed Certificate:''' used to verify the certificate of the LDAP server if SSL connections are used. Paste the output of the command '''openssl s_client -connect server:port -showcerts.'''
  
 +
<!--T:28-->
 
* '''Auxiliary Parameters:''' {{citelink|url=http://www.openldap.org/software/man.cgi?query=ldap.conf|txt=ldap.conf(5)}} options, one per line, not covered by other options in this screen.
 
* '''Auxiliary Parameters:''' {{citelink|url=http://www.openldap.org/software/man.cgi?query=ldap.conf|txt=ldap.conf(5)}} options, one per line, not covered by other options in this screen.
  
If you are new to LDAP terminology, you may find it useful to skim through the [http://www.openldap.org/doc/admin24/ OpenLDAP Software 2.4 Administrator's Guide].  
+
<!--T:29-->
 +
The values that you input into this tab are saved to ''/usr/local/etc/pc-ldap.conf''.
  
<noinclude>{{refheading}}</noinclude>
+
<!--T:30-->
 +
If you are new to LDAP terminology, you may find it useful to skim through the {{Citelink|url=http://www.openldap.org/doc/admin24/|txt=OpenLDAP Software 2.4 Administrator's Guide}}.
 +
 
 +
<!--T:31-->
 
<noinclude>
 
<noinclude>
[[category:handbook]]
+
{{refheading}}
[[category:Control Panel]]
+
 
[[category:Active Directory & LDAP]]
 
[[category:Active Directory & LDAP]]
 +
[[category:Control Panel]]
 +
[[category:handbook]]
 +
</translate>
 +
<languages/>
 
</noinclude>
 
</noinclude>

Latest revision as of 23:40, 15 December 2013


Contents


The “Active Directory & LDAP” icon is used for managing connections to an Active Directory or OpenLDAP domain. If your network contains an Active Directory or OpenLDAP server, use this icon to input the settings needed to connect to your account information stored on the network.
Figure 8.3b: Managing LDAP Client Settings
NOTE: This utility is used to manage the settings of the client, not the Active Directory or OpenLDAP server itself. This application also needs more testing from users. If you have trouble using this utility or find a bug, please post the details using the PC-BSD® Bug Reporting tool.

To start the application, double-click its icon in Control Panel or type pc-su pc-adsldap. You will be prompted to input your password. Figure 8.3a shows the configuration utility with the Active Directory tab open.

[edit] Connecting to Active Directory

If you need to connect to a network running Active Directory, check the box "Enable Active Directory". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:

  • Domain Name (DNS/Realm-Name): input the name of the Active Directory domain (e.g. example.com) or child domain (e.g. sales.example.com). This setting is mandatory.
  • NetBIOS Name: input the hostname of the PC-BSD® system as listed in the About icon.
  • Workgroup Name: input the name of the Windows workgroup. Unless the administrator has changed it, the default workgroup name is WORKGROUP.
  • Administrator Name: input the name of the Active Directory Administrator account.
  • Administrator Password: input and confirm the password for the Active Directory Administrator account.

The values that you input using this GUI are saved to /usr/local/etc/pc-activedirectory.conf.

NOTE: Once you enable AD, you can no longer use auto login as users will now authenticate with the Active Directory server.

[edit] Connecting to an OpenLDAP Server

Figure 8.3b shows the configuration utility with the LDAP tab open.

If you need to connect to a network which contains a configured LDAP server, check the box "Enable LDAP". This will change the greyed-out status of the rest of the screen, allowing you to configure the following:

Figure 8.3a: Initial Active Directory & LDAP Screen
  • Hostname: input the hostname or IP address of the OpenLDAP server. This setting is mandatory.
  • Base DN: input the top level of the LDAP directory tree to be used when searching for resources (e.g. dc=test,dc=org).
  • Allow Anon Binding: only check this box if the LDAP server allows read and write access without requiring authentication.
  • Root bind DN: input the name of the administrative account on the LDAP server (e.g. cn=Manager,dc=test,dc=org).
  • Root bind password: input the password for the Root bind DN.
  • Password Encryption: select a type supported by the LDAP server, choices are: clear (unencrypted), crypt, md5, nds, racf, ad, or exop.
  • User Suffix: this setting is optional and is usually a dept. or company name. The input value will be added to the name when a user account is added to the LDAP directory
  • Group Suffix: this setting is optional and is usually a dept. or company name. The input value will be added to the name when a group is added to the LDAP directory.
  • Password Suffix: this setting is optional. The input value will be added to the password when a password is added to the LDAP directory.
  • Machine Suffix: this setting is optional and usually represents a description such as server or accounting. The input value will be added to the name when a system is added to the LDAP directory.
  • Encryption Mode: choices are "Off", "SSL", or "TLS". The selected type must be supported by the LDAP server.
  • Self Signed Certificate: used to verify the certificate of the LDAP server if SSL connections are used. Paste the output of the command openssl s_client -connect server:port -showcerts.
  • Auxiliary Parameters: ldap.conf(5)[2] options, one per line, not covered by other options in this screen.

The values that you input into this tab are saved to /usr/local/etc/pc-ldap.conf.

If you are new to LDAP terminology, you may find it useful to skim through the OpenLDAP Software 2.4 Administrator's Guide[3].


References


  1. http://technet.microsoft.com/en-us/library/cc757352%28WS.10%29.aspx
  2. http://www.openldap.org/software/man.cgi?query=ldap.conf
  3. http://www.openldap.org/doc/admin24/
Other languages:German 9% • ‎English 100% • ‎French 58%
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox