Rockstor with FreeIPA or Red Hat Identity Management

Evaluating Rockstor for use as NAS OS…

Will Rockstor allow me to set security / select users from Red Hat Identity Management or the FreeIPA server on which it is based. It looks like there is LDAP support, which is part of Red Hat Identity. Will it be able to pull its users from this? Has someone successfully done this?

Hi Howard @hswope and welcome to Rockstor Community!

Personally has always had auth against ldap or active directory, but never with FreeIPA/Red Hat Identity Management. If you say that it works over LDAP that should be ok (try and let us know :wink:)

Flyer / Mirko

The LDAP support in Rockstor hasn’t been tested in the recent past by me. It may not “just work”. But if you want to give it a try and help us test and evaluate, we’ll be happy to fix it up. @phillxnet has done some experiments with FreeIPA and he may have more to add. Good luck!

OK. I got Rockstor installed. I am working on setting up LDAP. However, I added some settings once, which worked. But now any time I try to change settings, nothing happens. Hitting the submit button seems to do nothing. The only thing I can do is cancel. I have found an openldap config which seems to have taken some of these settings, but they must be stored somewhere else too. Where are the settings written? I think I need to manually fix them as the web interface seems to be toast.

Could you provide reproducible steps? More details are greatly appreciated.

  1. From the main menu select system | services
  2. Click on the settings icon next to the LDAP Service
  3. Enter in settings for the ldap server and search base DN
  4. Check the checkbox for Enable TLS to encrypt connections?
  5. Put in an incorrect URL for a cert.
    Press Submit and Settings will be accepted

Repeat Steps 2 - 5 changing settings to something else
Press Submit and nothing happens.

You are now unable to change any LDAP settings.

I have tried to set the proper settings in /etc/openldap/ldap.conf, but it seems to get overwritten by the incorrect entries that I can’t change from the service settings view.

Hi @hswope, I can take a look at this. I have access to both and work at Red Hat. I’ll try to setup a similar environment and post my progress. Worst case we can do this “manual” and have the changes merged once proven out.
Tom

Any news on this? I would like to see this fixed, too.
I am using FreeIPA to administer users on a few dozen linux servers, and I’m really happy with it.
I just recently installed Rockstor on a virtual server and I configured LDAP apparently without any issues.
But while I can mount shares with the internally defined users, I cannot mount if I try to use one of the users defined in the LDAP server.
However, from the CLI of the Rockstor server, if I issue “id username” (where username is the name of a user defined in the LDAP server) I get correct data (though a bit incomplete… I think this is due to the fact that sssd is not the one that comes with FreeIPA).
I am available and willing to do some testing to have this fixed.

Thank you in advance
Cris

P.S. If this thread is too old I’ll open a new one

2 Likes

@Cris70, welcome to the Rockstor community forums. I have no real experience in this area, but I did find this blog, albeit for a synology environment. In that variation it seemed to address the issue that you have described. But again, not sure this is transferrable:

https://blog.cubieserver.de/2018/synology-nas-samba-nfs-and-kerberos-with-freeipa-ldap/

1 Like

Thank you @Hooverdan!! This is very helpful!!
Do you happen to know if this kind of fix is required for SFTP access, too?
The article you linked only describes SAMBA and NFS, but I am unable to access the server via SFTP, too, when using LDAP users.

I am not sure tbh. The only other thing I came across was this (again, Synology). May be it’s worth a shot, but with my limited knowledge in the LDAP space it’s more of a shot in the dark :slight_smile:

This is very interesting.
I’ll report back my findings.
Thank you once again @Hooverdan

1 Like