Lightweight Directory Access Protocol
This functionality is available in: User Management > Share users/groups > Authorization protocols > Lightweight Directory Access Protocol (LDAP)
To create and manage a database on a local server, the following information is required:
- LDAP domain name: The name must start with 'dc=' and contain only alphanumeric characters (a-zA-Z 0-9-_.). It cannot begin or end with a space or have several spaces in a row.
- Password: The minimum length of the password is 6 characters.
NOTE: When mounting the given share with LDAP credentials, please use the following syntax:
- Accessing share: \\server_ip\share_name
- Username: workgroup\username (“Username" must consist of workgroup and actual user name)
- Password: secret pass
The workgroup and username are defined by the system administrator.
See Also: SMB service
A unique ID (UID) is assigned to each new user in the database. Similarly, a unique ID (GID) is assigned to each new user group. Once assigned, the UID or GID cannot be reused, even if the user or user group no longer exists in the database until said database is reset.
You can create 899,999 unique users (UIDs) and 99,486 unique user groups (GIDs).
To connect to the local LDAP database using an external server, the LDAP client must:
- use the TLS protocol with an encrypted connection on port 389
- accept self-signed certificates
Below you’ll find an example showing what connecting to the local LDAP database looks like. The "LDAP domain name" is set as "dc=internal,dc=lan":
Host: IP or domain name of the server, e.g. 192.168.174.100
Port: 389 (with enabled TLS encryption)
Base DN: dc=internal,dc=lan
Un-K DN: cn=admin,dc=internal,dc=lan
Users base DN: ou=people,dc=internal,dc=lan
Groups base DN: ou=groups,dc=internal,dc=lan