LDAP¶
Enabling LDAP Authentication¶
By integrating the VPSA with an LDAP service, NAS Users can use the same credentials that are stored in the directory service to login to SMB shares.
Starting from VPSA version 19.08, the VPSA SMB service can be configured to authenticate users against LDAP service (JumpCloud or similar).
Note
LDAP service requires port 389 for directory connectivity. The communication with the LDAP service would be done encrypted(TLS).
Warning
Using LDAP authentication cannot be used while the VPSA configured to use Active Directory, the transition from Active Directory to LDAP based authentication should be handled carefully, as existing NAS permissions may be affected. If you are considering such transition, contact Zadara support team for additional information.
Configuring LDAP service for NAS authentication¶
To enable the LDAP service, navigate to NAS Access Control > LDAP and click Join.
In the Join LDAP Server dialog, enter the following information:
Interface - the VPSA network interface that will be used for LDAP connectivity. If public service (like JumpCloud), the interface selected must have a direct Internet connectivity. Select one of the following interfaces - Frontend, Public IP (if assigned to the VPSA), Outnet interface (if assigned).
LDAP Server - the directory service FQDN or IP. FQDN must be resolved by the default public DNS server. (the ldap:// prefix is mandatory).
LDAP WORKGROUP - as defined in the directory service.
LDAP Search Base - LDAP search scope DN.
LDAP Bind username - the DN for the bind user (samba service account)
LDAP Bind Password - password for the bind user (samba service account)
Note
In a case of JumpCloud integration, Samba authentication should be enabled in the target directory. See https://support.zadarastorage.com/hc/en-us/articles/360036369912 for a KB article covering JumpCloud specific intergration.
Click Submit.
Updating LDAP configuration¶
If the existing configuration needs to be changed, the directory parameters can be updated directly from the VPSA GUI.
Navigate to NAS Access Control > LDAP and click Configure.
Once the configuration is submitted, the file services will be restarted in order to apply the new configuration.
Disable LDAP service SMB authentication¶
If LDAP authentication is no longer needed, the LDAP authentication can be disabled from the VPSA GUI.
Navigate to NAS Access Control > LDAP and click Leave.
If you intend to disable LDAP SMB authentication temporarily, you may want to keep the existing configuration for later.
You can restore the configuration by navigating to NAS Access Control > LDAP and clicking Restore.