NS8 migration - accounts provider?

Support
1

As the release of NS8 approaches, so does the idea of migrating from my NS7 install to NS8. And with that comes the question of an accounts provider. I’m using OpenLDAP on NS7–do I need to use the same provider on NS8? If so, question answered. If not, though, what would favor OpenLDAP over AD (or vice versa) under NS8? A few points that might be relevant:

  • My main Neth installation is in a VPS that’s remote to me, and provides one public IP address
  • I’ll be using Nextcloud and the mail server, but not the file server
  • I’m not currently using AD

I’m thinking the simplest thing to do would be to stay with OpenLDAP, but if there’s a good reason not to, this seems like the time to make the change.

2

AFAIK you migrate openldap to openldap and samba AD to samba AD

No way to migrate openldap to samba AD, at least that I know

But good new you can install up to 8 (IIRC) openldap account provider you want

2 Likes
3

That answers the question, then.

What benefit would there be to multiple account providers on the same system?

1 Like
4

Hi Dan

Different organizations using LDAP - maybe even for different Apps.
Org1 does not “see” users or groups from Org2.
Elementary privacy… :slight_smile:

My 2 cents
Andy

2 Likes
5

Like explained above yes you could imagine several ldap to separate enterprisesI suppose however the mail can be bound to only one ldap

I do not recall well but the number of available nodes there is a fixed limitation to 4

https://docs.nethserver.org/projects/ns8/en/latest/cluster.html

1 Like
6

i am curious about soemthing, What port does AD on NS7 use to expose the AD server?

7

Hum afaik 636 tcp because ad does not use 389 with starttls, with NS8 you can have only one samba AD due to the 636 tcp port bound to the container but you can have many openldap container becausd the port is not standart and given randomly by the core

8

how come i am getting this error on connecting ns8 to ns7 ad

image

9

@oneitonitram

TLS is needed…

1 Like
10

even when TLS is enabled,

it still gives the same error

image

11

Then check what “old” TLS version the AD is using.
It MUST be with TLS.

AFAIK, NS8 uses the latest 1.2…

12

the Ad connection is running NS7 with all latest updates applied.

the log states

2024-01-27T12:19:34+03:00 [1::agent@cluster] LDAPSocketReceiveError: error receiving data: The read operation timed out
2024-01-27T12:19:34+03:00 [1::agent@cluster] task/cluster/84261b40-4af0-4426-9720-38e1068c219a: action "add-external-domain" status is "validation-failed" (3) at step 10validate_ldap_provider
13

Why not simply add in a screenshot showing the TLS settings of your AD?
No one at the moment here knows what version you’re running?

Bildschirmfoto 2024-01-27 um 10.28.01
Bildschirmfoto 2024-01-27 um 10.28.01760×1662 74.8 KB

Bildschirmfoto 2024-01-27 um 10.28.11
Bildschirmfoto 2024-01-27 um 10.28.111752×432 34.7 KB

Even with all updates you could still be using an older TLS version…

It’s NOT connecting a all…

Maybe your AD will not accept this IP?
“Trusted networks” in NS7

14

image

1 Like