Write access to Local Active Directory

TimmiORG · February 27, 2021, 1:02pm

Hi all,
today I started to look into the latest Nethserver to replace our ClearOS installation.
I really like that it is CentOS based and the modern Cockpit based UI.

I require a LDAP server which will be from all internal applications as well a domain to allow some Windows machine to authenticate against it as well.

I’m mainly looking for the gateway and firewall features as well as openVPN.

Now the question would it be possible to get write access to the local active directory? I would like to add a mail attribute to the users.
Would this be possible?
Where do I get the LDAP write PWD from?

Best regards
Christoph

Andy_Wismer · February 27, 2021, 1:21pm

@TimmiORG

Hi Christoph

And Welcome to the NethServer Forum!

If you choose AD as account provider on NethServer, you do get a full AD & LDAP in one.

If using Cockpit, go to Users & Groups:

Use the Bind-DN and Base-DN as shown. ldapservice is the username for anonymous binds like a few apps need.

This module by Stephdl can help you administrate all features of LDAP…
https://wiki.nethserver.org/doku.php?id=phpldapadmin

→ You will need to activate “Kamikaze” mode to allow write access…

If using Web-Apps (eg on another server) you might need to use a valid SSL cert for your account provider - this is NOT the same as your NethServer, which can easily use LetsEncrypt. If you copy over the LE certs, this can also work…

See here:

The next step will make sure that java and other more strict apps can connect to the AD and use it

In this doc:

My 2 cents
Andy

TimmiORG · February 27, 2021, 2:54pm

Hi @Andy_Wismer,

thank you so much for the warm welcome and the good information.
I already managed to add attributes to the LDAP and will continue testing.
Best regards
Christoph