Question on how to install this.

[Randy-Blancett]

I have just started with OMV7 and have been trying to get it connected to LDAP to pull my user information. This plugin seems like exactly what I have been looking for. However there does not seem to be any directions on how to get this installed. I looked at the original and it had stuff to create a DEB package but I don't see that here.

I also had a side question, at this point I have been able to get my system setup to allow login form my ldap server ( I have an ansible script that I run on all my servers and it seems to allow for login to the machine as well as the GUI) I see that there is some salt stuff in this repo, would that overwrite / break my current configuration? Or would this just pull the Ldap users and make them usable when setting up shared directories?

Thanks In Advance.

[ryecoaaron]

You can install it manually like this:

wget https://omv-extras.org/testing/openmediavault-ldap_7.0_all.deb -O openmediavault-ldap_7.0_all.deb
sudo dpkg -i openmediavault-ldap_7.0_all.deb
sudo apt-get -f install  # this command may not be necessary but doesn't hurt to run

The plugin will overwrite the config files as OMV does with all config files it maintains. If you populate the plugin fields with your information, ideally the plugin would just write the same config file. Not knowing how you configured things, I can't say what the outcome will be. I recommend backing your system up and/or copying the relevant config files and installing the plugin to see.

[Randy-Blancett]

Awesome Ill give it a shot thanks for the Quick Response

[Randy-Blancett]

Notes on install

Just some notes (not sure if these are due to something wrong with my system or not but figured it may be helpful to you or anyone finding this post later)

running sudo dpkg -i openmediavault-ldap_7.0_all.deb did not work
It looks like you should run apt install libnss-ldapd libpam-ldapd nslcd

After trying to install the deb it gave errors about missing packages, I had to run

sudo apt --fix-broken install

Notes on Enabling

Just as a note, I went to Services ->LDAP and tried to enable the service
when I saved and tried to apply the configurations I got

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LC_ALL=C.UTF-8; export LANGUAGE=; omv-salt deploy run --no-color samba 2>&1' with exit code '1': debian:
    Data failed to compile:
----------
    Cannot extend ID 'start_samba_service' in 'base:omv.deploy.samba.15ldap'. It is not part of the high state.
This is likely due to a missing include statement or an incorrectly typed ID.
Ensure that a state with an ID of 'start_samba_service' is available
in environment 'base' and to SLS 'omv.deploy.samba.15ldap'

OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LC_ALL=C.UTF-8; export LANGUAGE=; omv-salt deploy run --no-color samba 2>&1' with exit code '1': debian:
    Data failed to compile:
----------
    Cannot extend ID 'start_samba_service' in 'base:omv.deploy.samba.15ldap'. It is not part of the high state.
This is likely due to a missing include statement or an incorrectly typed ID.
Ensure that a state with an ID of 'start_samba_service' is available
in environment 'base' and to SLS 'omv.deploy.samba.15ldap' in /usr/share/php/openmediavault/system/process.inc:247
Stack trace:
#0 /usr/share/php/openmediavault/engine/module/serviceabstract.inc(62): OMV\System\Process->execute()
#1 /usr/share/openmediavault/engined/rpc/config.inc(187): OMV\Engine\Module\ServiceAbstract->deploy()
#2 [internal function]: Engined\Rpc\Config->applyChanges()
#3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array()
#4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(155): OMV\Rpc\ServiceAbstract->callMethod()
#5 /usr/share/php/openmediavault/rpc/serviceabstract.inc(628): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}()
#6 /usr/share/php/openmediavault/rpc/serviceabstract.inc(152): OMV\Rpc\ServiceAbstract->execBgProc()
#7 /usr/share/openmediavault/engined/rpc/config.inc(208): OMV\Rpc\ServiceAbstract->callMethodBg()
#8 [internal function]: Engined\Rpc\Config->applyChangesBg()
#9 /usr/share/php/openmediavault/rpc/serviceabstract.inc(124): call_user_func_array()
#10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod()
#11 /usr/sbin/omv-engined(544): OMV\Rpc\Rpc::call()
#12 {main}

As a Note it does look like it pulled in the users, but not the groups.

Not sure if anyone knows what I did wrong here, I will take a look deeper into it when I get the chance.

• Thank you for your work on this project!

[ryecoaaron]

dpkg doesn't install dependencies. apt-get -f install does. That is why I had apt-get -f install after the dpkg line. No need to manually install any dependencies. And this is only needed when manually installing testing packages like this.

when I saved and tried to apply the configurations I got

I just tested a few more things and this error happens when samba isn't enabled. I will have to look at it. Until then, you can enable samba on the smb/cifs Settings tab. You don't have to add shares.

[Randy-Blancett]

I attempted to Enable SMB/CIFS however just as a note, I needed to remove all the LDAP stuff that was put into the SMB config before I could enable SMB.

However once I did that I am still getting errors

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LC_ALL=C.UTF-8; export LANGUAGE=; omv-salt deploy run --no-color samba 2>&1' with exit code '1': debian:

Succeeded: 11 (changed=6)
Failed:     2
-------------
Total states run:     13
Total run time:    1.128 s
[ERROR   ] Command '/bin/systemd-run' failed with return code: 1
[ERROR   ] stderr: Running scope as unit: run-re05d3e9c1080467986fb773b7e23ef6f.scope
Job for smbd.service failed because the control process exited with error code.
See "systemctl status smbd.service" and "journalctl -xeu smbd.service" for details.
[ERROR   ] retcode: 1
[ERROR   ] Job for smbd.service failed because the control process exited with error code.
See "systemctl status smbd.service" and "journalctl -xeu smbd.service" for details.
[ERROR   ] Service wsdd is already enabled, and is dead

OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LC_ALL=C.UTF-8; export LANGUAGE=; omv-salt deploy run --no-color samba 2>&1' with exit code '1': debian:

which more than likely means I have entered something wrong in the configuration, Or I have borked something during my install process. Thanks for the Help I will try to look deeper into this.

[Randy-Blancett]

As a Heads up I saw you updated the code, I pulled the newest version and the install seemed to work correctly. It seems to have pulled the users but I still do not see the groups. is there a log for this plugin?

[ryecoaaron]

I'm not sure how a working connection would only pull in users and not groups. Do your groups have a gid less than 1000 or greater than 60000? Those are the defaults in /etc/logins.def.

The plugin doesn't log because it isn't a service. It just configures nslcd. Those logs are in journalctl - journalctl -u nslcd.service

[Randy-Blancett]

Yes, I thought this was weird also, and was curious if it was just pulling stuff from before when it had a partial install.

I do have some groups that are below 1000 notably Users gid 100

The other thing that i find strange is when I initially setup this plugin I used ou=Users (the default) as the user suffix however my users are under ou=Service,ou=Person,dc=home,dc=darkowl,dc=org and ou=User,ou=Person,dc=home,dc=darkowl,dc=org with the default user suffix I would not have expected it to pull the users at all.

As a note im not sure if I have added additional issues because when I initially setup my system I used SSSD to allow for LDAP user login (which still works) Im curious if the configuration of ldap in the plugin is not really being used and it is only pulling the user data from the system using the SSSD configuration that I initially setup.

Do you have any suggestions on what configuration files I could / Should check to make sure that the plugin is correctly configuring the ldap services?

[Randy-Blancett]

Ok, did some trouble shooting on this.

Useful Background

All my systems are setup using SSSD to allow login / groups from my ldap server. Initially / by default I used my common ansible script to set this up so some level of this still exists on the system.

Troubleshooting Points

1. I disabled LDAP and it cleared out all the "ldap" users from the user list, as well as disabled my ability to log in using my LDAP account. When I re-enabled it the users appeared again. So It is in fact updating the users it is not just a stale DB that is allowing the users to show up.
2. when I log on to the server and look up the groups for my Ldap user groups <username> I do not see the ldap groups.
3. if I modify the /etc/nsswitch.conf file to look like the following

    passwd:         compat ldap sss
    group:          compat ldap sss
    shadow:         compat ldap sss
   

When I look at the groups using groups <username> the groups show up. However disabling / enabling the ldap service will over wright this file so I am not sure if it would cause the groups to be pulled or not.

4. I manually modified the Salt template at /srv/salt/omv/deploy/ldap/files/ to create the file as shown above. This still did not add groups, however when I look at the Users screen I do see all the LDAP groups added to the proper users in that screen.

I am curious where in the code the users / groups get written to the OMV Database?

Thanks

[ryecoaaron]

nslcd and sssd do similar things. You usually don't want to have them both installed at the same time. If you added sss to nsswitch.conf and things worked, then sssd is making things work. The plugin should not add sssd config since it is only configuring nslcd.

The code that the plugin uses to configure things is here - https://github.com/OpenMediaVault-Plugin-Developers/openmediavault-ldap/tree/main/srv/salt/omv/deploy

[Randy-Blancett]

Yea, that was what I was figuring, However looking through the code, it seems like all this plugin does is setup nslcd, but does not have any additional code to add the users / groups to the database / display. Which would mean that default OMV has some code to scrape the users / groups off the system. I guess I need to go find that code and see how it is pulling groups to try to see what is going wrong with my groups. It also seems like if i have an external ansible script that sets up SSSD OMV should be able to pull the information in with out the need of additional plugins.

Thank you for the time you have put into this plugin, and for all the help you have given me trying to get this setup. I think I will see if i can find how OMV pulls users / groups, if not I will reinstall OMV and try this plugin on a fresh install with out letting my ansible scripts muck with the system and see if that works out better.

[ryecoaaron]

OMV uses PAM. nslcd is connecting ldap to pam.

[Randy-Blancett]

Ok, so maybe that is the issue here, maybe when I setup SSSD I didn't setup the PAM portion Ill Take a look thank you for the information!

[Randy-Blancett]

Ok, finally figured this out, and want to document it in case it helps anyone in the future.

Doing some digging OMV gets the list of Users by running getent passwd and gets groups running getent group.
For my system SSSD does not load users / groups from ldap by default you have to add enumerate = true to the /etc/sssd/sssd.conf file in order for it to load them.

Once I added that to the config file all my groups showed up from ldap.

Thank you for all your help!