LDAP Screens

LDAP Widget

The LDAP widget displays after you configure SCALE settings for your LDAP instance. The widget includes Status, and the Hostname and Base DN and Bind DN you configured.


Settings opens the LDAP screen.

LDAP - Add and Edit Screens

The LDAP configuration screen has two screens, Basic Options the default view, and Advanced Options. After configuring LDAP, the edit LDAP screen includes both the basic and advanced options.

Rebuild Directory Service Cache resyncs the cache if it gets out of sync or there are fewer users than expected are available in the permissions editors.

LDAP Screen - Basic Options

The settings on the Basic Options also display on the Advanced Options screen.

Basic Option Settings


HostnameEnter the LDAP server hostnames/IP addresses. Separate entries with Space. You can enter multiple hostnames/IP addresses to create an LDAP failover priority list. If a host does not respond, TrueNAS tries the next host until it establishes a connection.
Base DNEnter the top level of the LDAP directory tree to use when searching for resources. Example: dc=test,dc=org.
Bind DNEnter the administrative account name for the LDAP server. Example: cn=Manager,dc=test,dc=org.
Bind PasswordEnter the password for the administrative account (in Bind DN).
EnableSelect to activate the configuration. Select to clear and disable the configuration without deleting it. You can re-enable it later without reconfiguring it. The Directory Services screen returns to the default and provides the options to configure AD or LDAP.

LDAP Screen - Advanced Options

The settings on the Advanced Options screen include the Basic Options screen.

Advanced Option Settings


Allow Anonymous BindingSelect to enable the LDAP server to disable authentication and allow read and write access to any client.
Encryption ModeSelect the options for encrypting the LDAP connection from the dropdown list.

Select OFF to not encrypt the LDAP connection.
Select ON to encrypt the LDAP connection with SSL on port 636.
Select START_TLS to encrypt the LDAP connection with STARTTLS on the default LDAP port 389.
CertificateSelect the certificate to use when performing LDAP certificate-based authentication. To configure LDAP certificate-based authentication, create a Certificate Signing Request for the LDAP provider to sign. TrueNAS does not need a certificate when using username/password or Kerberos authentication.
Validate CertificatesSelect to verify certificate authenticity.
Disable LDAP User/Group CacheSelect to disable caching LDAP users and groups in large LDAP environments. When caching is disabled, LDAP users and groups do not appear in drop-down menus but are still accepted when manually entered.
Kerberos RealmSelect an existing realm from Kerberos Realms.
Kerberos PrincipalSelect the location of the principal in the keytab created in Kerberos Keytab.
LDAP TimeoutEnter the number of seconds for the LDAP timeout. Increase this value if a Kerberos ticket timeout occurs.
DNS TimeoutEnter the number of seconds for the DNS timeout. Increase this value if DNS queries timeout.
Samba Schema (DEPRECATED - see help text below)Only select if you configured the LDAP server with Samba attributes and it requires LDAP authentication for SMB shares.
Auxiliary Parameters(Optional - only experienced users) Specify additional options for nslcd.conf.
SchemaSelect the schema to use with Samba Schema.
DEPRECATED: Samba Schema support is deprecated in Samba 4.13. We are removing this feature after Samba 4.14. Users should begin upgrading legacy Samba domains to Samba AD domains.