Been working on setting up my new
Openfiler 2.99 VMs on top of the nice new 2TB hard drives I picked up and had some interesting results trying to get everything set up.
A big part of my trouble has been that I want to set up two openfiler VMs with sycnronized usernames and passwords. The two options for that are LDAP and Active Directory. Since openfiler has a built in LDAP server, I figured I'd see if I could get one openfiler to serve as the LDAP for the other. After several hours, and a couple of changes to the LDAP config from the command line, got the one server to speak to the other. Big problem though, is source openfiler box could no longer properly use its local LDAP server. Big bummer there...
So, I found this
tutorial on how to set up an openfiler compatible LDAP and promptly spawned a new VM with CentOS 6 (why not right?). Turns out the LDAP server uses a new LDAP configuration format that is not yet supported by most third party tools, and there is not a lot of good (at least to me) information on how to start setting one up. After some finagling, got one up and running though, but hit another roadblock. I could not get the Openfiler VM to connect to the LDAP correctly. So after an afternoon of swearing, decided to start from scratch on CentOS 5 as there is a lot of good material on that. So after using a set of tutorials on
centOS 5 ldap,
centOS LDAP TLS and some fun with
LDAP Explorer Tool on windows, had what appeared to be a functioning LDAP server.
But, the openfiler refused to log in when entering the creditials in the WebUI. After some digging, ended up manually specifying the settings in the /etc/openldap/ldap.conf and server page reloads later, it finally connected and appeared happy. So, I started adding in groups to the LDAP tree using the Openfiler interface and then went to add a user.
Openfiler started blowing an error that it could not update the password. As most of my issues so far had been LDAP related, decided to bark up that tree some more. Much to my surprise, the update command from the command line worked perfectly.
So, I started digging into the admin code, trying to see if there was an error in it. Change the setLDAPpasswd function in /opt/openfiler/var/www/includes/ldap.inc to echo out the text output from the LDAP update and tried again. Got back the number 1. After scratching my head for a moment, realized that the previous state for the smbpasswd statement also issued a return. Changed that to also return full text.
I had a hint now. "failed to add entry for user" After doing some digging and reading a couple of posts on the ubuntu forums about similar issues, decided to attempt the command manually. Threw an error about not being able to talk to LDAP over TLS. Turned off TLS in the openfiler UI. Password update from the UI worked! Now, if I really felt like it (which I don't right now) I would sit down and figure out why it was not using TLS correctly. My guess would be something to do with the self-signed certs.
I'm going to play around with it some more, hopefully box number 2 will not be so painful this time around.
*edit* Also, here is
Install VMWare tools on openfiler 2.99.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
