Join Log in
Score:0
CShark avatar Server

Synology join LDAP domain: failed to load user data

bf flag
CShark

I'm currently trying to setup SSO on a synology nas using Keycloak and ApacheDS. I've successfully joined the domain and can finally see all users and groups in the directory and I can edit the groups just fine. But I can't edit any of the users because of some nondescript error message Failed to load the user data.

I've joined my ldap with the following custom profile:

filter:
passwd = (objectClass=inetOrgPerson)
group = (objectClass=groupOfNames)

group:
cn = cn
gidNumber = HASH(cn)
memberUid = member

passwd:
uidNumber = HASH(uid)
uid = uid
userPassword = userPassword
gidNumber = HASH(memberOf)

Here is the test user i'm trying to edit (the password is SSHA hashed, because it won't let me set a cleartext password?)

objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Test
sn: User
mail: [email protected]
uid: test
userPassword:: e1NTSEF9c0xaU3NETmwxK3FpLzlDVFRFL1FaVDJUb2NRUTJFYnZnR3VQRVE9P
 Q==

The logs don't show anything, any idea what is going wrong?

223
1 + 0
Score:0
CShark avatar Server
bf flag
CShark

Turns out that Synology requires the memberOf-Overlay attribute, which ApacheDS does not support. Switching to OpenLDAP and configuring the overlay fixed my problems.

Also, the gidNumber is for the user group, not for the group the user is part of and should be HASH(cn) or HASH(uid).

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.