Frequently Asked Question
Application: How to join the Synology NAS to the LDAP directory service
Last Updated 6 years ago
OverviewWhen the directory service is set up on Directory Server or any other LDAP server, Synology NAS and other LDAP clients (such as Mac and Linux computers) can be bound to the server to join the directory service. With the support of LDAP, managing user accounts and privileges has become a lot more efficient. As a Synology DiskStation can merge into any existing LDAP directory service easily, it could greatly reduce the time spent on creating numerous sets of accounts for different services.
This article will guide you through and explain how to join the Synology NAS to the LDAP directory server.
1. Before you startThis article assumes that you have done the following tasks for your DiskStation:
- Updated the DiskStation Manager (DSM) to the latest version.
- Logged in under DSM admin (or a user belonging to the administrators group) for your DiskStation.
2. LimitationsPlease see the following limitations.
- Your DiskStation can be bound to only one LDAP server at a time.
- If you use the LDAP functionality mentioned in this section to bind your DiskStation to a server that doesn't contain the object class posixAccount for its users and groups (such as Windows Domain Controller or Microsoft Exchange Server), your DiskStation will not be able to retrieve the information of LDAP users and groups from the server.
- If you want to bind your DiskStation to a Windows Domain Controller to retrieve the information of domain users and groups, go to Main Menu > Control Panel > Win/Mac/NFS > Domain/Workgroup. However, you are not allowed to bind your DiskStation to an LDAP server and Windows Domain Controller at the same time.
3. To bind your DiskStation to an LDAP server
- Log in to DSM as admin (or a user belonging to the administrators group), go to Main Menu > Control Panel > LDAP, and then tick Enable LDAP Client.
- Enter the IP address or hostname of the LDAP server in the LDAP Server address field.
- Choose an encryption type from the Encryption drop-down menu to secure LDAP connection with encryption mechanism.
- Enter the Base DN of the LDAP server in the Base DN field, or choose an available Base DN from the Base DN drop-down menu.
- Tick Enable Windows CIFS support to allow LDAP users to access DiskStation files with their computers via the CIFS protocol.
- Click OK.
- In the authentication window that appears, do the following:
- Enter the distinguished name (DN) or account name of an LDAP administrator (such as root or a user belonging to Directory Server's Directory Operators group) in the Bind DN or LDAP administrator account field.
- Enter the password for the LDAP administrator in the Password field.
- Click Apply.
Not all DSM applications can be accessed by LDAP users. For a complete list of supported applications, please refer to Domain Integration by clicking the green Software spec & applied models button.
If LDAP users want to access DiskStation files with their computer via the AFP protocol, they will need to authorize with the username "LDAP_Username@Suffix". For example, if the name of the LDAP user is "ldap1", and the Base DN of the LDAP database is "dc=ldap,dc=synology,dc=com", then the suffix would be "ldap.synology.com", and the user can authorize with the username "email@example.com".