Synology usage series 9 – Setup OpenLDAP

Setup OpenLDAP is easy, the only thing that took time for new user like me is to create a syntax-error-free ldif file that could be able to import to the system :-/


  1. The diskstation is already bootstrapped.
  2. Telnet or SSH is enabled

Click the link below for the procedures that I took to setup and configuration OpenLDAP on DS207+/DS101j

* Also tested on DS101j

Install OpenLDAP

  1. Telnet/SSH to the diskstation
  2. # ipkg -force-depends install openldap
  3. Edit /opt/etc/openldap/slapd.conf, includes at least the following schema
    include /opt/etc/openldap/schema/core.schema
    include /opt/etc/openldap/schema/cosine.schema
    include /opt/etc/openldap/schema/inetorgperson.schema
    include /opt/etc/openldap/schema/misc.schema
    include /opt/etc/openldap/schema/openldap.schema
  4. Create the hashed password for administrator
    # slappasswd
    # New password:
    # Re-enter new password:

    Code highlighted in red is the hashed password we need to copy and paste to slapd.conf.

  5. Edit /opt/etc/openldap/slapd.conf, edit the following lines:
    ## suppose your domain name is, change to your own domain
    suffix          "dc=mydomain,dc=com"
    rootdn          "cn=[your ldap admin username],dc=mydomain,dc=com"
    rootpw          [your hashed password here]
  6. Add the following ACL to slapd.conf
    access to attrs=userPassword
     by dn="cn=[your ldap admin username],dc=mydomain,dc=com" write
     by anonymous auth
     by self write
     by * none
    access to dn.regex=".*,dc=mydomain,dc=com"
     by dn="cn=[your ldap admin username],dc=mydomain,dc=com" write
     by users read
     by anonymous auth
  7. Now the setup is completed! Run the OpenLDAP server manually
    # /opt/etc/init.d/S58slapd
  8. If setup is correct, there should be a few slapd instances running
    # ps auxwww | grep slapd

    If not running, verify the slapd.conf

6 thoughts

  1. Hi
    Your tutorial is perfect
    i have ds110j and i’ve done everything and it works but i can’t put ldif file to LDAP

    I get
    ldap_bind: Invalid credentials (49)

    I have checked everything but i’m something missing.

    Please can You help ??


  2. Please can You help me – if it is necessary i can set up my synology on external ip so that You could see it 🙂 Thank You for Your help

    • LDAP schema is a pain to learn.

      I’m not familar with LDAP schema. I’m afraid I don’t have enough skill to debug your LDIF.

      I’m also new to LDAP things. It took me couple days to write the LDIF sample in page 2 -_-;

      By the way, make sure you are binding as ldap administrator when running ldapadd (make sure the password is correct)

      Good Luck!

  3. How can i check it if the password is ok. i used slappasswd and got a password in ssh hash and i have put it in slapd.conf

    What else can i check ??

Leave a Reply

Your email address will not be published. Required fields are marked *