Synology usage series 9 – Setup OpenLDAP


Setup OpenLDAP is easy, the only thing that took time for new user like me is to create a syntax-error-free ldif file that could be able to import to the system :-/

Pre-requisites:

  1. The diskstation is already bootstrapped.
  2. Telnet or SSH is enabled

Click the link below for the procedures that I took to setup and configuration OpenLDAP on DS207+/DS101j

* Also tested on DS101j


Install OpenLDAP

  1. Telnet/SSH to the diskstation
  2. # ipkg -force-depends install openldap
  3. Edit /opt/etc/openldap/slapd.conf, includes at least the following schema
    
    include /opt/etc/openldap/schema/core.schema
    include /opt/etc/openldap/schema/cosine.schema
    include /opt/etc/openldap/schema/inetorgperson.schema
    include /opt/etc/openldap/schema/misc.schema
    include /opt/etc/openldap/schema/openldap.schema
    
    
  4. Create the hashed password for administrator
    # slappasswd
    # New password:
    # Re-enter new password:
    {SSHA}xxxxxxxxxxxxxxxxxxxxxxx
    

    Code highlighted in red is the hashed password we need to copy and paste to slapd.conf.

  5. Edit /opt/etc/openldap/slapd.conf, edit the following lines:
    
    ## suppose your domain name is mydomain.com, change to your own domain
    suffix          "dc=mydomain,dc=com"
    rootdn          "cn=[your ldap admin username],dc=mydomain,dc=com"
    rootpw          [your hashed password here]
    
    
  6. Add the following ACL to slapd.conf
    access to attrs=userPassword
     by dn="cn=[your ldap admin username],dc=mydomain,dc=com" write
     by anonymous auth
     by self write
     by * none
    
    access to dn.regex=".*,dc=mydomain,dc=com"
     by dn="cn=[your ldap admin username],dc=mydomain,dc=com" write
     by users read
     by anonymous auth
    
  7. Now the setup is completed! Run the OpenLDAP server manually
    
    # /opt/etc/init.d/S58slapd
    
    
  8. If setup is correct, there should be a few slapd instances running
    
    # ps auxwww | grep slapd
    
    

    If not running, verify the slapd.conf





6 thoughts


  1. Hi
    Your tutorial is perfect
    i have ds110j and i’ve done everything and it works but i can’t put ldif file to LDAP

    I get
    ldap_bind: Invalid credentials (49)

    I have checked everything but i’m something missing.

    Please can You help ??

    Thankyou

  2. Please can You help me – if it is necessary i can set up my synology on external ip so that You could see it 🙂 Thank You for Your help

    • LDAP schema is a pain to learn.

      I’m not familar with LDAP schema. I’m afraid I don’t have enough skill to debug your LDIF.

      I’m also new to LDAP things. It took me couple days to write the LDIF sample in page 2 -_-;

      By the way, make sure you are binding as ldap administrator when running ldapadd (make sure the password is correct)

      Good Luck!

  3. How can i check it if the password is ok. i used slappasswd and got a password in ssh hash and i have put it in slapd.conf

    What else can i check ??

Leave a Reply

Your email address will not be published. Required fields are marked *