Author Topic: [Solved] trying to connect Synology NAS to Zentyal  (Read 15127 times)

zippydan

  • Zen Monk
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: [Solved] trying to connect Synology NAS to Zentyal
« Reply #15 on: September 05, 2013, 04:21:39 pm »
I never copy-pasted the password.  I always typed it in manually by hand.

zippydan

  • Zen Monk
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: [Solved] trying to connect Synology NAS to Zentyal
« Reply #16 on: September 08, 2013, 07:40:27 pm »
After further investigation it looks like Synology's LDAP client is just screwy.  Since I was in testing mode, I was trying to use a simple login/password to get the Synology to connect to Zentyal's LDAP, so I did not notice this issue until finalizing my settings.

Basically, my conclusion is that Synology DOES NOT READ the nslcd.conf for the bindPW and instead ONLY uses a password of "1234" to connect.  This is why I kept getting an "invalid credentials" error when trying to use "zentyalro": because no matter what password I tried in nslcd.conf, the Synology box was trying to connect with "1234".

I tested this by creating a user "Synology" on the Zentyal server with password "1234".  If I used "Synology" as the "uid=" in nslcd.conf, I could successfully connect every time.  But if I changed the "uid=" in any way (including commenting it out with #), I would get an "invalid credentials" error.  This shows that the Synology box was refreshing the nslcd.conf and was indeed using the bindDN config line and is NOT connecting anonymously.

Any change I made to the bindPW configuration line had NO EFFECT, including commenting out the line with #.  As long as the "uid=" was correct, and the password on the Zentyal server was "1234", I would get a successful connection.  This shows that the Synology box is NOT USING the bindPW line AT ALL.

To further test this, I tried changing the login password for "Synology" on the Zentyal server.  Of course, now the Synology LDAP Client would fail to connect, even if I updated the bindPW line to match.  Even a simple change to "12345" for the login password would not work no matter what I tried.

This MAY be a side effect of using Synology's own LDAP Directory Server package to "trick" my Synology's LDAP Client into starting the client service.  In other words, I'm thinking that IF you connect your Synology LDAP Client to a Synology LDAP server, it may use some special configuration to connect and ignore the bindPW line, which is causing these symptoms.  This idea is supported by the fact that the Synology LDAP Client specifically recognizes when it is connected to a Synology LDAP Server AND that it puts "1234" as the bindPW in the nslcd.conf (even if it doesn't use it).  OR it may be a bug in the general Synology LDAP Client configuration.

The conclusion is that I removed the user "Synology" as a Domain Admin (the LDAP connection still works fine as a regular user).  I also removed all mailbox, mail connection, and groupware options for that user.  I'm not sure how much of a security threat it represents to have this one standard user with a password of "1234", but I don't see any way around it for now.

Edit: Final followup: I was right and yet I was also an idiot.  Synology seems to store the password in a different file than nslcd.conf (on a fresh installation of Synology I noticed that it writes "secret" to the nslcd.conf when creating a connection to the Synology's local LDAP server).  The reason I could only use a password of "1234" is because that is the password I used when setting up the temporary LDAP server on the Synology box.

There is an easy solution to this "problem" as well.  Simply setup the temporary LDAP server WITH THE SAME PASSWORD as the "zentyalro" account on the Zentyal server you intend to connect to.  The Synology will then write this password wherever it writes it, and then you can edit the rest of the nslcd.conf to connect to your Zentyal box with "zentyalro".
« Last Edit: August 19, 2014, 03:59:10 am by zippydan »

tilllt

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: [Solved] trying to connect Synology NAS to Zentyal
« Reply #17 on: September 19, 2013, 01:47:34 pm »
Hi, i was trying to follow your explanations across this and the synology forum but i coulndt really get the different infos together:

RECAP: The Problem is, that we can neither set Port 390 nor does the input mask accept Zentyals Bind DN Users, right?

What i understood from your solution: Install LDAP Server, start it up to create a dummy config, stop it again. Then login as root, go to /usr/syno/etc/ and edit nslcd.conf...

----
uri ldap://192.168.123.1:390

# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3

# The distinguished name of the search base.
base dc=domain,dc=tld
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=zentyalro,dc=domain,dc=tld

# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
bindpw 12345678xyz
----

So if i apply this changes, the Diskstation still does not connect to Zentyal. What else did you change?
« Last Edit: September 19, 2013, 02:04:58 pm by tilllt »

tilllt

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: [Solved] trying to connect Synology NAS to Zentyal
« Reply #18 on: September 19, 2013, 04:25:07 pm »
ok, the problem was DSM 3.1 ... i updated the Diskstation to 3.3 and now it works.. nevermind.