Synology LDAP server and Centos 6 client: Brain Dump
by Sunny Chan
Posted on Thursday April 26, 2012 at 09:06pm in Anything
This is a brain dump on how to get Centos 6 client to authenticate using Synology's Directory Service. I have assumed that you have setup the Directory Server correctly.
You need the following packages:
- openldap-clients
- sssd
sssd seems to be installed by default, but openldap wasn't.
Run system-config-authenticate, with the following settings:
- LDAP Search Base DN can be found under Synology Directory Server application
- Make sure you use ldaps:// in order to use LDAP passwd. Notice that ldaps is switch on by default on synology server.
Then, Apply the changes.
Notice that the SSL certificate used by the LDAP server is a self-generated one, and I didn't manage to change it so I took a short cut and ask openldap client not to borther checking the certifiacte. You can do this by modifying /etc/openldap/ldap.conf and add "TLS_REQCERT allow". This would ask openldap to ignore any SSL cert error.
Once you have done that, try login via ssh and you should be able to access the user listed in the synology server directory. If you want to use the uid and gid from ldap server instead of the passwd file on the Linux client, make sure you swap the priority for passwd in nsswitch.conf.
