Schlagwort: ldap

Leave a reply

Synology LDAP import CSV

You can use an CSV File to import Users, passwords and description into your running LDAP. You have to take care about following things:

Parameters:

  • Username
  • Passwort
  • Description
  • Email
  • Employee number
  • Department
  • Employee type
  • Titel
  • Work phone
  • Home phone
  • Mobile phone
  • Adress
  • Status

To import the users list:

  1. Choose Create > Import Users.
  2. Tick Overwrite duplicate accounts if you wish to replace the duplicate accounts with the one exists in the users list.
  3. Click Browse and select the file of the users list. After the file is selected, the preview region will show the list of imported users. Users with abnormal status will not be imported.
  4. Click Upload to create the user account

More information in the Synology Help Document
Error message:
Invalid syntax in file. Double quotation marks placed incorrectly. Please check the below field:


Leave a reply

Synology LDAP + DokuWiki

This is a short tutorial to use the integrated Synology LDAP with the DokuWiki Plugin. This will give you the opportunity to have a central user management in your network.

Synology Auth. Settings
Base DN:dc=fileserver,dc=customer,dc=intern
Bind DN:uid=root,cn=users,dc=fileserver,dc= customer,dc=intern

Install the „LDAP Auth Plugin“ in your DokuWiki and change following settings:

LDAP Plugin by Andreas Gohr
Settings of your LDAP Plugin
$conf['title'] = 'Customer Wiki';
$conf['license'] = 'cc-by-sa';
$conf['useacl'] = 1;
$conf['authtype'] = 'authchained';
$conf['superuser'] = '@admin';
$conf['disableactions'] = 'register';
$conf['plugin']['authldap']['server'] = '127.0.0.1';
$conf['plugin']['authldap']['usertree'] = 'dc=fileserver,dc= customer,dc=intern';
$conf['plugin']['authldap']['grouptree'] = 'cn=groups,dc=fileserver,dc= customer,dc=intern';
$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['bindpw'] = ;
$conf['plugin']['authldap']['debug'] = 1;
$conf['plugin']['authldap']['modPass'] = 0;
$conf['plugin']['authchained']['authtypes'] = 'authplain:authldap';

Install the „chained auth plugin“ that you can login with the local authentication service and you LDAP Server. This can rescue if you have issues with your network. Then change following settings in the Admin/Configuration Settings:

Settings for „Chained authentication plugin“
Chained authentication plugin

plugin»authchained»authtypes
Seperated list of authentication plugins in chaine, seperator is ":", e.g.: "authpam:authplain"

plugin»authchained»usermanager_authtype
Authentication plugin from which the capabilities are retrieved, when no user is logged in, e.g.: "authplain"
Change the Authentication Setting to „authchained“


Leave a reply

Zyxel USG Synology LDAP

If you have a Synology with the running LDAP Application you can use this to have a central user management. This will allow dedicated users to login into your Firewall or their services (VPN).

First you have to download and install the LDAP package on your Synology and make sure that you have a fix IP Adress in your LAN.

Synology LDAP Application

You have to set your FQDN (Fully-Qualified Domain Name) and your directory password. Now you can create users and groups. I would recommend that you create a group for users you want to allow services on your firewall for example vpn services. I use the group „vpnallow“ and add the user who I want to have access to my VPN services.

Login to your firewall and go to the settings tab, Object and then AAA Server

Go to LDAP and now you can use the „Add“ Button to get into the configuration.

Server Address: is the IP of your Synology, if you have done a correct DNS configuration in your local network you can use the FQDN.
Port 636: if you use SSL what I would recommend, you have to change the Port and check the checkbox „Use SSL“
Base DN: is the same what you find in the Synology LDAP application on your Synology in the Settings tab. In my example it is dc=aut2100,dc=intern
Bind DN: you can find this on the Synology LDAP application too. For example uid=root,cn=users,dc=aut2100,dc=intern. Use the password you have typed in when creating the LDAP.
Login Name Attribute: you can leave it like it is: uid
Group Membership Attribute: change it to “memberOf„ this will describe the attribute what is used to identify the group

Now you can test your configuration by typing the username in the last field and press „Test“.(You have to use an user which is member of the group you want to add) If everything is correct you should get „OK“ as Test Status. Important for us is the Returned User Attributes:

dn: uid=XXX,cn=users,dc=aut2100,dc=intern
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: apple-user
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: extensibleObject
cn: XXXX
uid: XXXX
gecos: XXX XXX
uidNumber: 1000004
gidNumber: 1000001
loginShell: /bin/sh
homeDirectory: /home/XXX
shadowLastChange: 18352
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
sn: XXXX
mail: XXXX@XXXX.XXX
authAuthority: ;basic;
apple-generateduid: XXXXX-53FB-4F2B-BCCA-F0330E7166A7
sambaSID: S-1-5-21-XXXXXX-613372285-2155760070-1019
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet: 1585651462
sambaAcctFlags: [U ]
displayName: XXXXX
userPassword:: XXXXXXXX
memberOf: cn=vpnallow,cn=groups,dc=aut2100,dc=intern
memberOf: cn=2100,cn=groups,dc=aut2100,dc=intern
memberOf: cn=Familie,cn=groups,dc=aut2100,dc=intern
memberOf: cn=vds,cn=groups,dc=aut2100,dc=intern
memberOf: cn=users,cn=groups,dc=aut2100,dc=intern

Copy the text after „memberOf:“ with the group you want to add later for example: „cn=vpnallow,cn=groups,dc=aut2100,dc=intern“

Creating allowed User:
Go to Objects -> User/Groups and press on the „Add“ Button. Choose „ext-group-user“ and give in the copied string for example: „cn=vpnallow,cn=groups,dc=aut2100,dc=intern“. Change „Associated AAA Server Object:“ to ldap. Now you can test if the user is member of the group or not.

Add to Authentication Method
Go to Objects -> Auth. Method and press on the „Add“ Button. Name your new Authentication Method and press on the „Add“ Button. Choose the name you gave the LDAP / AAA Server.

Enable the User in the VPN Settings
Now you can choose the Authentication Method you have added before and choose the Allowed User you have created.

Thanks to Tools at Work
If you have any questions or if you need help installing your firewall call them


Durch die weitere Nutzung der Seite stimmst du der Verwendung von Cookies zu. Weitere Informationen

Die Cookie-Einstellungen auf dieser Website sind auf "Cookies zulassen" eingestellt, um das beste Surferlebnis zu ermöglichen. Wenn du diese Website ohne Änderung der Cookie-Einstellungen verwendest oder auf "Akzeptieren" klickst, erklärst du sich damit einverstanden.

Schließen