Bind NextCloud to an Active Directory not working

Currently reading
Bind NextCloud to an Active Directory not working

777
291
NAS
DS216+II, DS118, DS718+, DS720+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Does anyone have any idea if I'm doing something wrong or NextCloud has some bug to talk to a Synology Directory Server?

See below screenshot:
nextcloud_ldap_fault2.jpg


Nextcloud version: 22.2.0
Docker Image: Linuxserver.io/Nextcloud

From within the Docker container I'm able to ping the AD server just fine..
 
There is no screenshot :)

Maybee it's the typical ldap vs ad type of configuration differences that needs special attention. Or ldaps vs. ldap, or simply the wrong ports for one or the other dialect. I had plenty of fun with integrating stuff to ad/ldap over the years.
 
Upvote 0
There is no screenshot :)

Ye this forum is still the only one (amongst other forum's I'm using) I'm facing that has an issue accepting my screenshot using the IMG tags.. Attached it instead:
1635619511622.png



I had plenty of fun with integrating stuff to ad/ldap over the years.
Oh that must have been so much 'fun'... Oneday I need to move from Synology LDAP to Synology Directory Services.....
 
Upvote 0
Judging be the port you configured an ad over ssl/tls connection. I never use Synology LDAP myself. Is it realy an AD? And is the tls/ssl certificate valid from the perpective of the next cloud container?

Did you check with a ldap browser, that those are actualy the right DN's for the ldap-query account and the base DN underneath all user CN's reside?
 
Upvote 0
Judging be the port you configured an ad over ssl/tls connection. I never use Synology LDAP myself. Is it realy an AD?

No no, not the Synology LDAP package. We're talking about Synology Directory Server package which should be based on a full blown Samba Active Directory engine.

And is the tls/ssl certificate valid from the perpective of the next cloud container?
That check can be skipped here:
1635684677403.png


Did you check with a ldap browser, that those are actualy the right DN's for the ldap-query account and the base DN underneath all user CN's reside?
I did:
(Softerra LDAP Browser 4.5)

1635684834865.png
 
Upvote 0
The DN Seems fine to me.

I have found a post in the german synology forum that indicates that further settings are required (I used a google translate german->english url):
 
Upvote 0
I do not see this guy really doing much 'extra' settings.

I read this as how he starts his Nextcloud AD configuration:

Entries in the "Server" tab:

Host: ldap: //Diskstation.Domain.Local
Port: 389 -> This is usually found if you have registered the correct host and then click on "determine port"
User DN: Domain \ [username] -> It seems that you can forget all the stuff with DC = / DN = ... at Synology. I use the domain administrator as the user for the connection, by the way.
Password: Password -> So please do NOT write in 'password' ...
wink.png

It is of course the domain password of the user to be used for the connection.

With the data I was then able to click on the "Determine Base-DN" button and NC spat out the following values immediately (ie NC was now actually able to determine the Base-DN! Juhuuu!

I do the same thing (switched to how he does the User DN:, but if I click the 'Determine Base DN' button, I get:

1635691530691.png
 
Upvote 0
Not sure why, but it's starting to work now.

The only major difference I done now is that I attached the docker container to a macvlan network..

The Domain Controller is a simple vDSM instance running on the same physical host with Synology Directory Server package installed.
 
Upvote 0
It would have made sense that it doesn't work if the container would have been in a macvlan network and the AD was directly on the host. The kernel strictly prevents communication between the macvlan host and its sub interfaces (=the ones the container get). Though, there is even a workound for that.

But as I understand the container previously used a bridge network, which should have worked with the AD beeing directly on the host without any issues (given the firewall doesn't block it).

Welcome to the esoteric corner of computer science :ROFLMAO:
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thanks... I tried something similar with rsync. The docker volume lived in...
Replies
7
Views
763

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top