Configure LDAP settings
Once your Synology ActiveProtect appliance joins an LDAP service, you can view LDAP information at User Management > Domain/LDAP Users > Directory Information.
If you need to change LDAP client settings, go to the Appliance Console > Control Panel > Domain/LDAP > Domain/LDAP. Click Settings to check the advanced settings:
Edit general information
Option | Description |
---|---|
Encryption | Select a type of encryption for connecting your ActiveProtect appliance to the LDAP servers. |
Base DN | Enter the starting point from which the edge server searches for user data. For example, if your LDAP server's FQDN is "ldap.synology.com ", its Base DN will be "dc=ldap,dc=synology,dc=com ". |
Profile | Select a profile that regulates how user and group information is mapped to LDAP attributes. For more information, check About LDAP profiles. |
Manage advanced settings
Option | Description |
---|---|
Update user/group list | Set how often your ActiveProtect appliance updates the user/group lists.1 For manual updates, click Update LDAP Data at User Management > LDAP Users. |
Group member attribute |
|
Enable UID/GID shifting | Prevent conflicts between LDAP and local users/groups by shifting the UID/GID of LDAP users/groups by 1,000,000. This option is available for non-Synology LDAP servers with a unique numerical ID attribute for each user and group. |
Expand nested groups | Specify the number of levels for expanding nested groups. For example, with a level of 2, permissions from a group apply to its users, immediate child groups (level 1), and child groups of those child groups (level 2).2 |
Enable client certificate | Upload a client certificate for LDAP authentication. Certain LDAP services require a certificate to authenticate LDAP clients. |
Rejoin an LDAP directory
LDAP rejoining is only required when anomalies arise, such as invalid authentication data.
- Go to the Appliance Console > Control Panel > Domain/LDAP > Domain/LDAP > Settings.
- Under the General tab, click Rejoin LDAP.
- Enter your Bind DN (or your LDAP server's admin account) and password. Click OK to start the rejoining process.
Download PDF
Edit general information
Manage advanced settings
Rejoin an LDAP directory