Setting up Directory Server With OS X El Capitan Computer

An integrated account management LDAP server for DiskStations, Linux, and Mac clients.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
rmigneron
Trainee
Trainee
Posts: 12
Joined: Thu Aug 27, 2015 2:26 pm

LDAP and OS X El Capitan

Postby rmigneron » Fri Nov 27, 2015 3:26 pm

Hi 2 problems :

1) My Syno LDAP doesn't want to create User Directories under /var/services/...

2) My OS X El Capitan can't find the directories to mount

To start with, the old pdf documentation is much too old, and shouldn't be used for latest OS X Users.

Now, I'm trying to use the following documentation : https://www.synology.com/en-us/knowledg ... orials/638

Question 1 (as there are never any real examples to help), if my ldap server is named "xxx.local" on the network, is the LDAP_URI="ldap://ldap.xxx.local" or simply LDAP_URI="ldap://xxx.local" ????

Q 2 : I suppose the BASE_DN = whatever is in the Base DN in the Directory Server settings window

Q 3 : How come under /var/services/homes/@LH... there ain't 1 directory per ldap user ?? I got a couple of directories, but now anytime I create a new LDAP user, it doesn't create a directory ?

Q 4 : In my OS X system.log, I get the following message repeated over and over :

automountd[84564]: parse_entry: mapentry parse error: map=auto_home key=Time Machine User

That user is one who has a directory in /var/services/homes/@LH...

I know I'm not far from the solution !!!

Please !

Thanks in advance,

Richard
---------------
Richard Migneron
DS 1815+
RT 1900ac
busatari
I'm New!
I'm New!
Posts: 1
Joined: Thu Jan 28, 2016 7:36 am

Re: LDAP and OS X El Capitan

Postby busatari » Thu Jan 28, 2016 7:40 am

I'm facing exactly the same problem..if there any solution available?
rmigneron
Trainee
Trainee
Posts: 12
Joined: Thu Aug 27, 2015 2:26 pm

Re: Setting up Directory Server With OS X El Capitan Computer

Postby rmigneron » Thu Oct 06, 2016 9:37 am

Hello,

So, long time since the original post, I tried a lot of stuff.

First, under DSM 6, the Home dir is located in /volumeX/homes (where X is the volume number where you put it in the Advanced User Panel (in the main User configuration)).

Then, when we migrated from DSM 5 to DSM 6, the Directory Server Homes where moved from wherever they where under /var, under /volume2/homes/ (in my case), its name looks something like "...@LH-'fqdn'", under which there is another directory (named "61" in my case), under which are my LDAP user directories.

I tried to create another user, "Test1", and it never created the user directory there.

Next, I said to myself, lets undo everything. I removed aIl the LDAP users, stopped Directory Server and uninstalled it. I still see the @LH-fqdn subtree of directories, even the users homes (which were removed).

Next, I re-installed, started Directory Server. No change in the Directory Tree, no users but the user home directories are still there. The first dir associated with the first UID (100002), and the second to (100003).

When I create new users, the first user Test1, replaces 100002 and becomes owner of first previous user., the second Test2 replaces 10003, but the third Test3 doesn't get a new home directory !!! (nice try, no cigar !)

Retried another time, and this time I removed the "@LH-fqdn" subtree. When I re-installed Directory Server and created the first user, it didn't create the subtree.

So I removed the users again, stopped directory server and finally, uninstalled it.

Now, the next step, is to clean-up the mess, since I still see the LDAP groups when trying to change the owner of a share, and there is probably a config file or 2 that are still lying around and f...ing up with a new installation.

Any help would be greatly appreciated.

Cheers,

Richard
---------------
Richard Migneron
DS 1815+
RT 1900ac
Chris101
Trainee
Trainee
Posts: 17
Joined: Mon Feb 15, 2016 4:18 am

Re: Setting up Directory Server With OS X El Capitan Computer

Postby Chris101 » Thu Oct 06, 2016 10:06 am

Hi,

Have you directed the sinology box to auto create home directories in specific location.

This can be done by (from memory) logging into the box on telnet then executing the following.

synoldapserver --automount "fileserver.synology.com" "/volume1/MacHome"

Then Create the users, and (I assume) dump folders in there. IE: dump user a folders into it and apply the permissions on the parent folder.

once you connect the mac's to the LDAP server, you will need to change the LDAP directory mapping from whatever it is under the LDAP to the directories that you need.

PS - I currently run two Syno boxes, one on 5.X and one test box on 6.X. I plan to try the migration in January when my office is close so will prob (if I'm lucky) have a migration written up, which i could share once I figure it out and parse all the data from there.

Your older questions are as followed:

1) direct the synoldapserver to auto create home directories of your choosing once you create the users.

2) Assuming your getting spinning wheel, this will be as you have a directory that is not mapped correctly. I assume this is either (a: LDAP user defined directory is pointing in the wrong area or B: the directory is not available on your network)

3) no idea.

4) Syno's auto mount script is useless. create your own auto map that looks something like this (tailor to your use)

/MacHome -fstype=nfs,resvport nfs://fileserver.FQDN.local:/volume1/MacHome

Rgds,

Chris
rmigneron
Trainee
Trainee
Posts: 12
Joined: Thu Aug 27, 2015 2:26 pm

Re: Setting up Directory Server With OS X El Capitan Computer

Postby rmigneron » Sat Oct 08, 2016 6:18 pm

Hi Chris,

Thanks for the reply.

Some questions, because this doesn't seem to work either. I found the synoldapserver command in /var/packages/DirectoryServer/target/tool (for those still searching it).

1) Do I replace "fileserver.synology.com" with the URL of my synology as in "machine.local" (where machine is the name of my synology) ?

2) I assume I have to create MacHome with the Synology Interface -> Shared Folder -> Create

3) I then created a User, but it never created its home directory (neither in /volume2/homes or /volume2/MacHomes) --> PS: I do have the "Enable User Home Service" ticked in the standard user Advanced Panel

Cheers,

Richard
---------------
Richard Migneron
DS 1815+
RT 1900ac
Jehanzeb
Trainee
Trainee
Posts: 11
Joined: Mon Mar 30, 2015 2:17 pm

Re: Setting up Directory Server With OS X El Capitan Computer

Postby Jehanzeb » Tue Oct 11, 2016 8:41 pm

Good evening all,

Firstly thank you for informative discussion, please keep this updated as I am following it to find a solution for our setup. I gave up on directory server in summer as I had to setup 70+ users on Macs and directory server using ldap. Nothing worked properly other than the mac could find the directory server perfectly fine and was mapped but it always showed the user /home/user and not /homes/user. Since then I created local accounts for all users as I didn't have enough time.

Your post is like a light in the tunnel and giving me some strength to try the setup one more time...

Kindest regards

J.
rmigneron
Trainee
Trainee
Posts: 12
Joined: Thu Aug 27, 2015 2:26 pm

Re: Setting up Directory Server With OS X El Capitan Computer

Postby rmigneron » Tue Oct 11, 2016 9:34 pm

Hi J.

What I'd like is to be able to figure out where all the files related to a package are installed in order to be able to clean everything up completely after an uninstall. And then start fresh by re-installing.

That's the big problem with all these UI admin stuff, I dream of the Sun Solaris days, when we did everything with vi and the command line. We knew what we were doing in those days, and we could clean up after uninstall.

I think, I'll need to mail support on this one !

I'll try to post an howto when (if) I succeed !

Cheers,

R.
---------------
Richard Migneron
DS 1815+
RT 1900ac
Jehanzeb
Trainee
Trainee
Posts: 11
Joined: Mon Mar 30, 2015 2:17 pm

Re: Setting up Directory Server With OS X El Capitan Computer

Postby Jehanzeb » Wed Oct 12, 2016 9:19 pm

Thanks Richard, I contacted support at three instances regarding this issue with no success. The last time I contacted they said we cannot help as it works in their "environment" but don't get me wrong, the Synology support team helped me in other matters without fail. Perhaps I couldn't explain our issue properly to them so I would encourage to contact support and see if they can shed some light.

Thank you once again for supporting and willing to do the 'how to', I am sure it will help a lot of people out here.

Kindest regards

J.
btgoodwin89
I'm New!
I'm New!
Posts: 2
Joined: Sun Jan 08, 2017 4:59 pm

Re: Setting up Directory Server With OS X El Capitan Computer

Postby btgoodwin89 » Sun Jan 08, 2017 8:20 pm

I'm jumping in on this one too. I followed the website's version of instructions almost to the letter except that in another forum I saw to use RFC2307 rather than OpenDirectory mappings, and to put in the binding suffix when it prompts you (if your FQDN is ldap.blah.com, you do dc=ldap,dc=blah,dc=com). At that point I can log in successfully with my users but the auto mounting is broken.

Starting with their auto_syno script, I changed the third from the last line's "/var/services/homes" to "/volumeX/homes...", where in my case X=1.

Then, from a different forum suggestion, I made the script executable for the root user since it's not an actual exec map, but rather a bash script.

That got me to the point where upon login, I could see in /var/log/system.log that automountd was trying and failing with something called od_search:

Code: Select all

automountd[xxx]: od_search for username in auto_syno failed
-- last message repeated 1 time ---
automountd[xxx]: od_search for * in auto_syno failed
automountd[xxx]: parse_entry: getmapent for map auto_syno, key username failed


In all cases, username is the user's user name. Those lines repeat about 3-4 times, in various orders, before quitting. It seems like I'm really close but I'm not finding much help searching for od_search and parse_entry issues.

Anyone else get past this?
rmigneron
Trainee
Trainee
Posts: 12
Joined: Thu Aug 27, 2015 2:26 pm

Re: Setting up Directory Server With OS X El Capitan Computer

Postby rmigneron » Sun Aug 13, 2017 1:27 pm

Hi guys,

Been a long time, I'm coming back on this subject.

You also need to enable NFS, then export the homes directory (from the Shared folder tool in Syno UI Web), I'd suggest restricting the IP@ to your internal network, something like this : 192.168.1.0/255.255.255.0

When you are on the Mac, run the auto_syno script with one of the Users your created under LDAP, ex. : # auto_syno test1

you should get something like this as a message :

[mbpsoft:/etc] root# ./auto_syno test1
-fstype=nfs nanoserv.migneron.intra:/var/services/homes/@LH-MIGNERON.INTRA/61/test1-1000001

That doesn't mean that you are finished, it just means that the auto_syno will try to mount this directory under /home, on your Mac. The problem is : How do we get LDAP to behave and create the @LH ..., with the right permissions too !

I'm trying to do it by hand, but it ain't working.

From Stack Exchange, they say that under Linux, you also have to do something with PAM in /etc/pam.d - The problem here is that /etc/pam.d doesn't exist under Syno Linux (it's probably somewhere else) !

That's where I'm up to now.

Cheers,

Richard
---------------
Richard Migneron
DS 1815+
RT 1900ac

Return to “Directory Server”

Who is online

Users browsing this forum: No registered users and 1 guest