Home

Synology Directory Server User`s Guide

1. Control Panel LDAP AE 4 LDAP User LDAP Group Name Description Status admin idap synology com Normal Idapi idap synology com Normal ldap2 ldap synology com Normal Chapter 2 Join LDAP Clients to Directory Service 13 Synology Directory Server User s Guide Note LDAP users are not allowed to access the following DSM applications Photo Station Audio Station and Surveillance Station If LDAP users want to access DiskStation files with their computer via the AFP protocol they will need to authorize with the username LDAP_Username Suffix For example if the name of the LDAP user is Idap1 and the Base DN of the LDAP database is dc ldap dc synology dc com then the suffix would be Idap synology com and the user can authorize with the username Idap1 Idap synology com Join Client Computer to Directory Service This section explains how to join client computers to the directory service provided by Directory Server and configure the location of client computers home folders for LDAP users When the setup is complete users can log in to client computers operating system with their LDAP credentials and then store documents preference settings and other information in their home folders Supported operating systems Mac Mac OS X 10 6 or later is recommended Linux Linux users can choose from a variety of open source LDAP solutions to bind their computers to Directory Server Re
2. and in such event you agree to be bound by the GPL with respect to your use of such components Section 7 Audit Synology will have the right to audit your compliance with the terms of this EULA You agree to grant access to Synology to facilities equipment books records and documents and to otherwise reasonably cooperate with Synology in order to facilitate any such audit Section 8 Ownership The Software is valuable property of Synology and its licensors and is protected by copyright and other intellectual property laws and treaties Synology or its licensors own all right title and interest in and to the Software and all copyright and other intellectual property rights in the Software Section 9 Limited Warranty Synology warrants that for a period of ninety 90 days after either your a installation of the Software on Products that do not include pre installed Software or b use of a Product that includes pre installed Software as applicable the Warranty Period the Software will substantially conform to Synology s published specifications for the Software if any or otherwise set forth on the Web Site Synology will use commercially reasonable efforts to in Synology s sole discretion either correct any such nonconformity in the Software or replace any Software that fails to comply with the foregoing warranty provided that you give Synology written notice of such noncompliance within the Warranty Period The foreg
3. Synology product models purchased by Customer before February 29 2008 e Customer means the original person or entity purchasing the Product from Synology or an authorized Synology distributor or reseller f Product means a Category Product Category Il Product Category Ill Product or Category IV Product and any hardware incorporated into the product by Synology and any accompanying documentation g Software means the Synology proprietary software that accompanies the Product when purchased by Customer is downloaded by Customer at the Web Site or is pre installed on the Product by Synology and includes any firmware associated media images animations video audio text and applets incorporated into the software or Product and any updates or upgrades to such software h Warranty Period means i the period commencing on the date the Product is purchased by Customer and ending 1 five years after such date for Category Products 2 three years after such date for Category II Products or 3 two years after such date for Category Ill Products or 4 one year after such date for Category IV Products i Web Site means the Synology web site located at www synology com Section 2 Limited Warranty and Remedies 2 1 Limited Warranty Subject to Section 2 7 Synology warrants to Customer that each Product a will be free of material defects in workmanship and b under normal use will perform substantially in accordanc
4. add an NFS option that is not displayed in DSM s management UI but is necessary for Mac clients to access the home folders Use Telnet or SSH to log in to the DiskStation that will be used to store home folders Log in as root and authenticate using the password of DSM admin computername computerusernames telnet fileserver synology com fileserver login root Password DSM_admin s password Note Make sure Telnet or SSH is enabled on your DiskStation at Main menu gt Control Panel gt Terminal before logging in via Telnet SSH 7 Use the tool vi to edit the configuration file etc exports fileserver gt vi etc exports 8 Find the NFS rule you just created for your shared folder such as volume1 MacHome Type and then type insecure in the parentheses to add the insecure option to the NFS rule volumel MacHome Eu async no wdelay no root SsquashPinsecire insecure locks anonuid 0 anongid 0 etc exports Modified 0 0 100 9 Press the Esc key and then type ZZ to save the changes and exit vi The configuration of the shared folder s NFS rule is complete Now we need to set up Directory Server to automatically mount Mac clients home folders in this shared folder whenever an LDAP user is created Chapter 2 Join LDAP Clients to Directory Service Synology Directory Server User s Guide To set up Directory Server to automatically create Mac clients home folders 1 Use Telnet or SSH to l
5. computers IT administrators can bind all DiskStations or clients to Directory Server to maximize IT efficiency by centralizing the account system of all DiskStations or LDAP clients Employees and departments can enjoy the convenience of using the same account credentials to access all resources saving them the trouble of remembering different usernames and passwords for different DiskStations or computers This user s guide will guide you through the following Chapter 1 Setting up Directory Server and managing LDAP users and groups Chapter 2 Binding LDAP clients including DiskStation and client computers to Directory Server Set up Directory Server This chapter explains how to install and manage Synology Directory Server on your DiskStation to set it as an LDAP server When the setup is complete LDAP clients such as other DiskStations and Mac computers can bind to Directory Server for account integration Install and Launch Directory Server Before installing the Directory Server package on your DiskStation please check the following Your Internet connection is normal The volume of your DiskStation is normal The DiskStation Manager DSM of your DiskStation is updated to the latest version You are the DSM admin or a user belonging to the administrators group for your DiskStation To install and activate Directory Server 1 Log in to DiskStation Manager DSM as admin or a user belonging to the administrat
6. computers via the CIFS protocol Note If you bind your DiskStation to an LDAP server that is not Synology Directory Server enabling LDAP s CIFS support will enforce the PAM authorization mechanism which requires client computers to transfer plaintext password instead of encrypted one during account authentication LDAP users will need to modify their computer s settings to enable plaintext support before they can access DiskStation files via CIFS For detailed instructions click the Help button at the top right corner and then refer to the About CIFS Support and Client Computer s Settings section On the other hand if you bind your DiskStation to Synology Directory Server enabling LDAP s CIFS support will adopt the NTLM or NTLMv2 authorization mechanism which allows LDAP users to authorize with their user credentials without making any changes to their computer settings 6 Click OK 7 In the authentication window that appears do the following a Enter the distinguished name DN or account name of an LDAP administrator Such as root or a user belonging to Directory Server s Directory Operators group in the Bind DN or LDAP administrator account field b Enter the password for the LDAP administrator in the Password field c Click Apply After your DiskStation is bound to the LDAP server it will start retrieving the information of LDAP users or groups from the server and then display them under the LDAP User or LDAP Group tab
7. login root Password DSM_admin s password fileserver gt ed volumel MacHome rie serToR TIE drwxrwxrwx 6 root ROOL 1096 Sep 25 17 47 ruser DE root 4096 Sep 23 17 04 19 users 19 1096 Sep 22 17 39 admin L9 users 19 HOG SED NEA 11 ldap2 19 users 19 4096 Sep 22 17 42 ldap2 2 ldap3 19 users 19 A096 Sep 25 11 47 14453 19 Chapter 2 Join LDAP Clients to Directory Service 20 Synology Directory Server User s Guide Log in to Mac OS X Using LDAP User Credentials After Mac clients home folders for LDAP users are properly mounted your Mac will automatically mount the home folder for your LDAP user account upon login and you can start storing documents preference settings and other information in your home folder To log in to Mac OS X using LDAP user credentials Start up your Mac When you see the login window enter your LDAP user s name such as Idap3 and password in the fields and then click to log in Now you can open Mac Finder to store files in your home folder and modify preference settings About This M Software Update App Store System Preferences Dock Recent Items gt Force Quit System Preferences XORO Sleep Restart Shut Down Log Out Idap3 4 Idap3 Documents Downloads Movies Chapter 2 Join LDAP Clients to Directory Service Users amp Groups Current User Other Users Password se Login Items Chr
8. on Volume 1 4 Select the shared folder you just created and then click NFS Privileges g Control Panel Shared Folder 6 Ey Encryption Privileges Setup NFS Privileges D Search Mame Description Status volume cal volume 2 calendar Volume 1 download Volume 2 downloadi Volume 1 a encrypt volume 1 homes Volume 2 homes 1 user home volume 1 MacHome Volume 1 music Volume 1 music 1 System default shared folder volume 1 NetBackup System default shared folder Volume 1 NetBackup 1 System default shared folder Volume 1 5 Click Create to create an NFS rule Enter the hostname or IP address of NFS clients in the Hostname or IP field to specify which clients can access this shared folder The hostname or address specified here should allow access from both Directory Server and Mac clients In our Chapter 2 Join LDAP Clients to Directory Service 18 Synology Directory Server User s Guide example the asterisk will be treated as a wildcard that allows access from all NFS clients Keep other settings as is and click OK Click OK again to save the rule and exit the NFS Privileges window Edit NFS privileges of MacHome Hostname or IP Privilege Root squash M Enable asynchronous You may specify a host in three ways Single host Wildcards synology com Network segment 203 74 205 32 255 255 255 0 203 74 205 32 24 Mount pathy 6 Now we are going to
9. reside within the United States any dispute controversy or claim described in this Section shall be finally resolved by arbitration conducted by three neutral arbitrators in accordance with the procedures of the R O C Arbitration Law and related enforcement rules The arbitration shall take place in Taipei Taiwan R O C and the arbitration proceedings shall be conducted in English or if both parties so agree in Mandarin Chinese The arbitration award shall be final and binding on the parties and may be enforced in any court having jurisdiction Nothing in this Section shall be deemed to prohibit or restrict Synology from seeking injunctive relief or seeking such other rights and remedies as it may have at law or equity for any actual or threatened breach of any provision of this EULA relating to Synology s intellectual property rights Section 20 Attorneys Fees In any arbitration mediation or other legal action or proceeding to enforce rights or remedies under this EULA the prevailing party will be entitled to recover in addition to any other relief to which it may be entitled costs and reasonable attorneys fees Section 21 Severability If any provision of this EULA is held by a court of competent jurisdiction to be invalid illegal or unenforceable the remainder of this EULA will remain in full force and effect Section 22 Entire Agreement This EULA sets forth the entire agreement of Synology and you with respect to
10. then do the following a Check the green light next to the Network Account Server to make sure your Mac has successfully bound to Directory Server If your Mac has joined multiple network account servers click Edit and check the green light next to your Directory Server b Select Name and password in the Display login window as section c Tick Allow network users to log in at login window Users amp Groups Current User Chris Lai Automatic login Chris Lai Admin i Other Users ENU Standard Guest Usi i Er sare vi Show the Sleep Restart and Shut Down buttons Display login window as List of users Name and password Mi Show Input menu in login window Mf Show password hints M Show fast user switching menu as Full Name I Allow network users to log in at login window Options c C Use VoiceOver in the login window fot Login Options Network Account Server fileserver synology com Edit i r Click the lock to prevent further changes Chapter 2 Join LDAP Clients to Directory Service Synology Directory Server User s Guide Create Mac Clients Home Folders for LDAP Users Your Mac is successfully bound to Directory Server and you should be able to log in to Mac OS X with your LDAP user credentials However since the home folder for the user is not created yet you might see a window containing the following error message after login indicating the home folder for the LDAP use
11. ESS OR IMPLIED ARISING BY LAW OR OTHERWISE WITH RESPECT TO THE PRODUCT ACCOMPANYING DOCUMENTATION OR SOFTWARE AND ANY OTHER GOODS OR SERVICES DELIVERED UNDER THIS WARRANTY INCLUDING BUT NOT LIMITED TO ANY A IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE B IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE COURSE OF DEALING OR USAGE OF TRADE C CLAIM OF INFRINGEMENT OR MISAPPROPRIATION OR D CLAIM IN TORT WHETHER BASED ON NEGLIGENCE STRICT LIABILITY PRODUCT LIABILITY OR OTHER THEORY SYNOLOGY MAKES NO GUARANTEE AND SPECIFICALLY DISCLAIMS ANY WARRANTY THAT THE DATA OR INFORMATION STORED ON ANY SYNOLOGY PRODUCT WILL BE SECURE AND WITHOUT RISK OF DATA LOSS SYNOLOGY RECOMMENDS THAT CUSTOMER TAKES APPROPRIATE MEASURES TO BACK UP THE DATA STORED ON THE PRODUCT SOME STATES DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES SO THE ABOVE LIMITATION MAY NOT APPLY TO CUSTOMER Section 3 Limitations of Liability 3 1 Force Majeure Synology will not be liable for or be considered to be in breach of or default under this Warranty on account of any delay or failure to perform as required by this Warranty as a result of any cause or condition beyond its reasonable control including without limitation any act or failure to act by Customer 3 2 Disclaimer of Certain Damages IN NO EVENT WILL SYNOLOGY OR ITS SUPPLIERS BE LIABLE FOR THE COST OF COVER OR FOR ANY INCIDENTAL INDIRECT SPECIAL PUNITI
12. PEN THE BOX CONTAINING THE PRODUCT INSTALL THE SOFTWARE OR USE THE PRODUCT CONTAINING THE SOFTWARE INSTEAD YOU MAY RETURN THE PRODUCT TO THE RESELLER WHERE YOU PURCHASED IT FOR A REFUND IN ACCORDANCE WITH THE RESELLER S APPLICABLE RETURN POLICY Section 1 Limited Software License Subject to the terms and conditions of this EULA Synology grants you a limited non exclusive non transferable personal license to install run and use one copy of the Software on the Product solely in connection with your authorized use of the Product Section 2 Documentation You may make and use a reasonable number of copies of any documentation provided with the Software provided that such copies will only be used for internal business purposes and are not to be republished or redistributed either in hard copy or electronic form to any third party Section 3 Backup You may make a reasonable number of copies of the Software for backup and archival purposes Section 4 Updates Any software provided to you by Synology or made available on the Synology web site at www synology com Web Site that updates or supplements the original Software is governed by this EULA unless separate license terms are provided with such updates or supplements in which case such separate terms will govern Section 5 License Limitations The license set forth in Section 1 applies only to the extent you have ordered and paid for the Product and it states the entirety
13. R INCLUDING BUT NOT LIMITED TO LOSS OF DATA INFORMATION REVENUE PROFIT OR BUSINESS ARISING OUT OF OR RELATING TO THE USE OR INABILITY TO USE THE SOFTWARE OR OTHERWISE UNDER OR IN CONNECTION WITH THIS EULA OR THE SOFTWARE WHETHER BASED ON CONTRACT TORT INCLUDING NEGLIGENCE STRICT LIABILITY OR OTHER THEORY EVEN IF SYNOLOGY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Section 13 Limitation of Liability SYNOLOGY S AND ITS SUPPLIERS LIABILITY ARISING OUT OF OR RELATING TO THE USE OR INABILITY TO USE THE SOFTWARE OR OTHERWISE UNDER OR IN CONNECTION WITH THIS EULA OR THE SOFTWARE IS LIMITED TO THE AMOUNT ACTUALLY PAID BY YOU FOR THE PRODUCT REGARDLESS OF THE AMOUNT OF DAMAGES YOU MAY INCUR AND WHETHER BASED ON CONTRACT TORT INCLUDING NEGLIGENCE STRICT LIABILITY OR OTHER THEORY The foregoing disclaimer of warranties disclaimer of certain damages and limitation of liability will apply to the maximum extent permitted by applicable law The laws of some states jurisdictions do not allow the exclusion of implied warranties or the exclusion or limitation of certain damages To the extent that those laws apply to this EULA the exclusions and limitations set forth above may not apply to you Section 14 Export Restrictions You acknowledge that the Software is subject to U S export restrictions You agree to comply with all applicable laws and regulations that apply to the Software including without limitation the U S Expo
14. VE CONSEQUENTIAL OR SIMILAR DAMAGES OR LIABILITIES WHATSOEVER INCLUDING BUT NOT LIMITED TO LOSS OF DATA INFORMATION REVENUE PROFIT OR BUSINESS ARISING OUT OF OR RELATING TO THE USE OR INABILITY TO USE THE PRODUCT ANY ACCOMPANYING DOCUMENTATION OR SOFTWARE AND ANY OTHER GOODS OR SERVICES PROVIDED UNDER THIS WARRANTY WHETHER BASED ON CONTRACT TORT INCLUDING NEGLIGENCE STRICT LIABILITY OR OTHER THEORY EVEN IF SYNOLOGY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES 3 3 Limitation of Liability SYNOLOGY S AND ITS SUPPLIERS LIABILITY ARISING OUT OF OR RELATING TO THE USE OR INABILITY TO USE THE PRODUCT ANY ACCOMPANYING DOCUMENTATION OR SOFTWARE AND ANY OTHER GOODS OR SERVICES PROVIDED UNDER THIS WARRANTY IS LIMITED TO THE AMOUNT ACTUALLY PAID BY CUSTOMER FOR THE PRODUCT REGARDLESS OF THE AMOUNT OF DAMAGES CUSTOMER MAY INCUR AND WHETHER BASED ON CONTRACT TORT INCLUDING NEGLIGENCE STRICT LIABILITY OR OTHER THEORY The foregoing disclaimer of certain damages and limitation of liability will apply to the maximum extent permitted by applicable law The laws of some states jurisdictions do not allow exclusion or limitation of certain damages To the extent that those laws apply to the Product the exclusions and limitations set forth above may not apply to Customer Section 4 Miscellaneous 4 1 Proprietary Rights The Product and any accompanying Software and documentation provided with the Product include proprietary and
15. an be bound to only one LDAP server at a time If you use the LDAP functionality mentioned in this section to bind your DiskStation to a server that don t contain the object class posixAccount for its users and groups Such as Windows Domain Controller or Microsoft Exchange Server your DiskStation will not be able to retrieve the information of LDAP users and groups from the server 12 Synology Directory Server User s Guide f you want to bind your DiskStation to a Windows Domain Controller to retrieve the information of domain users and groups go to Main Menu gt Control Panel gt Win Mac NFS gt Domain Workgroup However you are not allowed to bind your DiskStation to an LDAP server and Windows Domain Controller at the same time To bind your DiskStation to an LDAP server 1 Log in to DSM as admin or a user belonging to the administrators group go to Main Menu gt Control Panel gt LDAP and then tick Enable LDAP Client 2 Enter the IP address or hostname of the LDAP server in the LDAP Server address field 3 Choose an encryption type from the Encryption drop down menu to secure LDAP connection with encryption mechanism 4 Enter the Base DN of the LDAP server in the Base DN field or choose an available Base DN from the Base DN drop down menu Note For more information about Base DN see Enable Directory Server on Page 6 5 Tick Enable Windows CIFS support to allow LDAP users to access DiskStation files with their
16. e with Synology s published specifications for the Product during the Warranty Period Synology warrants the Software as set forth in the accompanying end user license agreement provided with the Product if any 2 2 Product Registration Customers may register Products with Synology and may obtain the manufacturing date for Category Products Category II Products and Category III Products at the Web Site The failure to register a Product at the Web Site will not diminish the warranty rights set forth in Section 2 1 Synology is not responsible for Customer s failure to identify the manufacturing date of any Product 2 3 Exclusive Remedy If Customer gives notice of noncompliance with any of the warranties set forth in Section 2 1 within the applicable Warranty Period in the manner set forth below then upon verification of the noncompliance by Synology Synology will at Synology s option a use commercially reasonable efforts to repair the Product or b replace the noncomplying Product or part thereof upon return of the complete Product in accordance with Section 2 4 The foregoing sets forth Synology s entire liability and Customer s sole and exclusive remedy for any breach of warranty under Section 2 1 or any other defect or deficiency in the Product Customer will reasonably assist Synology to diagnose and validate any nonconformity with the Product The warranty set forth in Section 2 1 does not include 1 any warranty relating t
17. ed name of the user in the LDAP database is uid username cn users Base_DN Chapter 1 Set up Directory Server Synology Directory Server User s Guide To create an LDAP group and add group members 1 Click Group on the left panel and then click the Create button 2 Specify the following information for the LDAP group and then click Next Group name The name of the group will be stored as the cn attribute in the LDAP database Group description optional The description of the group will be stored as the description attribute in the LDAP database Group Creation Wizard Group information unne Fill in the following fields This field is required 3 Click Apply to create the LDAP group The distinguished name of the group in the LDAP database is cn groupname cn groups cn Base DN 4 Do the following to add group members a Select the group you want and click Edit Members b Click Create select the users you want to add to the group from the user list press and hold the Ctrl or Shift key for multiple selections and then click OK In the LDAP database the memberUid attribute will be given to LDAP users added to this group c Click Finish Note You are not allowed to edit group members for the users group To edit or delete the LDAP users or groups 1 Click User or Group on the left panel 2 Click Edit or Delete and follow onscreen instructions to complete the process 10 Chapter 1 Set up Directo
18. fer to related documentation for detailed instructions Note Directory Server does not support Windows domain so you are not allowed to bind your Windows PC to Directory Server to join Windows domain Bind Mac Clients to Directory Server If you are the administrator of your Mac you can bind your Mac to Directory Server at the Users amp Group preference pane and Directory Utility Chapter 2 Join LDAP Clients to Directory Service 14 Synology Directory Server User s Guide To bind your Mac to Directory Server using Mac OS X 10 7 for example 1 Go to Apple menu gt System Preferences gt Users amp Groups and do the following a Click Login Options If the options appear to be grayed out click the lock icon at the bottom left corner and then use Mac administrator s password to unlock the options b Click Join c In the dialog that appears click Open Directory Utility to launch Directory Utility ry Current User ii You can enter the address of an Open Directory Server or Active Directory BG Chris Lai D Admin an i Other Users C ENU r Standard p Guest Use 1 Sharing only M Show Input menu in login window v Show password hints VI Show fast user switching menu as Full Name al _ Use VoiceOver in the login window b Network Account Server Join f a Click the lock to prevent further changes Chapter 2 Join LDAP Clients to Directory Ser
19. intellectual property rights of Synology and its third party suppliers and licensors Synology retains and reserves all right title and interest in the intellectual property rights of the Product and no title to or ownership of any intellectual property rights in or to the Product any accompanying Software or documentation and any other goods provided under this Warranty is transferred to Customer under this Warranty Customer will a comply with the terms and conditions of the Synology end user license agreement accompanying any Software furnished by Synology or an authorized Synology distributor or reseller and b not attempt to reverse engineer any Product or component thereof or accompanying Software or otherwise misappropriate circumvent or violate any of Synology s intellectual property rights 4 2 Assignment Customer will not assign any of its rights under this Warranty directly by operation of law or otherwise without the prior written consent of Synology 4 3 No Additional Terms Except as expressly permitted by this Warranty neither party will be bound by and each party specifically objects to any term condition or other provision that conflicts with the provisions of this Warranty that is made by the other party in any purchase order receipt acceptance confirmation correspondence or otherwise unless each party specifically agrees to such provision in writing Further if this Warranty conflicts with any terms or cond
20. is Lai Ku Change Password J v Admin ENU Full name Idap3 Standard Guest User Sharing only Apple ID Set Mobile account Create Address Book Card Open Allow user to reset password using Apple ID fa Login Options sa ss Allow user to administer this computer M w Click the lock to prevent further changes 21 Synology Directory Server User s Guide Learn More For more information or online resources about your DiskStation please visit www synology com Chapter 2 Join LDAP Clients to Directory Service SYNOLOGY INC END USER LICENSE AGREEMENT IMPORTANT READ CAREFULLY THIS END USER LICENSE AGREEMENT EULA IS A LEGAL AGREEMENT BETWEEN YOU EITHER AN INDIVIDUAL OR A SINGLE ENTITY AND SYNOLOGY INC AND ITS AFFILIATES INCLUDING SYNOLOGY AMERICAN CORP AND SYNOLOGY UK LTD COLLECTIVELY SYNOLOGY FOR ANY SYNOLOGY SOFTWARE TOGETHER WITH ANY OTHER ASSOCIATED FIRMWARE MEDIA PRINTED MATERIALS AND ONLINE OR ELECTRONIC DOCUMENTATION COLLECTIVELY THE SOFTWARE AVAILABLE FOR DOWNLOAD AT WWW SYNOLOGY COM OR PROVIDED WITH OR INSTALLED ON A SYNOLOGY PRODUCT THE PRODUCT YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA BY OPENING THE PACKAGE CONTAINING THE SOFTWARE INSTALLING THE SOFTWARE NOT OTHERWISE PRE INSTALLED BY SYNOLOGY ON A PRODUCT OR OTHERWISE USING A PRODUCT THAT INCLUDES PRE INSTALLED SOFTWARE IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA DO NOT O
21. itions of any other agreement entered into by the parties with respect to the Product this Warranty will prevail unless the other agreement specifically references the sections of this Warranty that it supersedes 4 4 Applicable Law Unless expressly prohibited by local law this Warranty is governed by the laws of the State of Washington U S A without regard to any conflict of law principles to the contrary The 1980 U N Convention on Contracts for the International Sale of Goods or any successor thereto does not apply 4 5 Dispute Resolution Any dispute controversy or claim arising out of or relating to this Warranty the Product or services provided by Synology with respect to the Product or the relationship between Customers residing within the United States and Synology will be resolved exclusively and finally by arbitration under the current commercial rules of the American Arbitration Association except as otherwise provided below The arbitration will be conducted before a single arbitrator and will be limited solely to the dispute between Customer and Synology The arbitration or any portion of it will not be consolidated with any other arbitration and will not be conducted on a class wide or class action basis The arbitration shall be held in King County Washington U S A by submission of documents by telephone online or in person as determined by the arbitrator at the request of the parties The prevailing party in any a
22. logy Synology Directory Server User s Guide Table of Contents Chapter 1 Set up Directory Server Install and Launch Directory Server rerarnnrvrarnrvrrannvvrrnnnrnrsnnnvrnnnnnnsnnnvnrsnnnnnssnnnnnsnnnvnrsnnnnrsnnnnsnnnnnrsnnnnnrsnnnnnsnnnnnnsnnnnnsnnnnssn 4 Enable Directory SENG secr renere aeee Gammeldans d me 6 Manage LDAP Users Groups with Directory Server rrrrrrsrvrrrnvvrrrrvvrrrnnvrrrrnvrrrsnnvrrrnnvvrrrnnnnrrrnnnerrnnnnrrsnnnsrsnnvessnnnnsssnnnesnn 7 Chapter 2 Join LDAP Clients to Directory Service Join DiskStation to Direct ry SEMEE vis ccessecsactarsunnccesassiecameswestuneameswatansesn sanseenaneewateedeamsuuscecdenmennnstuesdsceanesbietapsuaseameseastiacon 11 Join Client Computer to Directory SrviCe ccccsscccsssseccssssecssssecssssecsssssecsssusecssauecsssnsecsssussscssecseesecseusesseaueessseeesssensessaneeess 13 Bind Mac Clients to Directory Server cccccsssssccssseccssssecssssccssssecsssssecsssusecssasecssusecesaeecssauececeusessesueesssasesessnsesesaness 13 Create Mac Clients Home Folders for LDAP USEYS cccssccssssscessseeeeesseesseecessseeeseneeecssaeeesesseeeseeeesenseesssaeeeseaaees 17 Log in to Mac OS X Using LDAP User Credentials cc ccccccecsssccesssecessneeeesseeessnaeecsseeeessseeesesueeesseeessneeessnneeeseanees 20 Introduction Synology Directory Server provides Lightweight Directory Access Protocol LDAP directory service that offers account i
23. lusively and finally by arbitration under the current commercial rules of the American Arbitration Association if you reside in the United States except as otherwise provided below In such cases the arbitration will be conducted before a single arbitrator and will be limited solely to the dispute between you and Synology The arbitration or any portion of it will not be consolidated with any other arbitration and will not be conducted on a class wide or class action basis The arbitration shall be held in King County Washington U S A by submission of documents by telephone online or in person as determined by the arbitrator at the request of the parties The prevailing party in any arbitration or legal action occurring within the United States or otherwise shall receive all costs and reasonable attorneys fees including any arbitration fee paid by the prevailing party Any decision rendered in such arbitration proceedings will be final and binding on the parties and judgment may be entered thereon in any court of competent jurisdiction You understand that in the absence of this provision you would have had a right to litigate any such dispute controversy or claim in a court including the right to litigate claims on a class wide or class action basis and you expressly and knowingly waives those rights and agrees to resolve any disputes through binding arbitration in accordance with the provisions of this Section 19 If you do not
24. ntegration and authentication support for LDAP enabled applications With LDAP integration applications and services that previously required separate sets of user group accounts now require users and groups to authenticate with the same account credentials Directory Server simplifies the tasks of adding modifying and deleting user accounts among all LDAP enabled applications For example If the password for a user is changed in Directory Server the change will be applied to the applications simultaneously allowing the user to access all the applications with the new password Likewise with the help of Directory Server adding or removing users or moving users between groups is just as easy Therefore if a company is undergoing corporate restructuring IT professionals can add or remove employees users or groups to cope with personnel changes or move users between groups to allow or deny employees access to individual department s resources All privilege settings can be done in one convenient place and applied to all applications saving IT professionals the trouble of repeatedly making the same changes for each application The above examples demonstrate Directory Server s capability to centrally manage user group accounts and simplify access control for applications and resources which not only enhances network security but also reduces management costs Directory Server can work seamlessly with multiple DiskStations or Mac Linux
25. o the Software 2 physical installation or removal of the Product from Customer s site 3 visits to Customer s site 4 labor necessary to effect repairs or replace defective parts other than during Synology s or its contracted service providers normal local business hours exclusive of weekends and service providers holidays 5 any work with any third party equipment or software 6 any warranty of the hard disk if installed by Customer or any other third party or 7 any warranty of compatibility with the hard disk 2 4 Return Any Product returned by Customer under Section 2 3 must be assigned a Return Merchandise Authorization RMA number by Synology before shipment and must be returned in accordance with Synology s then current RMA procedures Customer may contact any authorized Synology distributor or reseller or Synology Support to obtain assistance in obtaining an RMA and must provide proof of purchase and product serial number when asking for such assistance For warranty claims Customer must return the complete Product to Synology in accordance with this Section 2 4 to be eligible for coverage under this Warranty Any Product returned without an RMA number or any Product that has been disassembled except under the direction of Synology will be refused and returned to Customer at Customer s expense Any Product that has been assigned a RMA number must be returned in the same condition as it was received from Synology t
26. o the address designated by Synology freight pre paid in packaging sufficient to protect the contents thereof and with the RMA number prominently displayed on the outside of the box Customer is responsible for insurance and risk of loss with respect to returned items until they are properly received by Synology A Product issued a RMA number must be returned within fifteen 15 days after issuance of the applicable RMA number 2 5 Replacement by Synology If Synology elects to replace any Product under this Warranty set forth in Section 2 1 then Synology will ship a replacement Product at Synology s expense via the shipping method selected by Synology after receipt of the nonconforming Product returned in accordance with Section 2 4 and validation by Synology that the Product does not conform to the warranty Replacement Product will be new or serviceably used comparable in function and performance to the original Product and warranted for the remainder of the original Warranty Period or thirty 30 days after it is shipped to Customer whichever period is longer Any Product found by Synology to be non defective will be returned to Customer 2 6 Support During the Warranty Period Synology will make available to Customer the support services Following the expiration of the applicable Warranty Period support for Products may be available from Synology upon written request 2 7 Exclusions The foregoing warranties and warranty obligation
27. of your rights with respect to the Software Synology reserves all rights not expressly granted to you in this EULA Without limiting the foregoing you will not and you will not authorize or permit any third party to a use the Software for any purpose other than in connection with the Product b license distribute lease rent lend transfer assign or otherwise dispose of the Software or use the Software in any commercial hosted or service bureau environment c reverse engineer decompile disassemble or attempt to discover the source code for or any trade secrets related to the Software except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation d adapt modify alter translate or create any derivative works of the Software e remove alter or obscure any copyright notice or other proprietary rights notice on the Product or f circumvent or attempt to circumvent any methods employed by Synology to control access to the components features or functions of the Product or Software Section 6 Open Source The Software may contain components licensed to Synology under the GNU General Public License GPL Components currently available at http www gnu org licenses gpl html The terms of the GPL will control solely with respect to the GPL Components to the extent that this EULA conflicts with the requirements of the GPL with respect to your use of the GPL Components
28. og in to the DiskStation that hosts Directory Server Log in as root and authenticate using the password of DSM admin computername computerusernames telnet fileserver synology com fileserver login root Password DSM admin s password Note Make sure Telnet or SSH is enabled on your DiskStation at Main menu gt Control Panel gt Terminal before logging in via Telnet SSH 2 Use the tool synoldapserver to add the automount information synoldapserver automount Hostname OR IP address of NFS Server Home Folder Path For example we have set up the DiskStation fileserver synology com to store Mac clients home folders in its shared folder volume1 MacHome Therefore we can use the following command to add the automount information fileserver gt synoldapserver automount fileserver synology com volumel MacHome Directory Server will automatically create the home folders for each LDAP user at the home folder path 3 To confirm that the home folders are successfully created use Telnet or SSH to log in to the DiskStation which is set up to contain the home folders such as fileserver synology com navigate to the home folder path using the cd command and then browse its contents using the Is or II command If you see the list of home folders named after the LDAP users the home folders are successfully created computername computerusernames telnet fileserver synology com fileserver
29. oing warranty does not apply to any noncompliance resulting from any W use reproduction distribution or disclosure not in accordance with this EULA x any customization modification or other alteration of the Software by anyone other than Synology y combination of the Software with any product services or other items provided by anyone other than Synology or z your failure to comply with this EULA Section 10 Support During the Warranty Period Synology will make available to you the support services Following the expiration of the applicable Warranty Period support for Software may be available from Synology upon written request Section 11 Disclaimer of Warranties EXCEPT AS EXPRESSLY SET FORTH ABOVE SYNOLOGY AND ITS SUPPLIERS PROVIDE THE SOFTWARE AS IS AND WITH ALL FAULTS SYNOLOGY AND ITS SUPPLIERS HEREBY DISCLAIM ALL OTHER WARRANTIES EXPRESS IMPLIED OR STATUTORY ARISING BY LAW OR OTHERWISE INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR USE TITLE AND NONINFRINGEMENT WITH REGARD TO THE SOFTWARE WITHOUT LIMITING THE FOREGOING SYNOLOGY DOES NOT WARRANT THAT THE SOFTWARE WILL BE FREE OF BUGS ERRORS VIRUSES OR OTHER DEFECTS Section 12 Disclaimer of Certain Damages IN NO EVENT WILL SYNOLOGY OR ITS LICENSORS BE LIABLE FOR THE COST OF COVER OR FOR ANY INCIDENTAL INDIRECT SPECIAL PUNITIVE CONSEQUENTIAL OR SIMILAR DAMAGES OR LIABILITIES WHATSOEVE
30. ors group 2 Go to Main Menu gt Package Center 3 Click the Available tab and click the Install button in the Directory Server section Follow onscreen instructions to complete the installation process Package Center oe install Update Installed Available Packages by Synology Directory Server am HiDrive Backup Directory Server provides LDAP service with HiDrive Backup provides quick and flexible centralize way to ba Install Install Mail Station Squeezebox Server aa Mail Station 2 provides webmail service for Squeezebox Server streams music stored on you to 4 DiskStation Install i Install Syslog Server l Time Backup Syslog Server offers an easy solution for l Time Backup is an Innovative solution that gathering an backs up Di Install Install Synology Directory Server User s Guide 4 Click the Installed tab click Run in the Directory Server section and then follow onscreen instructions to activate Directory Server Package Center install 7 Update Available Packages Directory Server version 1 0 1922 uninstall Run Chapter 1 Set up Directory Server Synology Directory Server User s Guide Enable Directory Server After the Directory Server package is installed and activated go to Main Menu gt Directory Server to enable the application Note If you have set up port forwarding or firewall rules for your DiskStation make s
31. r is not created yet The home folder for user LDAP_Username isn t located in the usual place or can t be accessed Under the circumstances unless the location of the home folder for your LDAP user account is properly configured you might not be able to open Finder or modify any settings after login The location of the home folder could be the shared folder on any NFS server such as the DiskStation that hosts Directory Server any other DiskStation with NFS enabled or a Mac Linux server This section explains how to do the following Setting up a DiskStation as the location of Mac clients home folders for LDAP users Setting up Directory Server to access the DiskStation via NFS to automatically create Mac clients home folders Note Since Mac clients home folders will be used to contain all the files and preference settings for all LDAP users it is recommended that you specify a DiskStation or NFS server with storage space large enough to store the files for all LDAP users To configure the location of Mac clients home folders for LDAP users 1 Log in to the DSM of the DiskStation that will be used to store the home folders such as fileserver synology com as DSM admin or a user belonging to the administrators group 2 Go to Main Menu gt Control Panel gt Win Mac NFS to make sure the NFS service is enabled 3 Go to Main Menu gt Control Panel gt Shared Folder to create a shared folder such as MacHome
32. rator account Chapter 1 Set up Directory Server Synology Directory Server User s Guide Manage LDAP Users Groups with Directory Server You can create and manage LDAP users groups with Directory Server To do so go to Main Menu gt Directory Server and then click User or Group on the left panel Built in user account admin built in user group account users administrators Directory Operators To create an LDAP user 1 Click User on the left panel Here you can see the built in user account named admin By default LDAP admin has administrative privileges to the LDAP database Note The password of admin is the one you specified on the Settings page See Enable Directory Server on Page 6 for more information 2 Click Create Directory Server 90060 Management D Search Settings Name Description Email Status 4 Backup and Restore admin Directory Diskstatio Normal Group K Page 1 of gt M EC Displaying 1 10f 1 Me 7 Chapter 1 Set up Directory Server Synology Directory Server User s Guide 3 Specify the following information for the LDAP user and then click Next Name The name of the user will be stored as the uid attribute in the LDAP database Description optional The description of the user will be stored as the gecos attribute Email optional The email address of the user will be stored as the mail attribute Password The password of the user will be sto
33. rbitration or legal action occurring within the United States or otherwise shall receive all costs and reasonable attorneys fees including any arbitration fee paid by the prevailing party Any decision rendered in such arbitration proceedings will be final and binding on the parties and judgment may be entered thereon in any court of competent jurisdiction Customer understands that in the absence of this provision Customer would have had a right to litigate any such dispute controversy or claim in a court including the right to litigate claims on a class wide or class action basis and Customer expressly and knowingly waives those rights and agrees to resolve any disputes through binding arbitration in accordance with the provisions of this Section 4 5 For Customers not residing within the United States any dispute controversy or claim described in this section shall be finally resolved by arbitration conducted by three neutral arbitrators in accordance with the procedures of the R O C Arbitration Law and related enforcement rules The arbitration shall take place in Taipei Taiwan R O C and the arbitration proceedings shall be conducted in English or if both parties so agree in Mandarin Chinese The arbitration award shall be final and binding on the parties and may be enforced in any court having jurisdiction Nothing in this Section shall be deemed to prohibit or restrict Synology from seeking injunctive relief or seeking such o
34. red as the userPassword attribute Disallow the user to change account password optional This information will be stored as the shadowMin attribute Disable this account optional This information will be stored as the shadowExpire attribute User Creation Wizard User information Fill in the following fields Name Description Email Password Confirm password Disallow the user to change account password Disable this account Immediately After E This field is required Chapter 1 Set up Directory Server MINE con 4 Tick the checkbox s to add the user to the following built in group s and click Next Synology Directory Server User s Guide administrators Users added to this group will have the same administrative privileges as DSM admin Directory Operators Users added to this group will have administrative privileges of the LDAP database users This is the default group for all LDAP users If users in this group are not added to the administrators or Directory Operators group they will not have DSM or LDAP administrative privileges User Creation Wizard Join groups Please select groups Name a administrators Directory Operators Users III Description wj Add Diskstation default admin group fw Directory default admin group ral Directory default group Ei 5 Click Apply to create the LDAP user The distinguish
35. rt Administration Regulations Section 15 U S Government License Rights AI Software provided to the U S Government is provided with the commercial license rights and restrictions described in this EULA By installing copying or using the Software the U S Government agrees that the Software is commercial computer software or commercial computer software documentation within the meaning of FAR Part 12 Section 16 Termination Without prejudice to any other rights Synology may terminate this EULA if you do not abide by the terms and conditions contained herein In such event you must cease use of the Software and destroy all copies of the Software and all of its component parts Section 17 Assignment You may not transfer or assign your rights under this EULA to any third party Any such transfer or assignment in violation of the foregoing restriction will be void Section 18 Applicable Law Unless expressly prohibited by local law this EULA is governed by the laws of the State of Washington U S A without regard to any conflict of law principles to the contrary The 1980 U N Convention on Contracts for the International Sale of Goods or any successor thereto does not apply Section 19 Dispute Resolution Any dispute controversy or claim arising out of or relating to this Warranty the Software or services provided by Synology with respect to the Software or the relationship between you and Synology will be resolved exc
36. ry Server 11 Join LDAP Clients to Directory Service When the directory service is set up on Directory Server or any other LDAP server Synology DiskStations and other LDAP clients such as Mac and Linux computers can be bound to the server to join the directory service This chapter explains how to join DiskStations and client computers to the directory service provided by Directory Server or any other LDAP server Join DiskStation to Directory Service You can bind your DiskStation to Synology Directory Server or other LDAP server such as Linux LDAP Server or Mac OpenDirectory Server that contains the object class posixAccount for its users and groups When the binding process is complete your DiskStation will retrieve the information of LDAP users and groups from the LDAP server allowing users with LDAP credentials to access DiskStation files via the web based DiskStation Manager DSM or file sharing protocols CIFS AFP etc You can also manage LDAP users and groups access privileges to DiskStation services and shared folders just as you would with DSM local users or groups Control Panel LDAP L LDAP LDAP user LDAP Group f l Enable LDAP Client LDAP Server address fileserver synology com Encryption None Base DN dc lIdap dc synology dc com M Enable Windows CIFS support Connection status Connected Synology Directory Server Support and Limitations Your DiskStation c
37. s do not apply to any Product that a has been installed or used in a manner not specified or described in the Product specifications b has been repaired modified or altered by anyone other than Synology or its agent or designee c has been in any way misused abused or damaged d has been used with items not provided by Synology other than the hardware or software for which the Product is designed or e otherwise fails to conform to the Product specifications and such failure is attributable to causes not within or under Synology s control Further the foregoing warranties will be void if 1 Customer disassembles the Product except as authorized by Synology 2 Customer fails to implement any correction modification enhancement improvement or other update made available to Customer by Synology or 3 Customer implements installs or uses any correction modification enhancement improvement or other update made available by any third party The warranty set forth in Section 2 1 will terminate upon Customer s sale or transfer of the Product to a third party 2 8 Disclaimer of Warranties THE WARRANTIES OBLIGATIONS AND LIABILITIES OF SYNOLOGY AND THE REMEDIES OF CUSTOMER SET FORTH IN THIS WARRANTY ARE EXCLUSIVE AND IN SUBSTITUTION FOR AND CUSTOMER HEREBY WAIVES RELEASES AND DISCLAIMS ALL OTHER WARRANTIES OBLIGATIONS AND LIABILITIES OF SYNOLOGY AND ALL OTHER RIGHTS CLAIMS AND REMEDIES OF CUSTOMER AGAINST SYNOLOGY EXPR
38. the Software and the subject matter hereof and supersedes all prior and contemporaneous understandings and agreements whether written or oral No amendment modification or waiver of any of the provisions of this EULA will be valid unless set forth in a written instrument signed by the party to be bound thereby SYNOLOGY INC LIMITED PRODUCT WARRANTY THIS LIMITED WARRANTY WARRANTY APPLIES TO THE PRODUCTS AS DEFINED BELOW OF SYNOLOGY INC AND ITS AFFILIATES INCLUDING SYNOLOGY AMERICA CORP AND SYNOLOGY UK LTD COLLECTIVELY SYNOLOGY YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS WARRANTY BY OPENING THE PACKAGE CONTAINING AND OR USING THE PRODUCT IF YOU DO NOT AGREE TO THE TERMS OF THIS WARRANTY DO NOT USE THE PRODUCT INSTEAD YOU MAY RETURN THE PRODUCT TO THE RESELLER WHERE YOU PURCHASED IT FOR A REFUND IN ACCORDANCE WITH THE RESELLER S APPLICABLE RETURN POLICY Section 1 Definitions a Category Product means Synology product models RS810 RS810RP and RX410 b Category Il Product means Synology product models DS712 DS3611xs DS2411 DS1511 DS1010 DS710 DS509 DS508 RS812 RS212 RS3411xs RS3411RPxs RS2211 RS2211RP RS411 RS409RP RS409 RS409 RS408 RP RS408 RS407 RX1211 RX1211RP DX1211 DX510 DX5 RX4 and RAM Module 1GB 2GB c Category Ill Product means all other Synology product models purchased by Customer after March 1 2008 d Category IV Product means all other
39. ther rights and remedies as it may have at law or equity for any actual or threatened breach of any provision of this Warranty relating to Synology s intellectual property rights 4 6 Attorneys Fees In any arbitration mediation or other legal action or proceeding to enforce rights or remedies under this Warranty the prevailing party will be entitled to recover in addition to any other relief to which it may be entitled costs and reasonable attorneys fees 4 7 Export Restrictions You acknowledge that the Product may be subject to U S export restrictions You will comply with all applicable laws and regulations that apply to the Product including without limitation the U S Export Administration Regulations 4 8 Severability If any provision of this Warranty is held by a court of competent jurisdiction to be invalid illegal or unenforceable the remainder of this Warranty will remain in full force and effect 4 9 Entire Agreement This Warranty constitutes the entire agreement and supersedes any and all prior agreements between Synology and Customer related to the subject matter hereof No amendment modification or waiver of any of the provisions of this Warranty will be valid unless set forth in a written instrument signed by the party to be bound thereby
40. ure port 389 for LDAP connection and 636 for LDAP SSL connection are properly configured at Main Menu gt Control Panel gt Router Configuration or Firewall To enable Directory Server 1 Click Settings on the left panel and then tick Enable LDAP Server 2 Inthe FQDN Fully Qualified Domain Name field specify tne domain name for the LDAP database 3 Enter the password of Bind DN see below in the Password field 4 Click Apply G Directory Server E F F F Management 4 Backup and Restore M Enable LDAP Server User FQDN Idap synology com Confirm password Authentication Information Base DN dc ldap de synology dc cam Bind DM UWid root cn users dc Idap dc synology dc com When the setup is complete you can see the following information of your Directory Server in the Authentication Information section Base DN The distinguished name for Directory Server s LDAP database This is generated from the specified FQDN For example if the FQDN is Idap synology com its Base DN will be dc ldap dc synology dc com Bind DN The distinguished name for LDAP s root For example if the Base DN of the LDAP database is dc Idap dc synology dc com then the Bind DN of root will be uid root cn users dc Idap dc synology dc com If LDAP clients want to bind to your Directory Server they should specify the Base DN to connect to the LDAP database and then authorize with the Bind DN of root or an LDAP administ
41. vice 15 Synology Directory Server User s Guide 3 In the dialog that appears do the following a Click New b In the expanded list of LDAP servers enter the name or IP address of the DiskStation that hosts Directory Server and then choose RFC2307 from the drop down menu If you see a message prompting you to enter search DN suffix click OK first c Click OK Location Automatic Hide Options b Enable Configuration Name Server Name or IP Address SynoPM fileserver synology com RFC2307 click Teie um Contacts ______ Choose where to search for user authentication information F Local Default Drag directory domains into your preferred order for searching il EE a Click the lock to prevent further changes 2 Apply Chapter 2 Join LDAP Clients to Directory Service 16 Synology Directory Server User s Guide 5 Click Add to add the account system LDAPv3 Directory Server Address Your Mac s Directory Utility will use the account system to search and retrieve the information of LDAP users and groups from the LDAP database Directory Utility y Directory Editor gt Please select additions to the custom search policy from the list of available directory domains below _ LDAPv3 fileserver sync 6 Click Apply in the Directory Utility window to apply the settings 7 Return to Login Options on the Users amp Group preference pane and

Synology Directory Server User`s Guide

Contents

Download Pdf Manuals

Related Search

Related Contents