Skip to main content
sanderl
sanderl
New Member
November 16, 2015
Question

LDAP (v3) with Synology Directory Server (LDAP) error "LDAP Tree Data cannot be loaded"

  • November 16, 2015
  • 2 replies
  • 15781 views

I can succesfully add my Synology NAS server as an LDAP server. But when "fetching DN" or trying to add LDAP groups is gives an error "LDAP Tree data can not be loaded".

 

The FortiGate unit supports LDAP protocol functionality defined in RFC 2251: Lightweight Directory Access Protocol v3, for looking up and validating user names and passwords. FortiGate LDAP supports all LDAP servers compliant with LDAP v3, including FortiAuthenticator. In addition, FortiGate LDAP supports LDAP over SSL/TLS, which can be configured only in the CLI.

Synology Directory Server is an add-on package based on LDAP version 3 (RFC2251) that allows your Synology NAS to become an account administration center to centralize the account management of all connecting clients, and provides authentication service for them.

 

Synology is locally connected.

 

Configuration:

config user ldap

edit "domain.local"

set server "192.168.1.99"

set cnid "cn"

set dn "dc=domain,dc=local"

set type regular

set username "uid=root,cn=users,dc=domain,dc=local"

set password ENC Password(encrypted)

next

end

 

Also tried lots of CN's (sAMAccountName, UID, etc.)

 

I can succesfully browse (also anonymous) via LDAPAdmin (ldapadmin.org)

And in FortiGate "test" is "succesfull".

 

FortiOS v5.2.4,build688 (GA)

 

Anyone familiar with connecting to openLDAP (other then AD)?

    2 replies

    wedda
    wedda
    New Member
    February 2, 2016

    Hi

     

    I had the same issue with Synology NAS a couple of years ago and I'm sorry to say I never got it resolved. I created a Linux LDAP server in its place using DS389, which I'm still using now. FW has no trouble talking to that. I expect that not the answer you wanted, but hopefully it will save you some time.

     

     

    sanderl
    sanderlAuthor
    New Member
    February 2, 2016

    According to Fortinet it's a bug.

     

    On 8 january 2016 this problem has been identified as a bug. Bug number: 0239224 issue reported already which should be fixed in next releases. I have asked several times when but I then get a vague answer "somewhere in the coming release.

     

    I find it hard to beleive Frotinet claims:

     

    The FortiGate unit supports LDAP protocol functionality defined in RFC 2251: Lightweight Directory Access Protocol v3, for looking up and validating user names and passwords. FortiGate LDAP supports all LDAP servers compliant with LDAP v3, including FortiAuthenticator. In addition, FortiGate LDAP supports LDAP over SSL/TLS, which can be configured only in the CLI. And then Synology says: Directory Server is an add-on package based on LDAP version 3 (RFC2251) that allows your Synology NAS to become an account administration center to centralize the account management of all connecting clients, and provides authentication service for them.

     

    And then Fortinet identifies a bug... thus...

    gcraenen
    gcraenen
    New Member
    May 3, 2019

    I'v found this thread from a few years ago. Sorry to see that this is still not resolved in the latest FortiOS 6.04.

    mgboul
    mgboul
    New Member
    January 28, 2022

    Hello To configure your ldap server on fortigate here is the config to add.

    Take care to the xommon name identifier (uid and not cn ).

    Hope it will help for others.

    Configuration for FortiGate GUI

    • Common Name Identifier = uid
    • Distinguished Name = cn=users,dc=myserver,dc=mydomain,dc=com
    • Bind Type = Simple
      Terms & ConditionsAccessibility statement