NGAF Synology Ldap Server Authenticaion Configuration Questions

Newbie635217 Lv1Posted 2024-Jan-24 16:56

"External Auth Server - test Validity" was successfully completed and "Ldap User Sync - Sync now" was successfully completed.
I still can't see the Local user. I need help.

If configured as "other ldap type", only the pwpolices group is created and the user is not visible.
For all other “ldap types”, sync failed occurs.

Ldap server is based on Synology NAS

This error logs.
[loghead]
mode=ou
autosync=0
result=success
name=Sync
desc=
datetime=Wed Jan 24 16:09:31 2024

syn type: Organizational Unit
rule name: Sync
rule description:
execute result: Succed
date: Wed Jan 24 16:09:31 2024
[Group added]:
    /pwpolicies/
[Extra Infomations]:
    Notify user config changed to [authd],[singress],[fluxstat]
    Notyfy org config changed, execute fluxctrlapp

jerome_itable has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

You may try these:

1. Verification of LDAP Configuration:

    Double-check LDAP settings: Meticulously review the LDAP configuration in NGAF, ensuring:
        Correct server address, port, base DN, and bind credentials.
        Accurate mapping of LDAP attributes to NGAF user fields.
        Appropriate authentication methods and security settings.
    Test LDAP connectivity: Use tools like ldapsearch or the NGAF's built-in LDAP testing functionality to verify successful communication with the Synology LDAP server.

2. Exploration of Synology LDAP Server Logs:

    Examine logs for clues: Analyze logs on the Synology LDAP server for any errors or warnings that might shed light on the synchronization issue.
    Ensure user visibility: Verify that the users you expect to be synced are present and visible in the LDAP server's directory.

3. Scrutiny of NGAF Sync Logs:

    Review sync logs: Carefully review the NGAF sync logs for more specific details about the synchronization process and any potential errors, paying close attention to:
        User accounts being processed.
        Reasons for sync failures (if any are indicated).

4. Troubleshooting for Specific LDAP Types:

    "Other LDAP Type":
        Investigate configuration limitations or compatibility issues with this type.
        Experiment with different settings or try using a more specific LDAP type if available.
    Other "LDAP Types":
        Analyze sync failure messages for clues about specific configuration errors.
        Double-check compatibility between NGAF and the Synology LDAP server for those types.

5. Engagement with Sangfor Support:

    Seek assistance: If the issue persists after thorough troubleshooting, reach out to Sangfor technical support for further guidance. Provide them with:
        Detailed information about your configuration.
        Specific error messages.
        Relevant logs from both NGAF and the Synology LDAP server.

Additional Tips:

    Configuration Comparison: If possible, compare your configuration with a known working setup for Synology LDAP integration with NGAF.
    Community Forums: Explore Sangfor community forums or support forums for insights from other users who have encountered similar issues.
    Temporary Workaround: If immediate access to local users is critical, consider temporarily creating them directly in NGAF until a permanent solution is found.
Is this answer helpful?
Farina Ahmed Lv5Posted 2024-Jan-30 15:02
  
It seems that you have successfully completed the External Auth Server test and the LDAP User Sync, but are facing issues with visibility of local users on the Synology NAS configured with an LDAP server. You've mentioned that when configured as "other ldap type," only the "pwpolicies" group is created, and the user is not visible. For other LDAP types, sync failures occur. The provided error logs indicate a successful sync with the creation of the "pwpolicies" group. However, the user might not be visible due to a potential configuration mismatch or issue. You should carefully review your LDAP configuration settings, ensuring that the LDAP server type, search base, and user filter are correctly specified. Additionally, check for any error messages or warnings during the sync process that might provide insights into the cause of the sync failures. It's also advisable to verify that the LDAP server on the Synology NAS is running and accessible.
Enrico Vanzetto Lv4Posted 2024-Jan-30 18:48
  
Hi, on your Synology ldap, can you retrieve the distinguished name about group that contains the users you want to import? Try specify the distinguished name on ngaf ldap server configuration and try to resync users.
Tayyab0101 Lv2Posted 2024-Jan-30 20:39
  
I think LDAP integration is completed but there is some problem to access them in synology.
try a rsync and it will resolve the problem. as apparently it seems there is no problem in syncing.
jerome_itable Lv3Posted 2024-Jan-31 08:54
  
You may try these:

1. Verification of LDAP Configuration:

    Double-check LDAP settings: Meticulously review the LDAP configuration in NGAF, ensuring:
        Correct server address, port, base DN, and bind credentials.
        Accurate mapping of LDAP attributes to NGAF user fields.
        Appropriate authentication methods and security settings.
    Test LDAP connectivity: Use tools like ldapsearch or the NGAF's built-in LDAP testing functionality to verify successful communication with the Synology LDAP server.

2. Exploration of Synology LDAP Server Logs:

    Examine logs for clues: Analyze logs on the Synology LDAP server for any errors or warnings that might shed light on the synchronization issue.
    Ensure user visibility: Verify that the users you expect to be synced are present and visible in the LDAP server's directory.

3. Scrutiny of NGAF Sync Logs:

    Review sync logs: Carefully review the NGAF sync logs for more specific details about the synchronization process and any potential errors, paying close attention to:
        User accounts being processed.
        Reasons for sync failures (if any are indicated).

4. Troubleshooting for Specific LDAP Types:

    "Other LDAP Type":
        Investigate configuration limitations or compatibility issues with this type.
        Experiment with different settings or try using a more specific LDAP type if available.
    Other "LDAP Types":
        Analyze sync failure messages for clues about specific configuration errors.
        Double-check compatibility between NGAF and the Synology LDAP server for those types.

5. Engagement with Sangfor Support:

    Seek assistance: If the issue persists after thorough troubleshooting, reach out to Sangfor technical support for further guidance. Provide them with:
        Detailed information about your configuration.
        Specific error messages.
        Relevant logs from both NGAF and the Synology LDAP server.

Additional Tips:

    Configuration Comparison: If possible, compare your configuration with a known working setup for Synology LDAP integration with NGAF.
    Community Forums: Explore Sangfor community forums or support forums for insights from other users who have encountered similar issues.
    Temporary Workaround: If immediate access to local users is critical, consider temporarily creating them directly in NGAF until a permanent solution is found.
Newbie056550 Lv1Posted 2024-Oct-22 12:01
  
Short-Term Fix: In the absence of a more long-term solution, you may want to think about making local users in NGAF for the time being if you really need access to them right now.

I Can Help:

Change

Moderator on This Board

11
8
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
138
3

Started Topics

Followers

Follow

Board Leaders