I have a simple home network consisting of (for now) a Fedora 35 desktop and Synology NAS. I'm trying to join the NAS to my ldap domain that I configured on my desktop. I received help from Synology in how to configure the NAS, but I think my openldap server configuration has problems, at least that's what I'm assuming for now. Most of my problems come from lack of understanding of openldap, and confusing information found online. In any case, I used the information found on
this page to configure the server side, substituting "aquila" for "srv" and "test" for "world" in the configuration files. I also used the
link found in the instructions to generate an SSL certificate and then continue to configure slapd for SSL/TLS. Synology has
vague instructions on connecting to the server, but as I said, they helped me with this end, but of course can't help me with the server configuration. According to Synology, the password encryption to use would be SSL/TLS (which is not shown on the instructions) and that I would have to upload a certificate and key. Now I tried this by uploading the server certificate and server key and I kept getting a failure. I'm also not sure what to use for the "Bind DN or LDAP admin account" but I've tried various permutations involving something like "uid=root,cn=users,dc=aquila,dc=test" with no luck. I keep getting the same error (shown below). I also began thinking that there was a problem with my certificate, so I followed the instructions I found on
another site that answered a question specific to home networks, and again I kept getting the same failure. On this page, the instructions are to use the "rootca.crt" certificate, but it doesn't mention which key to use, which seems to be required by the NAS. In any case, the error I keep getting on the server end is:
Feb 27 16:04:01 fedora slapd[674034]: conn=1014 fd=13 ACCEPT from IP=192.168.1.61:57876 (IP=0.0.0.0:636)
Feb 27 16:04:01 fedora slapd[674034]: conn=1014 fd=13 closed (TLS negotiation failure)
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 fd=13 ACCEPT from IP=192.168.1.61:57878 (IP=0.0.0.0:636)
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 fd=13 TLS established tls_ssf=256 ssf=256
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 op=0 BIND dn="uid=root,cn=users,dc=aquila,dc=test" method=128
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 op=0 RESULT tag=97 err=49 text=
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 op=1 UNBIND
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 fd=13 closed
Feb 27 16:04:02 fedora slapd[674034]: conn=1016 fd=13 ACCEPT from IP=192.168.1.61:57880 (IP=0.0.0.0:636)
Feb 27 16:04:02 fedora slapd[674034]: conn=1016 fd=13 closed (TLS negotiation failure)
I've tried many different permutations with no luck. The "TLS negotiation failure" seems to me to indicate problem somewhere with the certificate, but again my ignorance hinders me. Does anyone have an hints of what to try next? Thanks!