I have a simple home network consisting of (for now) a Fedora 35 desktop and Synology NAS. I'm trying to join the NAS to my ldap domain that I configured on my desktop. I received help from Synology in how to configure the NAS, but I think my openldap server configuration has problems, at least that's what I'm assuming for now. Most of my problems come from lack of understanding of openldap, and confusing information found online. In any case, I used the information found on this page to configure the server side, substituting "aquila" for "srv" and "test" for "world" in the configuration files. I also used the link found in the instructions to generate an SSL certificate and then continue to configure slapd for SSL/TLS. Synology has vague instructions on connecting to the server, but as I said, they helped me with this end, but of course can't help me with the server configuration. According to Synology, the password encryption to use would be SSL/TLS (which is not shown on the instructions) and that I would have to upload a certificate and key. Now I tried this by uploading the server certificate and server key and I kept getting a failure. I'm also not sure what to use for the "Bind DN or LDAP admin account" but I've tried various permutations involving something like "uid=root,cn=users,dc=aquila,dc=test" with no luck. I keep getting the same error (shown below). I also began thinking that there was a problem with my certificate, so I followed the instructions I found on another site that answered a question specific to home networks, and again I kept getting the same failure. On this page, the instructions are to use the "rootca.crt" certificate, but it doesn't mention which key to use, which seems to be required by the NAS. In any case, the error I keep getting on the server end is:

Feb 27 16:04:01 fedora slapd[674034]: conn=1014 fd=13 ACCEPT from IP=192.168.1.61:57876 (IP=0.0.0.0:636)
Feb 27 16:04:01 fedora slapd[674034]: conn=1014 fd=13 closed (TLS negotiation failure)
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 fd=13 ACCEPT from IP=192.168.1.61:57878 (IP=0.0.0.0:636)
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 fd=13 TLS established tls_ssf=256 ssf=256
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 op=0 BIND dn="uid=root,cn=users,dc=aquila,dc=test" method=128
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 op=0 RESULT tag=97 err=49 text=
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 op=1 UNBIND
Feb 27 16:04:02 fedora slapd[674034]: conn=1015 fd=13 closed
Feb 27 16:04:02 fedora slapd[674034]: conn=1016 fd=13 ACCEPT from IP=192.168.1.61:57880 (IP=0.0.0.0:636)
Feb 27 16:04:02 fedora slapd[674034]: conn=1016 fd=13 closed (TLS negotiation failure)

I've tried many different permutations with no luck. The "TLS negotiation failure" seems to me to indicate problem somewhere with the certificate, but again my ignorance hinders me. Does anyone have an hints of what to try next? Thanks!

After some help from Synology support, and some playing around, here is how to do it:

1. Follow instructions for server set-up found here. Make sure you substitute your domain name. Suggested domain name for home use, I found out is "home.arpa".

2. When prompted (step 5 on the previous page), set up certificate from these instructions.

3. Add users from instructions found here. Since we have two users on our home network, I just used the script in step 2.

4. On the synology nas, use control panel to launch gui to join the ldap domain. Follow instructions found here. If the server is set up as above, you need to enter "uid=Manager,dc=home,dc=arpa" for Bind DN and assuming the domain is named "home.arpa". Password encryption is SSL/TLS (assuming following instructions above), profiles is "Standard" and client certification needs to be enabled. Certificate and key are as created above in step 2. There is a minor complaint about SMB schema not being configured on the server, but I don't use it so I did not configure it. I just skipped this when it complained and I was able to join the nas to the domain.