H
Homarr4mo ago
Demens

[Solved][Synology Directory Server]

Hey all - is someone able to post his dockercompose with a synology Ldap connection? Because i tried to figured it out why homarr dont want to connect. But i have no idea. My Stuff: Synology Box with running Synology Active Directory. Homarr Latest Version on Docker. environment: AUTH_PROVIDER: ldap,credentials AUTH_LDAP_URI: ldap://domainip:389 AUTH_LDAP_BASE: dc=domain,dc=local #Same as LLDAP_LDAP_BASE_DN AUTH_LDAP_BIND_DN: cn=admin,dc=domain,dc=local AUTH_LDAP_BIND_PASSWORD: adminpass #Same as LLDAP_LDAP_USER_PASS AUTH_LDAP_SEARCH_SCOPE: sub AUTH_LDAP_USERNAME_ATTRIBUTE: uid But it dont wanna connect. So if someone has a working compose settings what ever . to connect to a synology server. it will help a lot.
Solution:
IMPORTANT Password: Dont use Special Symbols in your password for the Domain User *Solution...
Jump to solution
39 Replies
Cakey Bot
Cakey Bot4mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Serenaphic
Serenaphic4mo ago
Please provide a your logs
Demens
DemensOP4mo ago
@Tag thanks for your attation. i cant recive any logs because they are all empt:
No description
Demens
DemensOP4mo ago
Exporting hostname... Migrating database... yarn run v1.22.19 $ ts-node ./migrate.ts Done in 3.41s. Starting production server... Listening on port 7575 url: http://XXXXXXXX:7575 user Administrator is trying to log in using LDAP. Connecting to LDAP server... ERROR Invalid username or password ℹ Local icons repository directory exists and contains 0 icons ℹ Saving updated configuration of 'Mitarbeiter' config. ℹ Saving updated configuration of 'Kunden' config." are
Serenaphic
Serenaphic4mo ago
Error at the first stage, this means that 3 things can be wrong: URI, BIND_DN and/or BIND_PASSWORD. The bind DN must be for an existing admin user with some level of LDAP management permissions, and the bind password must be the password for that admin account. Also make sure that homarr has access to the ldap server. if they are not on the same birdge or host networking, they might not be able to see each other.
Demens
DemensOP4mo ago
thanks but i using all the settins and passwords from other dashboard or ecodms or some other tools that are connect to ldap. external also dont works
Serenaphic
Serenaphic4mo ago
You're using lldap? not sure how you got it working using that base dn but the way we recommend in the docs goes like this:
AUTH_LDAP_BIND_DN="uid=admin,ou=People,dc=example,dc=com"
AUTH_LDAP_BIND_DN="uid=admin,ou=People,dc=example,dc=com"
Make sure you replace admin with whatever user you're trying to use as admin that is linked to the password you've entered The example and the whole developpement process of the ldap integration used LLDAP to begin with so it's pretty safe to use the example to the letter (Seeing how your config does look very similar to the example though, I do assume you would have changed the appropriate parameters but might have missed a little thing, like using "uid" instead of "cn". Not sure ou=People matters a lot, but better leave it in there) btw I can already tell that your user search might fail, don't modify the scope. The default is already tailored for LLDAP.
Demens
DemensOP4mo ago
i just using the Active Directory Controler form den Synology System. i useing the same settings like for my other ACDC Applikations. Its looking simular to example. also tried other settings.
Demens
DemensOP4mo ago
Domain | Synology Directory Server - Synology Knowledge Center
Synology Knowledge Center offers comprehensive support, providing answers to frequently asked questions, troubleshooting steps, software tutorials, and all the technical documentation you may need.
Serenaphic
Serenaphic4mo ago
Well, what I first said still stands. One of the 3 elements is incorrect: BIND_DN, BIND_PASSWORD or URI. URI: link to your ldap server prepend by "ldap://" (adding the port "389" might not even be needed as the protocol already takes care of that as the default, only a different port requires it, but for testing it's preferable to keep it) BIND_DN: Can depend slightly on your setup, but it usually goes like this cn=admin,dc=example,dc=com where admin is basically the user you would use to manage your ldap server. very top level. It's needed to query the ldap server of the existence of the user that is trying to login. "example" and "com" should be replace by your own domain and tld, but might vary depending on the structure. Don't leave it as is in the env var. BIND_PASSWORD: The password for the admin account mentionned in the BIND_DN. If the 3 are correct and you are really adament it is, then the only thing left is that homarr cannot establish a connection with the server to begin with and you should check you network settings I'll take a look at the docs you sent to see if I see anything special about the setup. In the meanwhile, Try retyping the 3 vars manually yet again. I know it seems like madness but it happened so many times before that there's just that one almost invisibile char that is wrong
Serenaphic
Serenaphic4mo ago
is this applicable to your case? https://kb.synology.com/en-br/DSM/help/DirectoryServer/ldap_server?version=7 Your link doesn't seem to provide any ldap information at first glance, but there's this dedicated ldap page right here that gives all the proper information
Set Up LDAP Server | LDAP Server - Synology Knowledge Center
Synology Knowledge Center offers comprehensive support, providing answers to frequently asked questions, troubleshooting steps, software tutorials, and all the technical documentation you may need.
Demens
DemensOP4mo ago
Hey there. I runng a Directory Server
Demens
DemensOP4mo ago
Synology Directory Server - Synology Knowledge Center
Synology Knowledge Center offers comprehensive support, providing answers to frequently asked questions, troubleshooting steps, software tutorials, and all the technical documentation you may need.
Demens
DemensOP4mo ago
So i also tested if the homaar docker can connect to the DC, so over shell iam able. But no Settings in the env. works to connect to the DC . version: "3.9" services: homarr: container_name: Homarr image: ghcr.io/ajnart/homarr:latest mem_limit: 4g cpu_shares: 768 security_opt: - no-new-privileges:true restart: on-failure:5 ports: - 4755:7575 volumes: - /volume1/docker/homarr:/app/data/configs:rw - /volume1/docker/homarr/data:/data:rw - /volume1/docker/homarr/icons:/app/public/icons:rw - /var/run/docker.sock:/var/run/docker.sock environment: AUTH_PROVIDER: ldap,credentials AUTH_LDAP_URI: ldap://192.168.200.3:389 AUTH_LDAP_BASE: "dc=HERE,dc=local" AUTH_LDAP_BIND_DN: "CN=Administrator,CN=Users,dc=HERE,dc=local" AUTH_LDAP_BIND_PASSWORD: "SUPERSECRET" AUTH_LDAP_USERNAME_ATTRIBUTE: "sAMAccountName" AUTH_LDAP_USER_MAIL_ATTRIBUTE: "sAMAccountName" AUTH_LDAP_GROUP_CLASS: "group" AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: "member" AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: "dn" AUTH_LDAP_ADMIN_GROUP: "Administrators" AUTH_LDAP_OWNER_GROUP: "Administrators" AUTH_LDAP_SEARCH_SCOPE: "sub" AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: "(sAMAccountType=805306368)" TZ: Europe/Berlin # Aktivierung der Debug-Logs DEBUG: "true" So thats my config. It dont work either that i have setup other docker with the same Active Directory and all of them works. But Homarr dont work. What ever i tried what ever i setup. No reaktion. i have installed ldap search on the container to test out if i can connect over shell. Yeah it works. but over ENV nothing. the bad part ist that homarr dont send out any kind of issues. My result is that homarr dont work with DC. please correct me with the right config if you mean it works.
Serenaphic
Serenaphic4mo ago
Hey, thanks for sending out more info. the thing is, it is sending the amount of info it should for the security it needs. I did give out the exact info of what the problem is, the step, and the affected values. MAy I ask, do you use non UTF-8 chars in the password? "öäüéàèß" or others? We had a problem recently with that on the username and I had to make a special translation layer for it
Demens
DemensOP4mo ago
yeah also tried simple user TESTADMIN TESTPASSWORD nothing change. it looks that homarr dont wanna connect to the Direcotry Server . But over shell command it works " ldapsearch -H ldap://192.168.200.3:389 -D "[email protected]" -W -b "dc=HERE,dc=local - i recive the whole domain informations.
Serenaphic
Serenaphic4mo ago
Could you try a search using the bind_DN instead?
Demens
DemensOP4mo ago
AUTH_LDAP_BIND_DN: "[email protected]" you mean that part ?
Serenaphic
Serenaphic4mo ago
This
AUTH_LDAP_BIND_DN: "CN=Administrator,CN=Users,dc=HERE,dc=local"
AUTH_LDAP_BIND_DN: "CN=Administrator,CN=Users,dc=HERE,dc=local"
try that in ldapsearch
Demens
DemensOP4mo ago
No description
Demens
DemensOP4mo ago
yeah both way over the shell works. it must be somethink with homarr config. but without debug mode im homar or a full log file. i dont know for what i need to search.
Serenaphic
Serenaphic4mo ago
Look, this is the code. It tries to login the admin first using the bind_dn and the bind_password. That's the first step and it's not going over it. For obvious security reasons, we can't log all the extra information on a production environment. I can try to make you a test image with extra (unsecured) logging, but I won't have any more info than that to offer afterwards.
No description
Serenaphic
Serenaphic4mo ago
Alright, You can try "SeDemal/homarr:41" now It'll have more logs in the error message. Whatever you get there will be the last bit of info I'll be able to give you, there's quite literally no other way to get more than that. Once you've found the issue, if you ever do, I strongly recommend to get back to the normal version since the extra logs are not safe.
Demens
DemensOP4mo ago
hey , first i must thanks . That you spend time on this issue. Thats pretty awesome. Thank 2. this ist the log when i click on ldap connect : Listening on port 7575 url: http://TEGE01:7575 user is trying to log in using LDAP. Connecting to LDAP server... Connection established. Searching User... ERROR must either provide a buffer via raw or some value at new EqualityFilter (node_modules/@ldapjs/filter/lib/filters/equality.js:44:15) at parseExpr (node_modules/@ldapjs/filter/lib/string-parsing/parse-expression.js:52:14) at parseFilter (node_modules/@ldapjs/filter/lib/string-parsing/parse-filter.js:78:14) at parseFilter (node_modules/@ldapjs/filter/lib/string-parsing/parse-filter.js:49:15) at Object.parseString (node_modules/@ldapjs/filter/lib/string-parsing/parse-string.js:29:18) at Client.search (node_modules/ldapjs/lib/client/client.js:571:30) at .next/server/chunks/7534.js:46:16 at new Promise (<anonymous>) at ldapSearch (.next/server/chunks/7534.js:45:51) at Object.authorize (.next/server/chunks/7534.js:98:37) - So if your Domain User has Symbols like " !"§$%&/() " you recive errror : ERROR Invalid username or password. 49-InvalidCredentialsError:Invalid Credentials dont work: AUTH_LDAP_BIND_DN: "CN=Administrator,CN=Users,dc=HERE,dc=local" you need to use AUTH_LDAP_BIND_DN: "[email protected]" @Tag is there a premission Interface for dashboard. that i can add user to see the dashboard or not ?
Serenaphic
Serenaphic4mo ago
Wait, so you needed to set the bind DN to this active directory format? That worked? Yeah that's a limitation of ldap's certification though, and it seems the depenency taking care of ldap took that too seriously... (Active directory isn't ldap, so it kinda does as it wants to even if that goes out of ldap's limitations. Making Windows AD work was a pain) I had to make a whole function to make accents work, so special characters don't surprise me much (Although my accent function should make them work, so actually kinda surprising) Only in the new version that is set to come out, V1. Auth is all new in homarr and V1 really digs deep onto permissions. You'll be able to set permissions per board and per integration.
Demens
DemensOP4mo ago
version: "3.9" services: homarr: network_mode: "host" #use it if you wanna have host ip. container_name: Homarr image: ghcr.io/ajnart/homarr:latest #image: ghcr.io/sedemal/homarr:41 #TESTING SYSTEM with better logs. mem_limit: 4g cpu_shares: 768 security_opt: - no-new-privileges:true restart: on-failure:5 ports: - 4755:7575 volumes: - /volume1/docker/homarr:/app/data/configs:rw - /volume1/docker/homarr/data:/data:rw - /volume1/docker/homarr/icons:/app/public/icons:rw - /var/run/docker.sock:/var/run/docker.sock environment: AUTH_PROVIDER: ldap,credentials AUTH_LDAP_URI: ldap://DOMAINIP:389 AUTH_LDAP_BASE: "dc=DOMAINNAME,dc=local" AUTH_LDAP_BIND_DN: "[email protected]" AUTH_LDAP_BIND_PASSWORD: "DOMAINPASSWORD" AUTH_LDAP_USERNAME_ATTRIBUTE: "sAMAccountName" #AUTH_LDAP_USER_MAIL_ATTRIBUTE: "MAIL" #AUTH_LDAP_GROUP_CLASS: "group" #AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: "member" #AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: "dn" #AUTH_LDAP_ADMIN_GROUP: "Administrators" #AUTH_LDAP_OWNER_GROUP: "Administrators" AUTH_LDAP_SEARCH_SCOPE: "sub" #AUTH_LDAP_ENCRYPTION: NO #AUTH_LDAP_USERNAME_FILTER_EXTRA_ARG: "(sAMAccountType=805306368)" TZ: Europe/Berlin # activate Debug-Logs #DEBUG: "true"
Solution
Demens
Demens4mo ago
IMPORTANT Password: Dont use Special Symbols in your password for the Domain User *Solution DONT WORKS | AUTH_LDAP_BIND_DN: "CN=Administrator,CN=Users,dc=HERE,dc=local"
WORKS | AUTH_LDAP_BIND_DN: "[email protected]" NEEDED | AUTH_LDAP_SEARCH_SCOPE: "sub" to search any user
Demens
DemensOP4mo ago
@Tag THe " is missing in your example on https://homarr.dev/docs/advanced/sso/
🙋 Single Sign On | Homarr documentation
Homarr supports multiple authentication options, from internal userbase (credentials), to LDAP (with Active directory support), and OIDC.
No description
Demens
DemensOP4mo ago
yeah that and dont have special symbols in the administrator password. over the shell there is no issue with that. but over homarr it makes issues. Is there a option to test it or possible to get a pre release. All in All Tag - respect for your time , work and support lovely to see people doing that. You can be defintly proud of your self. Again many thanks for helping me. We figured it out - Directory is connectig and working. now only premission system for boards is misssing 🙂
Serenaphic
Serenaphic4mo ago
join the insiders and early adopters That's still weird though, I personally have special chars in my own password and it still works. Not sure what's that about thanks for pointing it out. I'll also add a note for the bind possibly having to be formatted as you've shown
Demens
DemensOP4mo ago
These are the symbol that i used " XXXX(-*X$^^/XXXX " and it dont work. Where i can find more informations ? And where is the donate button for thanking you for your help
Serenaphic
Serenaphic4mo ago
You can first get the insider role in #✨・roles You'll then have access to the insider channel where you can read a bit on early adoption. You can find it on the github page or at the bottom center of the http://homarr.dev docs page. Here's the link: https://opencollective.com/homarr
Demens
DemensOP4mo ago
Die Schweizer 🙂 Thanks
Serenaphic
Serenaphic4mo ago
Yeah 🙂 Thank you for the support ^^ Hey since you wanted to try out V1, could you test out LDAP with special chars? We're using a different dependency and it might be better for that kind of stuff
Demens
DemensOP4mo ago
@Tag sure . Let me check LDAP section. btw: Admin rights disappear after giving them to an LDAP user. This means that no LDAP user can obtain admin rights . This error is present in the LIVE version.
Serenaphic
Serenaphic4mo ago
Have you set the groups env vars properly?
Demens
DemensOP4mo ago
#AUTH_LDAP_ADMIN_GROUP: "Administrators" #AUTH_LDAP_OWNER_GROUP: "Administrators" you mean that it needed to have theese activate ?
Serenaphic
Serenaphic4mo ago
Yeah, and the group needs to correlate to an admin group
Demens
DemensOP4mo ago
Works. #AUTH_LDAP_GROUP_CLASS: "group" #AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: "member" needs to be activate to get the right admin role.
Want results from more Discord servers?
Add your server