Directory Clients

Features

  • Seamless integration with Windows AD, Azure AD Domain Service, and LDAP servers
  • Smooth access with Single-Sign-On (SSO) support
  • Intrinsic privilege settings to accommodate administration needs
  • Extensive integration to the Synology services

Specifications

  • Supports privilege settings of domain/LDAP users' and groups' access to shared folders and applications
  • Supports limiting transfer rates of DSM services used by domain/LDAP users and groups
  • Supports home folders for domain/LDAP users
  • Domain client
    • Supports trusted domains
    • Supports joining to a domain with a read-only domain controller (RODC)
    • Supports assigning up to 10 domain groups to become local administrator groups
    • Allows administrators to specify DC IP/FQDN, domain NetBIOS, and domain FQDN
  • LDAP client
    • Supports OpenLDAP, IBM Lotus Domino, and user-defined server profiles
    • Supports nested groups and UID/GID shifting
    • Based on LDAP version 3 (RFC2251)
  • SSO client
    • Supports Integrated Windows Authentication
    • Supports Synology SSO Server
    • Supports SSO servers using the OpenID Connect protocol, including Microsoft Azure AD Domain Service and IBM WebSphere
  • Apps supporting domain/LDAP users
    • SMB
    • FTP
    • WebDAV
    • File Station
    • Network Backup
    • Cloud Station
    • Cloud Sync
    • Audio Station
    • Video Station
    • Mail Service
    • Surveillance Station
    • Personal Web Station
    • Photo Station
    • VPN Server
    • Note Station
    • Synology Drive
    • Moments

Limitations

  • Domain/LDAP users and groups do not support special characters "[{}|^[]?=:+/*()$!"#%&',;<>@`~]"
  • LDAP users and groups can only use integers for their unique IDs
  • Synology LDAP client can only join an LDAP directory with the support of Samba schema. NT Password is required for accessing LDAP services via the SMB protocol
  • Synology LDAP client uses objectClass posixAccount for users and objectClass posixGroup for groups by default. If your LDAP server does not support posixAccount or posixGroup, please set up a profile to map the attributes correctly:
    • User name: posixAccount - uid
    • User ID: posixAccount - uidNumber
    • Group name: posixGroup - cn
    • Group ID: posixGroup - gidNumber