See Using JumpCloud's LDAP-as-a-Service for the following Prerequisites:
- An LDAP binding user and its distinguished name (DN): uid=LDAP_BINDING_USERNAME,ou=Users,o=YOUR_ORGANIZATION_ID,dc=jumpcloud,dc=com
- Your LDAP binding user's password
- Your LDAP search base, of the form: ou=Users,o=YOUR_ORGANIZATION_ID,dc=jumpcloud,dc=com
For end-users accessing the Synology NAS Appliance using the Web Interface (DSM), the Synology Drive Application, or the AFP protocol, those Users are required to be "Enabled as an LDAP Bind DN" within JumpCloud (please see the LDAP-as-a-Service document listed above for details on how to configure this from the Administrator Portal). This added configuration will allow those Users to search other objects within the LDAP Directory, which is required per recent Synology implementations.
Configuring LDAP1. Log into the Synology DSM as an admin.
2. Open the Control Panel
3. Select Advanced Mode
4. Select the Domain/LDAP control panel
5. Make the LDAP settings look like the following (for "Base DN", use your full JumpCloud search base):
6. Enter your the full DN of your LDAP binding user, and its password. JumpCloud recommends using a special user account for this, so that you can change the password easily later without affecting other LDAP service clients.
7. You should now see your JumpCloud users in the LDAP Users tab:
8. To leverage LDAP Groups, see Creating LDAP Groups, those groups will be reflected as a group here:
NOTE: In order for the NAS to recognize LDAP Groups, a 'Group of Users' created within the JumpCloud Administrative Portal, MUST be created as a Linux Group with a unique "Name" and "GID Number" as well as being enabled for "Samba Authentication".