Synology join LDAP domain: failed to load user data

Question

I'm currently trying to setup SSO on a synology nas using Keycloak and ApacheDS. I've successfully joined the domain and can finally see all users and groups in the directory and I can edit the groups just fine. But I can't edit any of the users because of some nondescript error message Failed to load the user data.

I've joined my ldap with the following custom profile:

filter:
passwd = (objectClass=inetOrgPerson)
group = (objectClass=groupOfNames)

group:
cn = cn
gidNumber = HASH(cn)
memberUid = member

passwd:
uidNumber = HASH(uid)
uid = uid
userPassword = userPassword
gidNumber = HASH(memberOf)

Here is the test user i'm trying to edit (the password is SSHA hashed, because it won't let me set a cleartext password?)

objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Test
sn: User
mail: test@domain.com
uid: test
userPassword:: e1NTSEF9c0xaU3NETmwxK3FpLzlDVFRFL1FaVDJUb2NRUTJFYnZnR3VQRVE9P
 Q==

The logs don't show anything, any idea what is going wrong?

Answer 1

Turns out that Synology requires the memberOf-Overlay attribute, which ApacheDS does not support. Switching to OpenLDAP and configuring the overlay fixed my problems.

Also, the gidNumber is for the user group, not for the group the user is part of and should be HASH(cn) or HASH(uid).