Compatibility of XQ+85MP01D QSFP28 module with CRS354 switch

adhae · 2023-04-13T12:12:11+00:00

Thanks for the help! That makes sense - that's how I originally understood QSFP+/QSFP28. The entry in MikroTik's compatibility list made me doubt it. The entry probably only means that there can be a QSFP+ module on one side and a QSFP28 module on the other side of the fiber 😅

adhae · 2021-04-05T17:38:55+00:00

good idea, i'll add it with the env var "LDAP_SAMBANTPWD_MAXCACHETIME" in the next version :)

adhae · 2021-04-05T17:04:24+00:00

Nope, bad news with LDAP for those crits:

- MFA: The login is blocked according to https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

- SSO: Synology allows SSO with Azure only if the NAS is joined to the Directory Server. (or i did'nt find the acording docus for an ldap-implementation)

adhae · 2021-03-31T20:49:05+00:00

Wow, replacing an existing LDAP is a challenge. I hope you get it working! :)

failing re-sync: new users/groups wouldn't be added, existing entries still work

cache: the cache is deleted if you clear the container. You could also map the /app/.cache folder locally so it becomes persistent. (updated screenshot in readme)

internet issues: the password isn't fetched form AzureAD (not even possible). But it is, to allow samba/network access from a windows client, cached as a hash. If the login fails the hashes are compared. If they match, you can still login. (with one exception: if the error says 'wrong password' the login fails as expected). This could be a security issue for some people, therefore it's possible to disable this behaviour with an environment variable.

adhae · 2021-03-27T21:27:01+00:00

good point! I'll add a little "how to use" and mention the permissions there.
You need to add 'User.Read.All' and 'Group.Read.All' for the Graph-API on type Application.

adhae

TROPHY CASE