Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LDAP authentication support

    Scheduled Pinned Locked Moved General pfSense Questions
    30 Posts 7 Posters 25.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sullrich
      last edited by

      Get in touch with me on freenode, handle is GeekGod.

      Good work!

      1 Reply Last reply Reply Quote 0
      • J
        Juve
        last edited by

        Ok ;-)

        So after many tests, LDAP authentication works with :

        • openLDAP
        • Fedora Directory Server (FDS=sunone)
        • Active Directory (W2K3)
        1 Reply Last reply Reply Quote 0
        • S
          sullrich
          last edited by

          Next step is to integrate Auth for the web interface, then move on to captive portal, pppoe and such.  It actually should be pretty easy to do these portions.

          1 Reply Last reply Reply Quote 0
          • J
            Juve
            last edited by

            Yes, and also to have php compiled with the ldap support on the next pfsense release ;-)

            1 Reply Last reply Reply Quote 0
            • S
              sullrich
              last edited by

              No problem.

              1 Reply Last reply Reply Quote 0
              • J
                Juve
                last edited by

                I saw on the CVS track timeline that compilation wasn't ok. What's up ? what is the problem ? Can we repair it ?

                1 Reply Last reply Reply Quote 0
                • S
                  sullrich
                  last edited by

                  Cannot compile LDAP in as static.

                  Will address after the 1.0 release.

                  1 Reply Last reply Reply Quote 0
                  • J
                    Juve
                    last edited by

                    Ok, contact me as soon as it is available ;-)

                    1 Reply Last reply Reply Quote 0
                    • J
                      Juve
                      last edited by

                      Hi ;-)

                      I have made a new version of the LDAP authentication function that allow the admin to specify a list of groups (memberOf in LDAP) where the authorized users should be.
                      In fact I wrote it because of Active Directory, it is easier for the admin to create a group and put authorized users into than creating a whole new OU.

                      So now, the admin of the Active directory can tell the function that only the "managers" and "business people" groups (of the OU of their dreams) can authenticate through the captive portal.

                      Tell me if you are interested Scott ;-)

                      1 Reply Last reply Reply Quote 0
                      • A
                        aldo
                        last edited by

                        it sounds great do we think it will be compatable with openldap

                        1 Reply Last reply Reply Quote 0
                        • H
                          hoba
                          last edited by

                          @Juve:

                          Ok ;-)

                          So after many tests, LDAP authentication works with :

                          • openLDAP
                          • Fedora Directory Server (FDS=sunone)
                          • Active Directory (W2K3)

                          I guess you have missed that message  ::)

                          1 Reply Last reply Reply Quote 0
                          • S
                            sullrich
                            last edited by

                            @Juve:

                            Hi ;-)

                            I have made a new version of the LDAP authentication function that allow the admin to specify a list of groups (memberOf in LDAP) where the authorized users should be.
                            In fact I wrote it because of Active Directory, it is easier for the admin to create a group and put authorized users into than creating a whole new OU.

                            So now, the admin of the Active directory can tell the function that only the "managers" and "business people" groups (of the OU of their dreams) can authenticate through the captive portal.

                            Tell me if you are interested Scott ;-)

                            Sounds great.  When are you going to start integrating with pfSense? :)

                            1 Reply Last reply Reply Quote 0
                            • J
                              Juve
                              last edited by

                              I will start it as soon as possible. First of all, I need to see how pfsense saves settings, then I will do the mfc changes, then I will call on you to build a release with php+ldap :-D

                              Let's go to work :-D

                              1 Reply Last reply Reply Quote 0
                              • J
                                Juve
                                last edited by

                                That's done ;-)

                                I've modified the captive_portal page too, in order to use my function. Next step is LDAP support for Php ;-)

                                Pfsense roxxx !

                                1 Reply Last reply Reply Quote 0
                                • H
                                  hoba
                                  last edited by

                                  Awesome! You rock too  ;D

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    Guest
                                    last edited by

                                    All of you guys rock.  Even billm.

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      billm
                                      last edited by

                                      @submicron:

                                      All of you guys rock.  Even billm.

                                      Nah, I don't rock, I stone.

                                      –Bill

                                      pfSense core developer
                                      blog - http://www.ucsecurity.com/
                                      twitter - billmarquette

                                      1 Reply Last reply Reply Quote 0
                                      • W
                                        wjoyce
                                        last edited by

                                        Curious to know what the time frame is on LDAP support and what will be supported.  May I humbly suggest a FAQ just on LDAP support?

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          sullrich
                                          last edited by

                                          1.1.  Not for a LONNNNNG time.

                                          1 Reply Last reply Reply Quote 0
                                          • W
                                            wjoyce
                                            last edited by

                                            What are the issues?  I would like to help out on this front if I am capable.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.