Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User Manager and LDAP-Groups

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snowyrain
      last edited by

      Hello,

      I can not use LDAP groups. The ldap authentication works, but there is no mapping of the LDAP-Groups. When I try the "Diagnostics: Authentication Tool", the User authenticated successfully. But there are no Groups.
      I took many screenshots of the settings, maybe it helps. Please help me.

      Have a nice day!

      Samuel
      Here I get no groups

      Settings




      LDAP Browser


      1.png
      1.png_thumb
      2.png
      2.png_thumb
      3.png
      3.png_thumb
      4.png
      4.png_thumb
      5.jpg
      5.jpg_thumb
      6.png
      6.png_thumb
      7.png
      7.png_thumb
      8.jpg
      8.jpg_thumb
      9.png
      9.png_thumb

      1 Reply Last reply Reply Quote 0
      • S
        snowyrain
        last edited by

        Hello,

        I found the reason in the file auth.inc.
        I have created a patch. All "objectClass=posixGroup" are searched by the attribut memberUid. Perhaps there should be a possibility to set "objectClass=posixGroup" and "memberUid" on the web gui.

        Greetings

        Snowyrain

        ldap_groups.patch.txt

        1 Reply Last reply Reply Quote 0
        • R
          rajatag
          last edited by

          Hello,

          I'm facing similar problems in setting up LDAP authentication on the captive portal (pfsense 2.0.1).

          I applied your patch but the diag_authentication.php page seems to call ldap_get_groups() function twice. Once for the admin user that is logged in and the second time for the user I'm trying to test.

          Also, I do not find any code in the php files that authenticate captive portal logins to the LDAP. Have you come across something similar?

          Was wondering if you can help in this.

          Regards,
          Rajat

          1 Reply Last reply Reply Quote 0
          • S
            snowyrain
            last edited by

            Hello rajatag,

            I don't use the captive portal. In the web-IF are only this options:

            WebCfg - Services: Captive portal page
            WebCfg - Services: Captive portal: Allowed IPs page
            WebCfg - Services: Captive portal: Allowed IPs page
            WebCfg - Services: Captive portal: Edit Allowed IPs page
            WebCfg - Services: Captive portal: Edit Allowed IPs page
            WebCfg - Services: Captive portal: Edit MAC Addresses page
            WebCfg - Services: Captive portal: File Manager page
            WebCfg - Services: Captive portal: Mac Addresses page
            WebCfg - Services: Captive portal Voucher Rolls page
            WebCfg - Services: Captive portal Vouchers page
            WebCfg - Status: Captive portal page
            WebCfg - Status: Captive portal test Vouchers page
            WebCfg - Status: Captive portal Voucher Rolls page
            WebCfg - Status: Captive portal Vouchers page

            So I don't think it is implmented in pfsense.

            @rajatag:

            Also, I do not find any code in the php files that authenticate captive portal logins to the LDAP. Have you come across something similar?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.