PfSense 2.1 - LDAP group membership
-
Hi,
Can someone explain if the "Extended Query" option is to verify group membership?
If yes, how can i use it?
I've defined like this:
Authentication containers: ou=MYOU,dc=xpto,dc=pt;ou=PARTNERS,dc=xpto,dc=pt
Extended Query: CN=openvpn,CN=Users,DC=xpto,DC=ptBut it fails the authentication.
Doing a tcp capture the searchRequest goes like this:
Filter: (&(samaccountname=myuser)(CN=openvpn,CN=Users,DC=xpto,DC=pt))
Which is wrong.
-
i think a correct filter is:
(&(samaccountname=myuser)(memberOf=CN=openvpn,CN=Users,DC=xpto,DC=pt))
or if you use active directory and want to recursive search.
(&(samaccountname=myuser)(memberOf:1.2.840.113556.1.4.1941:=CN=openvpn,CN=Users,DC=xpto,DC=pt))
-
i think a correct filter is:
(&(samaccountname=myuser)(memberOf=CN=openvpn,CN=Users,DC=xpto,DC=pt))
or if you use active directory and want to recursive search.
(&(samaccountname=myuser)(memberOf:1.2.840.113556.1.4.1941:=CN=openvpn,CN=Users,DC=xpto,DC=pt))
Ok, configuring Extended Query with memberOf=CN=openvpn,CN=Users,DC=xpto,DC=pt works.
Thankx.
-
mvrk,
Wondering what snapshot you are using. I haven't been able to get LDAP authentication working ever since I started testing. Regardless of what userid I try to log in with, the search request that is sent to the domain controller (seen with wireshark on the DC) is always "(samaccountname=admin)".
This is true for both trying to actually log in to the web configurator as well as trying to test authentication from the Diagnostics menu.
I am on 2.1-RC1 (amd64) Aug 1 19:39:18 EDT 2013.
Thanks,
Shahid
-
Doh!! My bad. It is working just fine. My Extended Query syntax was incorrect.