pfSense: unable to retrieve group membership
-
I'm trying to restrict pfSense LDAP authentication to the users belonging only to a specific LDAP group.
I configured the Authentication Servers as per documentation but apparently pfSense is unable to obtain user's groups membership. The server is OpenLDAP, the configuration is:
Search Scope: one level
BaseDN: dc=DOMAIN,dc=it
Authentication containers: ou=Users
User naming attribute: uid
Group naming attribute: cn
Group member attribute: memberUid
RFC 2307 Groups: enabled
Group Object Class: posixGroup
Auth test works but it appears unable to retrieve groups membership:User yetopen authenticated successfully. This user is a member of groups:
And if I enable Extended query (tried a lot of different config, latest memberOf=CN=openvpn,OU=Groups,DC=DOMAIN,DC=it) it won't authenticate the user.
pfSense 2.4.3, openLDAP 2.4.42
-
It actually shows you that error or it just returns no groups?
Do those groups exist in pfSense with identical names?
Why are you running that old version of pfSense? You should upgrade when you can.
Steve