Hey, In here I've decribed my work on this topic :)
https://forum.netgate.com/topic/189447/openvpn-ssl-tls-user-auth-over-ldap/3

I found my issue: the group membership attribute should be "memberOf" instead of member as posted by OP.

Boas,
Tenho o mesmo problema, alguém tem alguma dica ?

I spent hours digging into the ldaps connection issues I had through the GUI on pfsense. I used openssl s_client in the shell to determine where the issue was with the verification of the CA.

openssl s_client -CAfile /etc/ssl/file.pem hostnamehere:636

Anytime I specified the CA file location openssl returned no errors... so I was perplexed why it wasn't working in the GUI. I eventually ran across this post and I am very grateful:

https://forum.netgate.com/topic/145578/ldaps-ad-bind/21

Essentially after changing the LDAP authentication server to LDAPS on port 636 you MUST restart php-fpm. I did this by running option 16 in the console.

I am currently on 2.4.5

I hope this post helps someone else if they find themselves in this situation.

@jmurr
Посмотрите тут
Обратите внимание на раздел Extended Query
Возможно , это то что Вам нужно
https://docs.netgate.com/pfsense/en/latest/usermanager/ldap-troubleshooting.html

@wickeren said in Freeradius with LDAP backend and 802.1x:

Have set Active Directory Compatibility in the Freeradius LDAP settings and played around with the EAP settings. For now the default is PEAP, in the EAP-PEAP section the default is MSCHAPv2 and Copy Request to Tunnel is set to Yes. According to some info I have found this should be OK, but in my case it isn’t however. Still think it must be something there, but can’t figure it out yet.

Hi , I tried to configure free-radius on Pfsense (authentication via ldap or Kerberos) , i have AD 2008 .
can you share your configuration please