LDAP Extended Query with Multiple Groups



  • I am having trouble getting the syntax right for specifying two security groups in an LDAP extended query. Example situation below:
    Security Group 1 = group1
    dn="CN=group1,DC=test,DC=local"

    Security Group 2 = group2
    dn="CN=group2,DC=test,DC=local"

    I can get one security group working with the syntax "memberOf=CN=group1,DC=test,DC=local", but I cannot figure out how to tell it to query for "IF user is a member of group1 OR group2". Any help would be greatly appreciated. Thank you!



  • That would be a little bit more complex…

    As an example:
    Found here: http://stackoverflow.com/questions/19536519/ldap-search-filter-multiple-groups-squid

    (&(|(memberOf=CN=normal_group,OU=Test_Users,DC=matthew,DC=com)(memberOf=CN=internet_group,OU=Test_Users,DC=matthew,DC=com))(sAMAccountName=%s))


  • Rebel Alliance Developer Netgate

    For fiddling with LDAP search queries to get them right, it's hard to beat a utility like Apache Directory Studio. It's easier than trying to dial them in using just the pfSense GUI.



  • hi,
    thank you for the hints. I had the same requirements. I just want to share my expirience.

    I needed two groups. One for VPN users and the other one for VPN access and pfsense administration.

    For me its perfect now  :)
    A picture is worth a thousand words.

    ![Image 28.png_thumb](/public/imported_attachments/1/Image 28.png_thumb)
    ![Image 28.png](/public/imported_attachments/1/Image 28.png)