Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.3.2 and LDAP Group Membership

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hydrianH Offline
      hydrian
      last edited by

      I'm trying to get LDAP group membership to work. PfSense 2.3.2 isn't getting the groups correctly. I'm trying to do group membership with RFC 2307bis (user object based) style group membership. I'm using OpenLDAP 2.4 with the memberOf overlay to achieve this.

      The authentication bind for the user works fine. The service account authentication bind works fine too. The authorization LDAP search looks to be working fine too. It is find the user and getting the memberOf attribute. Yet in the authentication diagnosis tag, it never displays any of the group that the user is a member of. I'm using groupOfNames objects to be the group objects. I'm using the CN for both the user object and the group object as the short name.

      Does anybody have any idea of what this issue could be?

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Do you have a group of the exact same name on pfSense? The groups will only be listed if a local matching group also exists.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • hydrianH Offline
          hydrian
          last edited by

          Thanks,
            That was the issue.
            Nowhere did I see in the Admin UI that an admin had to create a local group to mirror the remote (LDAP) group as a requirement. Probably want to make some type of note of that in the UI or at least have a link to the documentation about it in the LDAP/Radius authentication server configuration section.

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            It was already covered in the book but I added it a couple places in the wiki just now.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.