LDAP AD Extended Query with 2 groups

buomque1 · Jun 3, 2018, 7:11 AM

Hi guys,
I am having trouble setting up 2 different groups in LDAP Extended Query (Active Directory)
Everything works fine if I set it up with 1 group using the Extended Query:
"memberOf=CN=pfSenseAdmins,CN=Users,DC=idc,DC=us"

I need to add: "memberOf=CN=pfSenseUsers,CN=Users,DC=idc,DC=us" to the Query as well, but couldn't figure out how.

Things I have tried so far but failed:
(&(memberOf=CN=pfSenseAdmins,CN=Users,DC=idc,DC=us)(memberOf=CN=pfSenseUsers,CN=Users,DC=idc,DC=us))

(&(|(memberOf=CN=pfSenseAdmins,CN=Users,DC=idc,DC=us)(memberOf=CN=pfSenseUsers,CN=Users,DC=idc,DC=us))(sAMAccountName=%s))

Any help would be greatly appreciated.

Thank you,

stephenw10 · Jun 3, 2018, 4:02 PM

So to be clear both those queries work individually but you want to authenticate only users who are members of both groups?

If you authenticate a user who is a member of both in Diag > Auth does it return both groups?

Where exactly are you using this?

Steve

buomque1 · Jun 3, 2018, 5:20 PM

@stephenw10 said in LDAP AD Extended Query with 2 groups:

clear both those queries work individually but you want to authenticate only users who are members of both groups?

Sorry, I wasnt being clear in previous post. I found this post to be similar to my issue:
https://forum.netgate.com/topic/103988/ldap-extended-query-with-multiple-groups

The solutions in there did not work for me. Is there a way to make this work? My pfSense version is 2.4.2.

Thank you,