Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense: unable to retrieve group membership

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 442 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mark Seedha
      last edited by

      I'm trying to restrict pfSense LDAP authentication to the users belonging only to a specific LDAP group.

      I configured the Authentication Servers as per documentation but apparently pfSense is unable to obtain user's groups membership. The server is OpenLDAP, the configuration is:

      Search Scope: one level
      BaseDN: dc=DOMAIN,dc=it
      Authentication containers: ou=Users
      User naming attribute: uid
      Group naming attribute: cn
      Group member attribute: memberUid
      RFC 2307 Groups: enabled
      Group Object Class: posixGroup
      Auth test works but it appears unable to retrieve groups membership:

      User yetopen authenticated successfully. This user is a member of groups:

      And if I enable Extended query (tried a lot of different config, latest memberOf=CN=openvpn,OU=Groups,DC=DOMAIN,DC=it) it won't authenticate the user.

      pfSense 2.4.3, openLDAP 2.4.42

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It actually shows you that error or it just returns no groups?

        Do those groups exist in pfSense with identical names?

        Why are you running that old version of pfSense? You should upgrade when you can.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.