pfSense: unable to retrieve group membership

  • I'm trying to restrict pfSense LDAP authentication to the users belonging only to a specific LDAP group.

    I configured the Authentication Servers as per documentation but apparently pfSense is unable to obtain user's groups membership. The server is OpenLDAP, the configuration is:

    Search Scope: one level
    BaseDN: dc=DOMAIN,dc=it
    Authentication containers: ou=Users
    User naming attribute: uid
    Group naming attribute: cn
    Group member attribute: memberUid
    RFC 2307 Groups: enabled
    Group Object Class: posixGroup
    Auth test works but it appears unable to retrieve groups membership:

    User yetopen authenticated successfully. This user is a member of groups:

    And if I enable Extended query (tried a lot of different config, latest memberOf=CN=openvpn,OU=Groups,DC=DOMAIN,DC=it) it won't authenticate the user.

    pfSense 2.4.3, openLDAP 2.4.42

  • Netgate Administrator

    It actually shows you that error or it just returns no groups?

    Do those groups exist in pfSense with identical names?

    Why are you running that old version of pfSense? You should upgrade when you can.


Log in to reply