1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. pfSense: unable to retrieve group membership

pfSense: unable to retrieve group membership

  • M

    I'm trying to restrict pfSense LDAP authentication to the users belonging only to a specific LDAP group.

    I configured the Authentication Servers as per documentation but apparently pfSense is unable to obtain user's groups membership. The server is OpenLDAP, the configuration is:

    Search Scope: one level
    BaseDN: dc=DOMAIN,dc=it
    Authentication containers: ou=Users
    User naming attribute: uid
    Group naming attribute: cn
    Group member attribute: memberUid
    RFC 2307 Groups: enabled
    Group Object Class: posixGroup
    Auth test works but it appears unable to retrieve groups membership:

    User yetopen authenticated successfully. This user is a member of groups:

    And if I enable Extended query (tried a lot of different config, latest memberOf=CN=openvpn,OU=Groups,DC=DOMAIN,DC=it) it won't authenticate the user.

    pfSense 2.4.3, openLDAP 2.4.42

    0
  • stephenw10
    Netgate Administrator

    It actually shows you that error or it just returns no groups?

    Do those groups exist in pfSense with identical names?

    Why are you running that old version of pfSense? You should upgrade when you can.

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy