Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal and multiple LDAP servers

    Scheduled Pinned Locked Moved Captive Portal
    10 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tommyverburgh
      last edited by

      In our school we use one GSuite domain for the teachers and another Gsuite domain for the students. These are completely two different databases. Each Gsuite domain has his own LDAP server. I managed to configure in the pfsense Users Manager both LDAP's are working as an Authentication Server. But now I want to have a Captive Portal working that searches in both LDAPS, so a teacher and a student can authenticate in the captive portal. At this moment only users that are in de first LDAP database can login.
      Is there a way to accomplish what I want?

      F 1 Reply Last reply Reply Quote 0
      • F
        free4 Rebel Alliance @tommyverburgh
        last edited by

        @tommyverburgh just select both LDAP servers in the captive portal menu?

        T 1 Reply Last reply Reply Quote 0
        • T
          tommyverburgh @free4
          last edited by

          @free4 Thx for your reply. But that's how I configured it. I will try this again and find some things in the logs. It would be so easy for me if this works.

          viktor_gV 1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate @tommyverburgh
            last edited by

            @tommyverburgh said in Captive Portal and multiple LDAP servers:

            @free4 Thx for your reply. But that's how I configured it. I will try this again and find some things in the logs. It would be so easy for me if this works.

            If you select multiple LDAP servers, they will act as master/backup - if the first server is not available, it tries the second.

            T 1 Reply Last reply Reply Quote 0
            • T
              tommyverburgh @viktor_g
              last edited by

              @viktor_g Thx for your response. So if the first server is available and the user is not in the database it will not check the second server?

              viktor_gV 1 Reply Last reply Reply Quote 0
              • viktor_gV
                viktor_g Netgate @tommyverburgh
                last edited by

                @tommyverburgh Right, in the same way as WebGUI authentication works

                T 1 Reply Last reply Reply Quote 0
                • T
                  tommyverburgh @viktor_g
                  last edited by

                  @viktor_g Thx. This means that if the user who tries to login is on the second server and not on the first server, he can't log in. That's my problem. Are there workarounds?

                  viktor_gV 1 Reply Last reply Reply Quote 0
                  • viktor_gV
                    viktor_g Netgate @tommyverburgh
                    last edited by

                    @tommyverburgh this is a design flaw - you must have all your LDAP data in a single database and use primary/backup servers for Captive Portal authentication

                    F 1 Reply Last reply Reply Quote 0
                    • F
                      free4 Rebel Alliance @viktor_g
                      last edited by

                      @viktor_g that is not correct

                      if the first LDAP server is available but is telling "access denied" then the second ldap server is queried.

                      T 1 Reply Last reply Reply Quote 1
                      • T
                        tommyverburgh @free4
                        last edited by

                        @free4 ThankU, I will continue working this out. Thx

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.