LDAP users are not displayed
-
Hi@all,
I have connected the pfSense to the local LDAP server (UCS server).
I have previously imported the UCS rootCA. This is also displayed correctly. Subsequently:
- Authentication server +
When I test a user with a password under Diagnostics -> Authentication, I get an OK.
Under User Administration -> Settings -> Save & Test I get:
Looks good to me. However, no LDAP users are shown in the pfSense in the user administration. What have I forgotten?
with best
pixel24 -
The firewall will not display LDAP users in a list. It will only attempt to authenticate users against LDAP when they attempt to login.
-
can I use the LDAP users for OpenVPN users on the pfSense?
-
Yes.
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-server-backend.htmlBut for user auth only, you can't pass parameters like you can with Radius.
Steve
-
ok, I will use the LDAP connection. I have created the group "OpenVPN" in the LDAP. Is it possible to restrict openVPN access to this group?
-
No. You can have the users inherit the privileges of a matching local group. But since there is no privilege required to connect to OpenVPN you can't restrict users using that directly.
https://docs.netgate.com/pfsense/en/latest/usermanager/groups.html#groups-and-remote-authentication
Steve
-
You could define an LDAP auth server entry just for OpenVPN which has settings that limit it to only the container or filter corresponding to the OpenVPN group on the server, then have OpenVPN auth against that.
-
Ooo, nice!
