G - Suite Authentication
-
Hi everyone,
I'm currently working on setting up the G-Suite Secure LDAP client as an authentication server on my pfSense version 2.7.2-RELEASE (amd64) Community Edition, utilizing stunnel version 5.50_11.
Here's my configuration:
Certificate Configuration:
Certificate Type: X.509(PEM)
Descriptive Name: G suite LDAP
Export Password: [Your Password]
PKCS#12 Encryption: High: AES-256 + SHA256
Stunnel Configuration:
Client Mode: Checked
Listen on IP: 127.0.0.1
Listen on Port: 1636
Protocol: [Specify Protocol]
Certificate: G suite LDAP
Redirects to IP: ldap.google.com
Redirects to Port: 636
Outgoing Source IP: [Specify IP]
Log Level: Debug
Timeout Close: 30
Custom Options: [Add any relevant custom options]
Authentication Server:
Descriptive Name: G suite
Type: LDAP
Hostname or IP Address: 127.0.0.1
Port Value: 1636
Transport: Standard TCP
Global Root CA List: [Specify CA List]
Protocol Version: 3
Server Timeout: 25
Search Scope:
Level: Entire Subtree
Base DN: [Confidential]
Authentication Containers: [Confidential]
Extended Query: Unchecked
Bind Anonymous: Unchecked
Bind Credentials: [Confidential]
User Naming Attribute: uid
Group Naming Attribute: cn
Group Member Attribute: memberOf
RFC 2307 Groups: Unchecked
Group Object Class: posixGroup
Shell Authentication Group DN: [Specify DN]
UTF8 Encode: Unchecked
Username Alterations: Checked
Allow Unauthenticated Bind: CheckedIn the authentication diagnostics, when attempting to authenticate, the following logs were generated:
Mar 6 15:09:33 php-fpm 586
/diag_authentication.php: LDAP Debug: Attempting to authenticate [Confidential] on G suiteMar 6 15:09:33 php-fpm 586 /diag_authentication.php: LDAP Debug: URI: ldap://127.0.0.1:1636 (v3)
Mar 6 15:09:33 php-fpm 586
/diag_authentication.php: LDAP Debug: Base DN: dc=[Confidential],dc=[Confidential]Mar 6 15:09:33 php-fpm 586 /diag_authentication.php: LDAP Debug: Scope: subtree
Mar 6 15:09:33 php-fpm 586
/diag_authentication.php: LDAP Debug: Auth Bind DN: [Confidential]Mar 6 15:09:33 php-fpm 586
/diag_authentication.php: LDAP Debug: Container: ou=[Confidential],ou=[Confidential],ou=[Confidential],dc=[Confidential],dc=[Confidential]Mar 6 15:09:33 php-fpm 586 /diag_authentication.php: LDAP Debug: Attrs: Name: uid / Group: memberOf
Mar 6 15:09:33 php-fpm 586 /diag_authentication.php: LDAP Debug: Extended Query:
Mar 6 15:09:33 php-fpm 586
/diag_authentication.php: LDAP Debug: Filter: (uid=[Confidential])Mar 6 15:09:33 php-fpm 586 /diag_authentication.php: LDAP Debug: Group Filter:
Mar 6 15:09:33 php-fpm 586 /diag_authentication.php: LDAP Debug: LDAP connection error flag: false
Mar 6 15:09:33 stunnel 47649 LOG5[0]: Service [G Suite] accepted connection from 127.0.0.1:41174
Mar 6 15:09:33 stunnel 47649 LOG6[0]: s_connect: connecting 2001:4860:4802:32::3a:636
Mar 6 15:09:33 stunnel 47649 LOG3[0]: s_connect: connect 2001:4860:4802:32::3a:636: No route to host (65)
Mar 6 15:09:33 stunnel 47649 LOG3[0]: No more addresses to connect
Mar 6 15:09:33 stunnel 47649 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Mar 6 15:09:33 php-fpm 586 /diag_authentication.php: ERROR! Could not bind to LDAP server G suite. Please check the bind credentials.I'd appreciate any guidance or suggestions you may have regarding this configuration. Thanks in advance for your help!
Best regards.