Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    User Manager with LDAP

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    7
    3172
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sws last edited by

      Hi all

      On "System: Authentication Servers" I added my ldap server
      On "Diagnostics: Authentication" I tested many users and all are ok

      But each time on "System: User manager settings"ย  when I chose in "Authentication Server" to be the LDAP server and click save and test it gives me this message:

      "The test was not performed becuase it is supported only for ldap based backends."

      I used wireshark on my ldap server and found that the pfSense can reach ldap successfully and can retrieve data from it successfully too.

      Why I can not see users on the "System: Authentication Servers" ?

      I want to see a list of users in order to add certificate for them individually for OpenVPN usage.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Getting a user list and managing certificates for LDAP/RADIUS users isn't supported. (Not sure if that's 'yet' or 'ever' though). Not sure about the auth test bit though.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • E
          eri-- last edited by

          The error message should be fixed.
          The other side is create the user yourself and add teh certificate. Iirc it will use it.

          1 Reply Last reply Reply Quote 0
          • S
            sws last edited by

            In OpenVPN advanced server the certificate is created for each user automatically.

            I have no problem with creating the certificate to each user manually but How would I pair between a user on ldap and a certificate.

            From what I understood that this is not possible at all - at least now - on pfSense

            right ?

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              Well we don't let you pick a remote authentication mode in an SSL/TLS mode for starters, so you can't use LDAP and have certificate-based auth.

              You could just make certificates in the certificate manager by hand and just make the common name the same as the usernames. That would work fine, it just doesn't show any kind of association.

              In our user manager the association is only there as a convenience.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • S
                sws last edited by

                @jimp:

                Well we don't let you pick a remote authentication mode in an SSL/TLS mode for starters, so you can't use LDAP and have certificate-based auth.

                What does you mean by starters ?

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  As in a one of several reasons it doesn't work as it stands now. The starting reason (or main reason)

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post