User Manager with LDAP



  • Hi all

    On "System: Authentication Servers" I added my ldap server
    On "Diagnostics: Authentication" I tested many users and all are ok

    But each time on "System: User manager settings"  when I chose in "Authentication Server" to be the LDAP server and click save and test it gives me this message:

    "The test was not performed becuase it is supported only for ldap based backends."

    I used wireshark on my ldap server and found that the pfSense can reach ldap successfully and can retrieve data from it successfully too.

    Why I can not see users on the "System: Authentication Servers" ?

    I want to see a list of users in order to add certificate for them individually for OpenVPN usage.

    Thanks.


  • Rebel Alliance Developer Netgate

    Getting a user list and managing certificates for LDAP/RADIUS users isn't supported. (Not sure if that's 'yet' or 'ever' though). Not sure about the auth test bit though.



  • The error message should be fixed.
    The other side is create the user yourself and add teh certificate. Iirc it will use it.



  • In OpenVPN advanced server the certificate is created for each user automatically.

    I have no problem with creating the certificate to each user manually but How would I pair between a user on ldap and a certificate.

    From what I understood that this is not possible at all - at least now - on pfSense

    right ?


  • Rebel Alliance Developer Netgate

    Well we don't let you pick a remote authentication mode in an SSL/TLS mode for starters, so you can't use LDAP and have certificate-based auth.

    You could just make certificates in the certificate manager by hand and just make the common name the same as the usernames. That would work fine, it just doesn't show any kind of association.

    In our user manager the association is only there as a convenience.



  • @jimp:

    Well we don't let you pick a remote authentication mode in an SSL/TLS mode for starters, so you can't use LDAP and have certificate-based auth.

    What does you mean by starters ?


  • Rebel Alliance Developer Netgate

    As in a one of several reasons it doesn't work as it stands now. The starting reason (or main reason)


Log in to reply