2.0 RC1 + OpenVPN + LDAP auth + group requirement?
-
I've set up OpenVPN with external LDAP authentication and it works perfectly. However I want to limit access to VPN to few LDAP groups. Is it currently possible in 2.0? I don't see any place in web configurator to enter either group requirement or user defined LDAP filters (from these two I'd preffer second option as it gives way more possibilities to limit VPN access).
-
I had thought that's what you could do with some of the container options when setting up the LDAP server connection, but I might be misremembering it.
There was a ticket open at one point to allow limiting by groups, but adding that code would have broken other setups, so it was decided to revisit it at a later date.
-
For now I've used external radius to do the auth for VPN but I'd love to see LDAP filters implemented. If empty filter would be used by default it shouldn't affect any existing LDAP queries.
-
This was the ticket I was thinking of:
http://redmine.pfsense.org/issues/1009
Though I don't recall the specific objections now. There were issues that caused it to be backed out.