Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.0 RC1 + OpenVPN + LDAP auth + group requirement?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hawq
      last edited by

      I've set up OpenVPN with external LDAP authentication and it works perfectly. However I want to limit access to VPN to few LDAP groups. Is it currently possible in 2.0? I don't see any place in web configurator to enter either group requirement or user defined LDAP filters (from these two I'd preffer second option as it gives way more possibilities to limit VPN access).

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I had thought that's what you could do with some of the container options when setting up the LDAP server connection, but I might be misremembering it.

        There was a ticket open at one point to allow limiting by groups, but adding that code would have broken other setups, so it was decided to revisit it at a later date.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • H
          Hawq
          last edited by

          For now I've used external radius to do the auth for VPN but I'd love to see LDAP filters implemented. If empty filter would be used by default it shouldn't affect any existing LDAP queries.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            This was the ticket I was thinking of:

            http://redmine.pfsense.org/issues/1009

            Though I don't recall the specific objections now. There were issues that caused it to be backed out.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.