How to define "Extended Query" for LDAP group membership (Solved)



  • Hi,

    I've been trying to get this working for some time now and cant seem to get it. I have username password working fine, but anything I enter into extended query causes the authentication to fail.

    The group name I'm testing membership for is called pfSenseTest and its under this tree

    domain.name
     name1
       Security Groups
         pfSenseTest

    I am a member of the group but I cant seem to get group membership to authenticate.

    Does anyone have any suggestions as to what it should look like given the above ?

    Thanks,
    Andrew



  • Hi all,

    After a lot of messing round I figured it out and thought I'd put the answer in for others that may be trying the same thing.

    With the tree from my question as follows

    domain.name
     name1
       Security Groups
         pfSenseTest

    the result for the "Extended Query" is

    memberOf=CN=pfSenseTest,OU=Security Groups,OU=name1,DC=domain,DC=name

    I tested this on ver 2.1 from a few weeks ago but I suspect the result will work on 2.x

    This was found by using the softerra LDAP browser from http://http://www.ldapbrowser.com and finding the entry in the user then right clicking it and choosing the copy option (theres a number of options, the one I used was "copy as LDAP filter" and removing the left and right parenthisis characters from it).

    Hope this helps someone,
    Andrew



  • @kestral:

    Hi all,

    After a lot of messing round I figured it out and thought I'd put the answer in for others that may be trying the same thing.

    With the tree from my question as follows

    domain.name
     name1
       Security Groups
         pfSenseTest

    the result for the "Extended Query" is

    memberOf=CN=pfSenseTest,OU=Security Groups,OU=name1,DC=domain,DC=name

    I tested this on ver 2.1 from a few weeks ago but I suspect the result will work on 2.x

    This was found by using the softerra LDAP browser from http://http://www.ldapbrowser.com and finding the entry in the user then right clicking it and choosing the copy option (theres a number of options, the one I used was "copy as LDAP filter" and removing the left and right parenthisis characters from it).

    Hope this helps someone,
    Andrew

    Hi Andrew ,
    what did you type in the Authentication containers field?

    Can you post a screenshot of the System Authentication Server Page? It will be very useful.

    Regards
    Antonio



  • Hi Antonio,

    Screenshot attached

    Regards,
    Andrew




  • @kestral:

    Hi Antonio,

    Screenshot attached

    Regards,
    Andrew

    Hi everyone.

    Andrew, could you login sucessfully after this?? I tested and it's ok but after login the pfsense shows the message: "No page assigned to this user! Click here to logout. "  Even if I create a user and specify admin settings to it, this message still appears..

    any ideas?



  • Unless I've missed something there's no field for "Extended Query" until version 2.1 - at least I can't find it in 2.0.1 - so I'm stuck for the moment.


Locked