Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to define "Extended Query" for LDAP group membership (Solved)

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 16.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kestral
      last edited by

      Hi,

      I've been trying to get this working for some time now and cant seem to get it. I have username password working fine, but anything I enter into extended query causes the authentication to fail.

      The group name I'm testing membership for is called pfSenseTest and its under this tree

      domain.name
       name1
         Security Groups
           pfSenseTest

      I am a member of the group but I cant seem to get group membership to authenticate.

      Does anyone have any suggestions as to what it should look like given the above ?

      Thanks,
      Andrew

      1 Reply Last reply Reply Quote 0
      • K
        kestral
        last edited by

        Hi all,

        After a lot of messing round I figured it out and thought I'd put the answer in for others that may be trying the same thing.

        With the tree from my question as follows

        domain.name
         name1
           Security Groups
             pfSenseTest

        the result for the "Extended Query" is

        memberOf=CN=pfSenseTest,OU=Security Groups,OU=name1,DC=domain,DC=name

        I tested this on ver 2.1 from a few weeks ago but I suspect the result will work on 2.x

        This was found by using the softerra LDAP browser from http://http://www.ldapbrowser.com and finding the entry in the user then right clicking it and choosing the copy option (theres a number of options, the one I used was "copy as LDAP filter" and removing the left and right parenthisis characters from it).

        Hope this helps someone,
        Andrew

        1 Reply Last reply Reply Quote 0
        • A
          anonymous66
          last edited by

          @kestral:

          Hi all,

          After a lot of messing round I figured it out and thought I'd put the answer in for others that may be trying the same thing.

          With the tree from my question as follows

          domain.name
           name1
             Security Groups
               pfSenseTest

          the result for the "Extended Query" is

          memberOf=CN=pfSenseTest,OU=Security Groups,OU=name1,DC=domain,DC=name

          I tested this on ver 2.1 from a few weeks ago but I suspect the result will work on 2.x

          This was found by using the softerra LDAP browser from http://http://www.ldapbrowser.com and finding the entry in the user then right clicking it and choosing the copy option (theres a number of options, the one I used was "copy as LDAP filter" and removing the left and right parenthisis characters from it).

          Hope this helps someone,
          Andrew

          Hi Andrew ,
          what did you type in the Authentication containers field?

          Can you post a screenshot of the System Authentication Server Page? It will be very useful.

          Regards
          Antonio

          1 Reply Last reply Reply Quote 0
          • K
            kestral
            last edited by

            Hi Antonio,

            Screenshot attached

            Regards,
            Andrew

            ldap.PNG
            ldap.PNG_thumb

            1 Reply Last reply Reply Quote 0
            • F
              felipe
              last edited by

              @kestral:

              Hi Antonio,

              Screenshot attached

              Regards,
              Andrew

              Hi everyone.

              Andrew, could you login sucessfully after this?? I tested and it's ok but after login the pfsense shows the message: "No page assigned to this user! Click here to logout. "  Even if I create a user and specify admin settings to it, this message still appears..

              any ideas?

              1 Reply Last reply Reply Quote 0
              • S
                sheepthief
                last edited by

                Unless I've missed something there's no field for "Extended Query" until version 2.1 - at least I can't find it in 2.0.1 - so I'm stuck for the moment.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.