How to define "Extended Query" for LDAP group membership (Solved)

kestral · May 2, 2012, 8:16 AM

Hi,

I've been trying to get this working for some time now and cant seem to get it. I have username password working fine, but anything I enter into extended query causes the authentication to fail.

The group name I'm testing membership for is called pfSenseTest and its under this tree

domain.name
name1
Security Groups
pfSenseTest

I am a member of the group but I cant seem to get group membership to authenticate.

Does anyone have any suggestions as to what it should look like given the above ?

Thanks,
Andrew

kestral · May 2, 2012, 8:22 AM

Hi all,

After a lot of messing round I figured it out and thought I'd put the answer in for others that may be trying the same thing.

With the tree from my question as follows

domain.name
name1
Security Groups
pfSenseTest

the result for the "Extended Query" is

memberOf=CN=pfSenseTest,OU=Security Groups,OU=name1,DC=domain,DC=name

I tested this on ver 2.1 from a few weeks ago but I suspect the result will work on 2.x

This was found by using the softerra LDAP browser from http://http://www.ldapbrowser.com and finding the entry in the user then right clicking it and choosing the copy option (theres a number of options, the one I used was "copy as LDAP filter" and removing the left and right parenthisis characters from it).

Hope this helps someone,
Andrew

anonymous66 · May 6, 2012, 8:10 PM

@kestral:

Hi all,

After a lot of messing round I figured it out and thought I'd put the answer in for others that may be trying the same thing.

With the tree from my question as follows

domain.name
name1
Security Groups
pfSenseTest

the result for the "Extended Query" is

memberOf=CN=pfSenseTest,OU=Security Groups,OU=name1,DC=domain,DC=name

I tested this on ver 2.1 from a few weeks ago but I suspect the result will work on 2.x

This was found by using the softerra LDAP browser from http://http://www.ldapbrowser.com and finding the entry in the user then right clicking it and choosing the copy option (theres a number of options, the one I used was "copy as LDAP filter" and removing the left and right parenthisis characters from it).

Hope this helps someone,
Andrew

Hi Andrew ,
what did you type in the Authentication containers field?

Can you post a screenshot of the System Authentication Server Page? It will be very useful.

Regards
Antonio

kestral · May 8, 2012, 12:24 AM

Hi Antonio,

Screenshot attached

Regards,
Andrew

felipe · Nov 14, 2012, 12:04 AM

@kestral:

Hi Antonio,

Screenshot attached

Regards,
Andrew

Hi everyone.

Andrew, could you login sucessfully after this?? I tested and it's ok but after login the pfsense shows the message: "No page assigned to this user! Click here to logout. " Even if I create a user and specify admin settings to it, this message still appears..

any ideas?

sheepthief · Nov 30, 2012, 12:56 PM

Unless I've missed something there's no field for "Extended Query" until version 2.1 - at least I can't find it in 2.0.1 - so I'm stuck for the moment.