OpenLDAP for WebGUI authentication

paklids · Jul 5, 2013, 9:48 PM

I have not had any success so far using any of the recommendations using OpenLDAP.

I can auth the OpenLDAP user but am unable to get a group listing for that user in Diagnostics->Authentication. Using a packetcapture I can see that OpenLDAP is replying with information about the user (but not the user's group information).

doktornotor · Jul 5, 2013, 9:49 PM

I guess you misunderstood the feature. Did you create the exact same group you want to use for authentication on your pfSense box? You will not get anything out of it otherwise. The query only returns a group if you have a matching group set up locally (with assigned privileges as required.)

paklids · Jul 5, 2013, 10:11 PM

I did but it did not work at the time. Tried it again with some tweaks and it looks like it may work well enough for us to use.

I'm working with our LDAP administrator and was able to determine that the "Group member attribute" must be an attribute that you add at the user level (an attribute that all the group members would share) and points to the group that they all belong to. A better description might be "User memberof attribute".