Yet another question about LDAP group membership support



  • Hi Guys,

    I'm using pfsense 2.1-RC0 and trying to configure it to FreeIPA. It is authenticating with no problem but does not recognize group membership. Here is the FreeIPA log trace which seems be ok ! I've created the expected group to pfsense as well.

    appreciate all comments,
    Afshin Afzali

    conn=41 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
    conn=41 op=0 BIND dn="" method=128 version=3
    conn=41 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    conn=41 op=1 SRCH base="" scope=2 filter="(uid=admin)" attrs="memberOf"
    conn=41 op=1 RESULT err=32 tag=101 nentries=0 etime=0
    conn=41 op=2 UNBIND
    conn=41 op=2 fd=66 closed - U1
    conn=42 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
    conn=42 op=0 BIND dn="" method=128 version=3
    conn=42 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    conn=42 op=1 SRCH base="" scope=2 filter="(uid=admin)" attrs="memberOf"
    conn=42 op=1 RESULT err=32 tag=101 nentries=0 etime=0
    conn=42 op=2 UNBIND
    conn=42 op=2 fd=66 closed - U1
    conn=43 fd=67 slot=67 connection from 192.168.254.2 to 192.168.254.3
    conn=43 op=0 BIND dn="" method=128 version=3
    conn=43 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    conn=43 op=1 SRCH base="cn=users,cn=accounts,dc=basamadco,dc=local" scope=2 filter="(uid=afshin)" attrs=ALL
    conn=43 op=1 RESULT err=0 tag=101 nentries=1 etime=0
    conn=43 op=2 BIND dn="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local" method=128 version=3
    conn=43 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local"
    conn=44 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
    conn=44 op=0 BIND dn="" method=128 version=3
    conn=44 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    conn=43 op=3 UNBIND
    conn=43 op=3 fd=67 closed - U1
    conn=44 op=1 SRCH base="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local" scope=2 filter="(uid=afshin)" attrs="memberOf"
    conn=44 op=1 RESULT err=0 tag=101 nentries=1 etime=0
    conn=44 op=2 UNBIND
    conn=44 op=2 fd=66 closed - U1


  • Banned

    You need to create the matching group in User Manager as well.



  • Actually I did as I wrote in first post. But the problem was in bind credentials option. I could resolve it by changing anonymous binding to a known user.

    Thanks