Yet another question about LDAP group membership support
-
Hi Guys,
I'm using pfsense 2.1-RC0 and trying to configure it to FreeIPA. It is authenticating with no problem but does not recognize group membership. Here is the FreeIPA log trace which seems be ok ! I've created the expected group to pfsense as well.
appreciate all comments,
Afshin Afzaliconn=41 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
conn=41 op=0 BIND dn="" method=128 version=3
conn=41 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
conn=41 op=1 SRCH base="" scope=2 filter="(uid=admin)" attrs="memberOf"
conn=41 op=1 RESULT err=32 tag=101 nentries=0 etime=0
conn=41 op=2 UNBIND
conn=41 op=2 fd=66 closed - U1
conn=42 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
conn=42 op=0 BIND dn="" method=128 version=3
conn=42 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
conn=42 op=1 SRCH base="" scope=2 filter="(uid=admin)" attrs="memberOf"
conn=42 op=1 RESULT err=32 tag=101 nentries=0 etime=0
conn=42 op=2 UNBIND
conn=42 op=2 fd=66 closed - U1
conn=43 fd=67 slot=67 connection from 192.168.254.2 to 192.168.254.3
conn=43 op=0 BIND dn="" method=128 version=3
conn=43 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
conn=43 op=1 SRCH base="cn=users,cn=accounts,dc=basamadco,dc=local" scope=2 filter="(uid=afshin)" attrs=ALL
conn=43 op=1 RESULT err=0 tag=101 nentries=1 etime=0
conn=43 op=2 BIND dn="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local" method=128 version=3
conn=43 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local"
conn=44 fd=66 slot=66 connection from 192.168.254.2 to 192.168.254.3
conn=44 op=0 BIND dn="" method=128 version=3
conn=44 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
conn=43 op=3 UNBIND
conn=43 op=3 fd=67 closed - U1
conn=44 op=1 SRCH base="uid=afshin,cn=users,cn=accounts,dc=basamadco,dc=local" scope=2 filter="(uid=afshin)" attrs="memberOf"
conn=44 op=1 RESULT err=0 tag=101 nentries=1 etime=0
conn=44 op=2 UNBIND
conn=44 op=2 fd=66 closed - U1 -
You need to create the matching group in User Manager as well.
-
Actually I did as I wrote in first post. But the problem was in bind credentials option. I could resolve it by changing anonymous binding to a known user.
Thanks