Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LDAP Authentication to WebGUI no groups

    webGUI
    4
    4
    5.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      razrburn86
      last edited by

      I have been looking for an answer for days. So I finally decided to post about my problem.

      I have a Linux LDAP server set up that I am trying to authenticate to. I have it authenticating users just fine. The problem I am having is that it can't find the group that the user belongs to. I have create a local group on my pfSense box that is called RouterAdmins I also created a group on my LDAP server called RouterAdmins. I add my user as a member and I can't get pfSense to see that I am a member of that group when testing.

      Any help is greatly appreciated.

      Thank You!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You must have a local group that matches the name of the LDAP group. There is no way to pass permissions from LDAP to pfSense, it has to find the permissions some way, and that way is by having the local group defined with the desired permissions.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          angelitoblu
          last edited by

          Hi

          I am have the same problem,

          Authentication is fine, with OpenLdap Server and had el group admins, like pfsense local auth, moreover, a can't retrive el group of a members.

          i do the query on apache directory studio, look like that:

          (&(objectClass=posixGroup)(memberUid=%uid))

          i can found it the groups

          the same filter works  with ldapsearch on local openldap server, but en pfsense server i get the error:

          LDAP vendor version mismatch: library 20435, header 20433

          But i don't know on witch place configure the filter on pfsense en the ldap authentication section,

          my configuration parameters

          User naming attribute uid
          Group naming attribute cn
          Group member attribute memberUid

          I try place de filter on Group member attribute, or extended query but dont work.  I apply the platch to see debugging logs y only get an empty answer from openldap server.

          So, openldap server side the logs show recive de query but can found attribute request.

          Anybody can i help me?

          Thanks a lot

          1 Reply Last reply Reply Quote 0
          • C
            cparkervt
            last edited by

            Same here. I've created a group called "admins" in LDAP and I'm getting successful auth, but no group matching.

            Edit:
            I've tried creating a new group called "RouterAdmins" in both LDAP and PF.
            Additionally I've told PF to look in the the groups portion of the tree to find the CN's for groups.

            Hack that worked but I don't like it.
            I added an attribute to a user I'm testing with, and made it ou… cn=RouterAdmins,blahblah. PF picked up on that and matched the groups up.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.