LDAP Authentication to WebGUI no groups

  • I have been looking for an answer for days. So I finally decided to post about my problem.

    I have a Linux LDAP server set up that I am trying to authenticate to. I have it authenticating users just fine. The problem I am having is that it can't find the group that the user belongs to. I have create a local group on my pfSense box that is called RouterAdmins I also created a group on my LDAP server called RouterAdmins. I add my user as a member and I can't get pfSense to see that I am a member of that group when testing.

    Any help is greatly appreciated.

    Thank You!

  • Rebel Alliance Developer Netgate

    You must have a local group that matches the name of the LDAP group. There is no way to pass permissions from LDAP to pfSense, it has to find the permissions some way, and that way is by having the local group defined with the desired permissions.

  • Hi

    I am have the same problem,

    Authentication is fine, with OpenLdap Server and had el group admins, like pfsense local auth, moreover, a can't retrive el group of a members.

    i do the query on apache directory studio, look like that:


    i can found it the groups

    the same filter works  with ldapsearch on local openldap server, but en pfsense server i get the error:

    LDAP vendor version mismatch: library 20435, header 20433

    But i don't know on witch place configure the filter on pfsense en the ldap authentication section,

    my configuration parameters

    User naming attribute uid
    Group naming attribute cn
    Group member attribute memberUid

    I try place de filter on Group member attribute, or extended query but dont work.  I apply the platch to see debugging logs y only get an empty answer from openldap server.

    So, openldap server side the logs show recive de query but can found attribute request.

    Anybody can i help me?

    Thanks a lot

  • Same here. I've created a group called "admins" in LDAP and I'm getting successful auth, but no group matching.

    I've tried creating a new group called "RouterAdmins" in both LDAP and PF.
    Additionally I've told PF to look in the the groups portion of the tree to find the CN's for groups.

    Hack that worked but I don't like it.
    I added an attribute to a user I'm testing with, and made it ou… cn=RouterAdmins,blahblah. PF picked up on that and matched the groups up.

Log in to reply