• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

LDAP Authentication to WebGUI no groups

Scheduled Pinned Locked Moved webGUI
4 Posts 4 Posters 5.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    razrburn86
    last edited by Oct 3, 2013, 4:43 PM

    I have been looking for an answer for days. So I finally decided to post about my problem.

    I have a Linux LDAP server set up that I am trying to authenticate to. I have it authenticating users just fine. The problem I am having is that it can't find the group that the user belongs to. I have create a local group on my pfSense box that is called RouterAdmins I also created a group on my LDAP server called RouterAdmins. I add my user as a member and I can't get pfSense to see that I am a member of that group when testing.

    Any help is greatly appreciated.

    Thank You!

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Oct 7, 2013, 7:16 PM

      You must have a local group that matches the name of the LDAP group. There is no way to pass permissions from LDAP to pfSense, it has to find the permissions some way, and that way is by having the local group defined with the desired permissions.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • A
        angelitoblu
        last edited by Dec 5, 2013, 2:09 AM

        Hi

        I am have the same problem,

        Authentication is fine, with OpenLdap Server and had el group admins, like pfsense local auth, moreover, a can't retrive el group of a members.

        i do the query on apache directory studio, look like that:

        (&(objectClass=posixGroup)(memberUid=%uid))

        i can found it the groups

        the same filter works  with ldapsearch on local openldap server, but en pfsense server i get the error:

        LDAP vendor version mismatch: library 20435, header 20433

        But i don't know on witch place configure the filter on pfsense en the ldap authentication section,

        my configuration parameters

        User naming attribute uid
        Group naming attribute cn
        Group member attribute memberUid

        I try place de filter on Group member attribute, or extended query but dont work.  I apply the platch to see debugging logs y only get an empty answer from openldap server.

        So, openldap server side the logs show recive de query but can found attribute request.

        Anybody can i help me?

        Thanks a lot

        1 Reply Last reply Reply Quote 0
        • C
          cparkervt
          last edited by Feb 20, 2014, 9:49 PM Feb 20, 2014, 8:22 PM

          Same here. I've created a group called "admins" in LDAP and I'm getting successful auth, but no group matching.

          Edit:
          I've tried creating a new group called "RouterAdmins" in both LDAP and PF.
          Additionally I've told PF to look in the the groups portion of the tree to find the CN's for groups.

          Hack that worked but I don't like it.
          I added an attribute to a user I'm testing with, and made it ou… cn=RouterAdmins,blahblah. PF picked up on that and matched the groups up.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received