AD Group names with spaces or longer than 16 characters



  • I have pfsense using our corporate Active Directory server for authentication, and attempting to add some of these AD groups for different levels of authorization within the System: Group manager window.  I have come across the following two limitations:

    1. a Group's name cannot have more than 16 characters.
    2. a Group's name with a space doesn't seem to work

    Unfortunately, I do not have control over what the AD group names are as the domain serves upwards of 100k users.

    How might I be able to get around these two limitations within pfSense?

    I am currently on 2.1.4



  • you should post your settings
    Including but not limited to
    Extend queries set?
    Settings for
    User naming attribute   
    Group naming attribute   
    Group member attribute



  • samAccountName
    cn
    memberOf

    I should clarify that AD authentication works perfect for any AD groups that do not have spaces.  I found the exact LDAP settings for AD from another post here (not sure the exact post).



  • Are you using extended queries?

    You should post a screenshot of your config page.  Blank out anything you might feel is sensitive but do it in a way we can see all the strings.

    you can also try and escape the space with \20 and see if that works

    so
    ou=OU WithSpace
    becomes
    ou=OU\20WithSpace

    Or

    might  be %20 as escape for space. so would be ou=OU%20WithSpace

    if you need multiple groups to be searched the authentication container string should look similar to this
    CN=Users,DC=domain,DC=com;OU=DifferentUsers,DC=domain,DC=com

    I use extended queries for my vpn access and it looks like this
    memberOf=CN=VPNusers,CN=Users,DC=domain,DC=com


Log in to reply