AD Group names with spaces or longer than 16 characters
-
I have pfsense using our corporate Active Directory server for authentication, and attempting to add some of these AD groups for different levels of authorization within the System: Group manager window. I have come across the following two limitations:
1. a Group's name cannot have more than 16 characters.
2. a Group's name with a space doesn't seem to workUnfortunately, I do not have control over what the AD group names are as the domain serves upwards of 100k users.
How might I be able to get around these two limitations within pfSense?
I am currently on 2.1.4
-
you should post your settings
Including but not limited to
Extend queries set?
Settings for
User naming attribute
Group naming attribute
Group member attribute -
samAccountName
cn
memberOfI should clarify that AD authentication works perfect for any AD groups that do not have spaces. I found the exact LDAP settings for AD from another post here (not sure the exact post).
-
Are you using extended queries?
You should post a screenshot of your config page. Blank out anything you might feel is sensitive but do it in a way we can see all the strings.
you can also try and escape the space with \20 and see if that works
so
ou=OU WithSpace
becomes
ou=OU\20WithSpaceOr
might be %20 as escape for space. so would be ou=OU%20WithSpace
if you need multiple groups to be searched the authentication container string should look similar to this
CN=Users,DC=domain,DC=com;OU=DifferentUsers,DC=domain,DC=comI use extended queries for my vpn access and it looks like this
memberOf=CN=VPNusers,CN=Users,DC=domain,DC=com