LDAP configuration in 15.7.7_1

[weust]

I just upgraded to 15.7.7_1 to test the updated LDAP patches
Using a Active Directory setup I run at home I can now add the server configuration.
The setup page might need some information to clarify things though.

Anyway, selecting containers works great. I can see a list of my OU's.
On the settings tab I select Active Directory as the Authentication Server.
Test and save shows a bit misleading message imo, but I could be wrong.
It shows "Testing OPNsense LDAP settings... One moment please..." in the top, but also a close button in the bottom.
It might be that the close button only shows after completion or a timeout, but I would expect some "Test successful".


But that bring me to my issue: I now have a LDAP integration, but still can't login with a domain account.
Because, I cannot create a local user (on the box) and link it to a domain account.
And trying to log in with a domain account simply responds with a wrong user/password.

Step forward, but not quite there yet.
If I missed something on the forum or on IRC, let me know.

[franco]

The passwords are scrambled for now to at least allow for all users to appear in the system as well. You've reached the current implementation threshold. Is it possible to pull password hashes from the directory or should they be authenticated against it? I guess the latter is for PAM, the former could work with the GUI as a standalone (but may go out of sync).

[weust]

What directory?
Sorry, but I can only tell you how I'd like to see things when adding users to OPNsense with a LDAP (AD) link.

[franco]

The directory as in "D" as in LDAP/AD.

Question is if there is a way to export the password hash.

[weust]

Ah, right. No clue...