filtering traffic on Active directory users accounts?

[JohnnyMorris]

I've set up LDAP integration successfully, my question is can i block traffic using specific user accounts from my AD server?

Sorry if its posted somewhere else i cant find any definitive answers.

im guessing i can import the AD users into opnsense via LDAP integration, create groups in OPNsense from the imported users to mirror the groups i have in Active Directory and set specific block/allow rules for those groups OPNsense? i'm using the latest production release.

thanks

[JohnnyMorris]

so its not possible to set firewall rules based on users imported from Active directory? i just need to know if i can block sites on a per user basis from the LDAP information. ive made the connection successfully but thats as far as ive got.

simple yes or no would be great as if ive run up a dead end ill have to look at a different solution. thanks

[franco]

Hi Johnny,

It requires mechanisms to pull IP addresses from the directory, provide those in aliases according to arbitrary mappings (groups, users, extended queries) and to periodically re-execute the pull. We are doing a filter rework that will stretch as far as OPNsense 17.7, which would make this easier to pull off, but there is nobody on point for such works.


Cheers,
Franco

[JohnnyMorris]

what a a shame, as an active directory plugin that allows you to set filtering levels by AD security group membership would be the holy grail for alot of people including me. i know i shouldnt ask this but what is the next best solution? can anyone help? sonicwall or a paid version of untangle?