I was following the docs on how to add LDAP auth to OPNSense. I added an LDAP server and using the tester, I authenticated against it successfully.
But how do I go about adding an LDAP user to opnsense? I tried going to System -> Access -> Users but I don't see a cloud import icon anywhere.
it will not import the users.
Opnsense will query the users against the ldapserver, depending how you configured it. You can use it e.g. as a vpnbackend. If you want users get logged in on opnsense by ldap, you have to configure it in system, general and use also yourldap-source as authentication-backend. Default is local database.
Importing LDAP users has only two use cases:
Associating OpenVPN certificates for them.
Allowing GUI or shell access.
The import is a snapshot as it only syncs manually when you import. It is by all means only a convenience feature and not a requirement unless you need one of the two use cases above.
Cheers,
Franco
I have exactly this use case: I would like to link client certificates to ldap users. But the cloud import icon mentioned in the docs is not visible! Am I missing something here?
OK, found it. Contrary to the docs, you need to first enable the ldap server under System > Settings > Administration > Authentication > Server. Only then the import icon will show.
However, it seems to ignore the user name setting defined, e. g. for AD it always picks sAMAccountName. I would like to use userPrincipalName instead...
Oh well, in the source I see that you are stripping off the @domain part. So nevermind.