Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: gngui on February 14, 2025, 08:29:12 AM

Title: Cannot Import LDAP Users
Post by: gngui on February 14, 2025, 08:29:12 AM
Versions
OPNsense 25.1.1-amd64
FreeBSD 14.2-RELEASE-p1
OpenSSL 3.0.16

Setup
I have FreeIPA setup correctly as the LDAP server and I have imported users OK in the past.

Issue
Under System ‣ Access ‣ Users the cloud icon used to import LDAP users is not there. It used to be there but I have no idea at what version it disappeared.



Title: Re: Cannot Import LDAP Users
Post by: franco on February 14, 2025, 09:19:23 AM
Use the CN of the LDP user as a newly created user name and it's done. The importer didn't do any magic whatsoever.


Cheers,
Franco
Title: Re: Cannot Import LDAP Users
Post by: gngui on February 17, 2025, 10:38:42 AM
Hi,
Two issues to your suggestion,
1. Using the full CN of the user brings an error "A username must contain alphanumeric characters or a valid email address". If I use the username alone the system creates a local user.
2. The add user form requires a mandatory password which negates the need for LDAP.

Kindly assist.
Gerald
Title: Re: Cannot Import LDAP Users
Post by: franco on February 19, 2025, 08:24:57 AM
Hi Gerald,

1. What is a "full CN"? If you mean DN yes that doesn't work, but that's why I said CN. If it's an email that fails validation how about showing us which email format it doesn't accept?

2. You can set "random password" checkmark for new user.  The local user doesn't need one, correct.

3. We will be adding a CSV import... https://github.com/opnsense/core/issues/8340 ... but you still need a proper CN :)


Cheers,
Franco
Title: Re: Cannot Import LDAP Users
Post by: jasgg on March 10, 2025, 08:17:00 PM
Issue:
Hi all, today I upgraded one of my OPS to 25.1.1 and the LDAP users sync and creation of user certificates are no longer available.
I can validate the already created users but can't either sync the AD new users. There is no cloud bottom or any to start the sync. Also, if I enter an already created user, I cannot issue a certificate for OpenVPN in the user edit settings GUI.

What changed?

All the other users created before the upgrade can use the OVPN and login.

Question or clarification:

1. Has the SYNC button disappeared? If so, is there any other way of synching the AD LDAP users?
2. How to create the user certificate to be used by the OpenVPN? using the 'system-trust-certificates' and create the user cert in there?


Thanks in advance for the help and support.
JG
Title: Re: Cannot Import LDAP Users
Post by: sacoah on May 06, 2025, 09:18:26 AM
Hello Franco,

in what form do I have to enter the CN in the field "username"? According to the query, the CN is 'test user'. But when I enter 'test user' (with or without inverted commas) I get the error message that only 'A username must contain alphanumeric characters or a valid email address' is allowed.

Code Select
dsquery user -name "test user"
"CN=test user,OU=SZ Anwender,DC=testdom,DC=de"
SOLVED:
I have now entered the Windows login name 'testuser' in the "username" field and the CN 'test user' under 'Full name'. This works for me.
Text only | Text with Images