OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: JohnnyMorris on December 02, 2016, 09:34:28 am

Title: filtering traffic on Active directory users accounts?
Post by: JohnnyMorris on December 02, 2016, 09:34:28 am
I've set up LDAP integration successfully, my question is can i block traffic using specific user accounts from my AD server?

Sorry if its posted somewhere else i cant find any definitive answers.

im guessing i can import the AD users into opnsense via LDAP integration, create groups in OPNsense from the imported users to mirror the groups i have in Active Directory and set specific block/allow rules for those groups OPNsense? i'm using the latest production release.

thanks
Title: Re: filtering traffic on Active directory users accounts?
Post by: JohnnyMorris on December 05, 2016, 12:09:38 pm
so its not possible to set firewall rules based on users imported from Active directory? i just need to know if i can block sites on a per user basis from the LDAP information. ive made the connection successfully but thats as far as ive got.

simple yes or no would be great as if ive run up a dead end ill have to look at a different solution. thanks
Title: Re: filtering traffic on Active directory users accounts?
Post by: franco on December 05, 2016, 05:22:53 pm
Hi Johnny,

It requires mechanisms to pull IP addresses from the directory, provide those in aliases according to arbitrary mappings (groups, users, extended queries) and to periodically re-execute the pull. We are doing a filter rework that will stretch as far as OPNsense 17.7, which would make this easier to pull off, but there is nobody on point for such works.


Cheers,
Franco
Title: Re: filtering traffic on Active directory users accounts?
Post by: JohnnyMorris on December 07, 2016, 04:54:35 pm
what a a shame, as an active directory plugin that allows you to set filtering levels by AD security group membership would be the holy grail for alot of people including me. i know i shouldnt ask this but what is the next best solution? can anyone help? sonicwall or a paid version of untangle?