OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: alexandrob on February 21, 2017, 10:25:09 pm

Title: NEW features
Post by: alexandrob on February 21, 2017, 10:25:09 pm

Hello people,

If this is not a correct location, please let me know where I can ask.

I wonder if OPNSense exclarece twice:

Is OPNSense in any version going to search for user group on LDAP / AD basis?
How firewall rules in any version will filter by user group on LDAP / AD base?

These two issues prevent me from implementing OPNSense on multiple clients due to a need for user group authentication.

Thank you.

Title: Re: NEW features
Post by: JeGr on February 21, 2017, 11:39:25 pm

> How firewall rules in any version will filter by user group on LDAP / AD base?

What is meant by that one? Doesn't make much sense to me the way it reads. How should a _filter rule_ (on an IP package) determine a LDAP/AD user group? That info is nowhere to be found in an IP package of any sort!?

Title: Re: NEW features
Post by: franco on February 22, 2017, 07:44:08 am

Hi there,

Groups for LDAP / AD are being discussed, but there's nobody committing to do the work just yet.

I think the second one means NGFW user-based firewall policies which is quite hard to pull in an open source integration sense. Commercial products use IP info scraped from LDAP services and/or client-side services to register a user's IP there. We don't have this, but you can enforce such things with DHCP static mappings, aliases and firewall rules, sometimes also the captive portal or the experimental SSO for the web proxy.


Cheers,
Franco