OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: narfight on August 28, 2017, 01:45:07 pm

Title: [SOLVED] LDAP/Active Directory and nested group
Post by: narfight on August 28, 2017, 01:45:07 pm

Hello,

I tried to use "memberOf:1.2.840.113556.1.4.1941:=CN..." to get the list of users who are in nested group for my VPN connection.

I use this configuration :

• Type : LDAP
• Hostname or IP address : 10.0.0.10
• Port value : 389
• Transport : TCP - Standard 
• Protocol version : 3
• Bind credentials : User DN: MyCorp\LDAP
• Search scope : Entire Subtree 
• Base DN : OU=Macell,DC=MyCorp,DC=org
• Authentication containers : DC=MyCorp,DC=org
• Extended Query : &(memberOf:1.2.840.113556.1.4.1941:=CN=TESTGROUP,OU=Remote Login,OU=00 Security Group,OU=Macell,DC=MyCorp,DC=org)
• User naming attribute : sAMAccountName

the reply are users directly member of TESTGROUP and ... list of groups member of this group.

Can you confirm that it is possible to use "1.2.840.113556.1.4.1941" on OpnSense ?

Thank you

Title: Re: [SOLVED] LDAP/Active Directory and nested group
Post by: narfight on August 28, 2017, 02:37:50 pm

Two error in my config.

First : add "(objectCategory=person)" to my Extended Query.

second : Allow my user "LDAP" to read in all of DC !