Messages

Well TOTP was never automatic but my Pain point is that a user has to actively try to log in to the OpnSense so i as a Administraitor can create the TOTP seed and generate the Certificate for them. With the old way i could do everything without the user even interact with system.

So to be clear: I need the user to log in for it to create a LDAP synced account just so i can set up the TOTP Seed and Certificate?

The manual LDAP importer is no longer available since LDAP/RADIUS authenticators support on-demand creation and default group setup option.

But how does the on demand creation work? is ist queryed? or is it event based? and is there a way do map old users or at least auto create new users.

Hi folks,
after i updated my Opnsense and got in touch which the new LDAP method i got confused. My setup is strictly with TOTP so i have my LDAP server + TOTP setup with a Extended Query that searches all my users with the VPN group name, all right and fine with the manual import from 24.x. Now i have the issue that i have the same setup edited so  i enabled Read properties and Sync Groups but i have the same local users that aren't associated with the LDAP and a new user only pops up if i have a copy of the Auth Server settings without the TOTP. The new user also only is created if i try to log in with him over the Auth Tester. Is there something im missing? how often are the useres queryed from the LDAP? Does a user have to log in to the Firewall manualy so a account is created?

Thx