Show Posts
1
18.1 Legacy Series / BUG? - Users don't get any group membership when using openLDAP + memberOf
« on: May 14, 2018, 11:47:47 am »
Hi everyone,
We're using 18.1.7 in a production environment and we're trying to make it work with our current openLDAP deployment (which works fine with many other software appliances).
Port: 636
Transport: SSL - Encrypted
Protocol version: 3
Search scope: Entire subtree
Authentication containers: ou=Users,dc=redacted,dc=redacted
Extended query: <empty>
User Naming Attribute: uid
Authentication works, since I can see the user binding, but it's not getting group membership correctly.
I have a group called fw-admins on both opnSense and openLDAP, with a few users inside. The member list is correctly obtained by Atlassian Crowd, so I guess we can safely assume there's nothing wrong with the group itself.
I can't find any option to enable LDAP debugging in opnSense. I suspect there's something wrong with the Group membership attribute, but it seems like there's no option provided to supply a custom value for it.
Any help please?
Thanks!
We're using 18.1.7 in a production environment and we're trying to make it work with our current openLDAP deployment (which works fine with many other software appliances).
Port: 636
Transport: SSL - Encrypted
Protocol version: 3
Search scope: Entire subtree
Authentication containers: ou=Users,dc=redacted,dc=redacted
Extended query: <empty>
User Naming Attribute: uid
Authentication works, since I can see the user binding, but it's not getting group membership correctly.
I have a group called fw-admins on both opnSense and openLDAP, with a few users inside. The member list is correctly obtained by Atlassian Crowd, so I guess we can safely assume there's nothing wrong with the group itself.
I can't find any option to enable LDAP debugging in opnSense. I suspect there's something wrong with the Group membership attribute, but it seems like there's no option provided to supply a custom value for it.
Any help please?
Thanks!