Adding LDAP Users?

[cclloyd]

I was following the docs on how to add LDAP auth to OPNSense.  I added an LDAP server and using the tester, I authenticated against it successfully.

But how do I go about adding an LDAP user to opnsense?  I tried going to System -> Access -> Users but I don't see a cloud import icon anywhere.

[ruggerio]

it will not import the users.

Opnsense will query the users against the ldapserver, depending how you configured it. You can use it e.g. as a vpnbackend. If you want users get logged in on opnsense by ldap, you have to configure it in system, general and use also yourldap-source as authentication-backend. Default is local database.

[franco]

Importing LDAP users has only two use cases:

Associating OpenVPN certificates for them.
Allowing GUI or shell access.

The import is a snapshot as it only syncs manually when you import. It is by all means only a convenience feature and not a requirement unless you need one of the two use cases above.


Cheers,
Franco

[alh]

I have exactly this use case: I would like to link client certificates to ldap users. But the cloud import icon mentioned in the docs is not visible! Am I missing something here?

[alh]

OK, found it. Contrary to the docs, you need to first enable the ldap server under System > Settings > Administration > Authentication > Server. Only then the import icon will show.

[alh]

However, it seems to ignore the user name setting defined, e. g. for AD it always picks sAMAccountName. I would like to use userPrincipalName instead...

[alh]

Oh well, in the source I see that you are stripping off the @domain part. So nevermind.