[SOLVED] LDAP/Active Directory and nested group

Started by narfight, August 28, 2017, 01:45:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 28, 2017, 01:45:07 PM Last Edit: August 28, 2017, 02:35:12 PM by narfight
Hello,

I tried to use "memberOf:1.2.840.113556.1.4.1941:=CN..." to get the list of users who are in nested group for my VPN connection.

I use this configuration :
  • Type : LDAP
  • Hostname or IP address : 10.0.0.10
  • Port value : 389
  • Transport : TCP - Standard 
  • Protocol version : 3
  • Bind credentials : User DN: MyCorp\LDAP
  • Search scope : Entire Subtree 
  • Base DN : OU=Macell,DC=MyCorp,DC=org
  • Authentication containers : DC=MyCorp,DC=org
  • Extended Query : &(memberOf:1.2.840.113556.1.4.1941:=CN=TESTGROUP,OU=Remote Login,OU=00 Security Group,OU=Macell,DC=MyCorp,DC=org)
  • User naming attribute : sAMAccountName

the reply are users directly member of TESTGROUP and ... list of groups member of this group.

Can you confirm that it is possible to use "1.2.840.113556.1.4.1941" on OpnSense ?

Thank you
August 28, 2017, 02:37:50 PM #1
Two error in my config.

First : add "(objectCategory=person)" to my Extended Query.

second : Allow my user "LDAP" to read in all of DC !
Print
Go Up Pages1
User actions