firewal rules active directory based

[sashok60]

Good afternoon, is it possible in the future to see the firewall for users and groups of Active Directory?
That would be very good for anyone using the Active Directory environment.

[bartjsmit]

You likely want to do this externally and implement rules through the API, I guess.

Bart...

[sashok60]

I want to specify in the firewall rules Active Directory "user" or "group" as the source

[bartjsmit]

For which settings? There is a RADIUS plugin for AD authentication.

[sashok60]

I want to use Active directory groups and users in the firewall rules from LDAP (for example from
System: Access: Servers)

[hbc]

Without any 3rd party agent on your ad server, this won't work. How should OPNsense know which user belongs to which ip?

For web traffic you can use proxy with ldap authentication, else there exists sensei where you need an agent software on your directory server. But for sophisticate rules, you need a premium license and at least in our ad environment, the agent did not map properly. It just recognized 3 users.

Even commercial firewalls needs some kind of agent software either on ad or clients. I think Franco started a little private project for an agent on client that uses api to allow access for special users.

[sashok60]

sorry, I did not ask correctly
I want to use Active directory groups and users in the firewall rules for openVPN clients with LDAP authentication

[sashok60]

generally the user's IP address can be found in Active Directory in the security log, but there is no such mechanism in OPNsense