Adding LDAP Users?

Started by cclloyd, December 31, 2018, 01:57:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 31, 2018, 01:57:00 AM
I was following the docs on how to add LDAP auth to OPNSense.  I added an LDAP server and using the tester, I authenticated against it successfully.

But how do I go about adding an LDAP user to opnsense?  I tried going to System -> Access -> Users but I don't see a cloud import icon anywhere.
December 31, 2018, 06:18:16 AM #1 Last Edit: December 31, 2018, 08:11:30 AM by ruggerio
it will not import the users.

Opnsense will query the users against the ldapserver, depending how you configured it. You can use it e.g. as a vpnbackend. If you want users get logged in on opnsense by ldap, you have to configure it in system, general and use also yourldap-source as authentication-backend. Default is local database.
January 02, 2019, 05:35:13 PM #2
Importing LDAP users has only two use cases:

Associating OpenVPN certificates for them.
Allowing GUI or shell access.

The import is a snapshot as it only syncs manually when you import. It is by all means only a convenience feature and not a requirement unless you need one of the two use cases above.


Cheers,
Franco
March 12, 2019, 04:13:58 AM #3
I have exactly this use case: I would like to link client certificates to ldap users. But the cloud import icon mentioned in the docs is not visible! Am I missing something here?
March 12, 2019, 04:20:15 AM #4
OK, found it. Contrary to the docs, you need to first enable the ldap server under System > Settings > Administration > Authentication > Server. Only then the import icon will show.
March 12, 2019, 04:23:41 AM #5
However, it seems to ignore the user name setting defined, e. g. for AD it always picks sAMAccountName. I would like to use userPrincipalName instead...
March 12, 2019, 04:34:15 AM #6
Oh well, in the source I see that you are stripping off the @domain part. So nevermind.
Print
Go Up Pages1
User actions