Author Topic: Freeipa LDAP authentication HOWTO. (Read 1251 times)

hboetes · « **on:** January 04, 2019, 01:30:39 pm »

We have a FreeIPA server for authentication and to allow group members of sysadmins and firewallobservers to access via LDAP I proceeded like this:

Import the FreeIPA CA if you didn’t already, it’s probaby on your worstation over here:/etc/ipa/ca.crt
Create a user in Freeipa: opnsense, with a strong password
Create a group firewallobservers and add the right users to this group, I already had a sysadmin group.
In opensense: System → Access → Add a server like in the screenshot, always use the full LDAP account names, with the FQDN.

In the extended query you can decide which groups have access to the firewall: Since it’s hard to read:

|(memberof=cn=systemadministration,cn=groups,cn=accounts,dc=example,dc=com)(memberof=cn=firewallobservers,cn=groups,cn=accounts,dc=example,dc=com)

After that you can go to testers and check if everything works. If that works you can go to users and press the cloud button at the right to import the FreeIPA users. Add them to the right groups and Bob’s your uncle.

If there is anything unclear, please let me know and I’ll improve this How-to.

franco · « **Reply #1 on:** January 06, 2019, 09:22:56 pm »

Cool, thanks for this! <3

TaceN · « **Reply #2 on:** January 18, 2019, 11:54:52 pm »

thanks!

Author Topic: Freeipa LDAP authentication HOWTO. (Read 1251 times)

hboetes

Freeipa LDAP authentication HOWTO.

franco

Re: Freeipa LDAP authentication HOWTO.

TaceN

Re: Freeipa LDAP authentication HOWTO.