OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Tutorials and FAQs »
  • Freeipa LDAP authentication HOWTO.
« previous next »
  • Print
Pages: [1]

Author Topic: Freeipa LDAP authentication HOWTO.  (Read 4479 times)

hboetes

  • Newbie
  • *
  • Posts: 14
  • Karma: 4
    • View Profile
Freeipa LDAP authentication HOWTO.
« on: January 04, 2019, 01:30:39 pm »
We have a FreeIPA server for authentication and to allow group members of sysadmins and firewallobservers to access via LDAP I proceeded like this:

  • Import the FreeIPA CA if you didn’t already, it’s probaby on your worstation over here:/etc/ipa/ca.crt
  • Create a user in Freeipa: opnsense, with a strong password
  • Create a group firewallobservers and add the right users to this group, I already had a sysadmin group.
  • In opensense: System → Access → Add a server like in the screenshot, always use the full LDAP account names, with the FQDN.
  • In the extended query you can decide which groups have access to the firewall: Since it’s hard to read:
    |(memberof=cn=systemadministration,cn=groups,cn=accounts,dc=example,dc=com)(memberof=cn=firewallobservers,cn=groups,cn=accounts,dc=example,dc=com)



After that you can go to testers and check if everything works. If that works you can go to users and press the cloud button at the right to import the FreeIPA users. Add them to the right groups and Bob’s your uncle.  8)

If there is anything unclear, please let me know and I’ll improve this How-to.
« Last Edit: January 07, 2019, 06:43:44 am by hboetes »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: Freeipa LDAP authentication HOWTO.
« Reply #1 on: January 06, 2019, 09:22:56 pm »
Cool, thanks for this! <3
Logged

TaceN

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
Re: Freeipa LDAP authentication HOWTO.
« Reply #2 on: January 18, 2019, 11:54:52 pm »
thanks!
« Last Edit: January 18, 2019, 11:57:35 pm by TaceN »
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Tutorials and FAQs »
  • Freeipa LDAP authentication HOWTO.
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2