Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
LDAP Authentication
« previous
next »
Print
Pages: [
1
]
Author
Topic: LDAP Authentication (Read 4106 times)
ericdude101
Newbie
Posts: 6
Karma: 0
LDAP Authentication
«
on:
February 23, 2017, 10:32:29 pm »
I just finished setting up LDAP which so far is flaky at best. The first major thing I notice is that it is fully manual. although it binds to users, I still have to manually add each user rather than it monitoring or checking a user against a security group membership for permissions.
The second thing I notice that is a major concern is that all the information it uses seems to be cached. I am able to import a user and login, but if I disable the user in AD afterwards, they can still login without issues. I changed the password for one of these users and was able to login using the new password as well as the old interchangeably, another major security concern.
Is there a way to clean this functionality up or should I just disable all LDAP based access on the system?
«
Last Edit: February 23, 2017, 11:03:24 pm by ericdude101
»
Logged
ericdude101
Newbie
Posts: 6
Karma: 0
Re: LDAP Authentication
«
Reply #1 on:
February 23, 2017, 11:05:27 pm »
May I also ass that ad administrative (added to admin group in GUI and given all rights) still cannot make a number of changes, for example when I tried to delete a static route, I didn't get an error but it wasn't deleted but it works fine as root. Same with any changes made in the system access section, no error but no change.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: LDAP Authentication
«
Reply #2 on:
February 23, 2017, 11:41:20 pm »
ldap password's aren't cached/saved, however you can choose to fallback to a local password (which can be set manually in the gui).
Logged
ericdude101
Newbie
Posts: 6
Karma: 0
Re: LDAP Authentication
«
Reply #3 on:
February 24, 2017, 01:34:55 am »
Then why am I running into issues where old password and still working after a change in LDAP. and its not just the old password, I am able to use the users new AND old password to login.
Logged
AdSchellevis
Administrator
Hero Member
Posts: 907
Karma: 184
Re: LDAP Authentication
«
Reply #4 on:
February 24, 2017, 08:38:57 am »
Maybe some strange issue with your ldap server behind it, definitely not a password reuse on OPNsense, it doesn't know the old or current password.
It might be a good idea to share more information about your issue, software version steps performed, etc.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
LDAP Authentication