25.4.1 -> 25.4.2 : AD login no longer works

Started by Evert, August 13, 2025, 09:09:48 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 14, 2025, 10:35:33 AM #15
Thanks, we tracked this down to an ambiguity in the setGroupMembership() function called by LDAP authentication and discussing options.

Without the commit the membership is simply missed, but the commit fixes that and then the sync kicks in even though you don't have group sync but because create user flag is set too that's being misinterpreted.


Cheers,
Fanco
October 01, 2025, 11:39:35 AM #16
Looks like the bug is still present in 25.4.3?

I just updated our backup unit 25.4 -> 25.4.3, and I'm unable to log in with the LDAP-connected account. Only local user account works.
--
Regards,
   Evert
October 01, 2025, 11:43:02 AM #17
After a bit of back and forth we only went with a validation improvement as the situation likely stems from a configuration edge case

https://github.com/opnsense/core/commit/1635813b7


Cheers,
Franco
October 01, 2025, 12:05:10 PM #18
Does this mean I need to change something in my configuration after updating to 25.4.3 for things to work?
--
Regards,
   Evert
October 01, 2025, 12:16:02 PM #19
Well, the idea is that when you save your LDAP authentication settings in 25.4.3 you likely get a validation error that prompts you to either allow memberOf sync checkbox and/or set a default group.


Cheers,
Franco
October 01, 2025, 12:33:10 PM #20
Quote from: franco on October 01, 2025, 12:16:02 PMWell, the idea is that when you save your LDAP authentication settings in 25.4.3 you likely get a validation error that prompts you to either allow memberOf sync checkbox and/or set a default group.


Ah! Yup, after I set a default group I can log in with my LDAP account again. Thanks!  :)
--
Regards,
   Evert
October 01, 2025, 01:19:06 PM #21
Ok nice to hear. Thanks for bearing with me here.


Cheers,
Franco
Print
Go Up Pages 1 2
User actions