OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • [SOLVED] LDAP/Active Directory and nested group
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] LDAP/Active Directory and nested group  (Read 3255 times)

narfight

  • Newbie
  • *
  • Posts: 10
  • Karma: 1
    • View Profile
[SOLVED] LDAP/Active Directory and nested group
« on: August 28, 2017, 01:45:07 pm »
Hello,

I tried to use "memberOf:1.2.840.113556.1.4.1941:=CN..." to get the list of users who are in nested group for my VPN connection.

I use this configuration :
  • Type : LDAP
  • Hostname or IP address : 10.0.0.10
  • Port value : 389
  • Transport : TCP - Standard 
  • Protocol version : 3
  • Bind credentials : User DN: MyCorp\LDAP
  • Search scope : Entire Subtree 
  • Base DN : OU=Macell,DC=MyCorp,DC=org
  • Authentication containers : DC=MyCorp,DC=org
  • Extended Query : &(memberOf:1.2.840.113556.1.4.1941:=CN=TESTGROUP,OU=Remote Login,OU=00 Security Group,OU=Macell,DC=MyCorp,DC=org)
  • User naming attribute : sAMAccountName

the reply are users directly member of TESTGROUP and ... list of groups member of this group.

Can you confirm that it is possible to use "1.2.840.113556.1.4.1941" on OpnSense ?

Thank you
« Last Edit: August 28, 2017, 02:35:12 pm by narfight »
Logged

narfight

  • Newbie
  • *
  • Posts: 10
  • Karma: 1
    • View Profile
Re: [SOLVED] LDAP/Active Directory and nested group
« Reply #1 on: August 28, 2017, 02:37:50 pm »
Two error in my config.

First : add "(objectCategory=person)" to my Extended Query.

second : Allow my user "LDAP" to read in all of DC !
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • [SOLVED] LDAP/Active Directory and nested group
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2