mirror of https://github.com/lldap/lldap.git
example_configs: pfsense.md, add warning about error about `OU`
This commit is contained in:
parent
04b0fa0ae9
commit
f96868318a
|
@ -1,5 +1,8 @@
|
||||||
# Configuration for pfSense
|
# Configuration for pfSense
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> Replace `dc=example,dc=com` with the same LDAP Base DN that you set via the *LLDAP_LDAP_BASE_DN* environment variable or in `lldap_config.toml`.
|
||||||
|
|
||||||
## Create a LDAP Server
|
## Create a LDAP Server
|
||||||
|
|
||||||
- Login to pfSense
|
- Login to pfSense
|
||||||
|
@ -16,7 +19,9 @@
|
||||||
- Protocol version: `3`
|
- Protocol version: `3`
|
||||||
- Server Timeout: `25`
|
- Server Timeout: `25`
|
||||||
|
|
||||||
(Make sure the host running LLDAP is accessible to pfSense and that you mapped the LLDAP port to the LLDAP host)
|
> [!NOTE]
|
||||||
|
> Make sure the host running LLDAP is accessible to pfSense and that you mapped the LLDAP port to the LLDAP host
|
||||||
|
|
||||||
### Search Scope
|
### Search Scope
|
||||||
```
|
```
|
||||||
Entire Subtree
|
Entire Subtree
|
||||||
|
@ -27,18 +32,25 @@ Entire Subtree
|
||||||
dc=example,dc=com
|
dc=example,dc=com
|
||||||
```
|
```
|
||||||
|
|
||||||
This is the same LDAP Base DN that you set via the *LLDAP_LDAP_BASE_DN* environment variable or in `lldap_config.toml`.
|
|
||||||
### Authentication containers
|
### Authentication containers
|
||||||
|
|
||||||
```
|
```
|
||||||
ou=people
|
ou=people
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: The `Select a container` box may not work for selecting containers. You can just enter the `Authentication containers` directly into the text field.
|
> [!Note]
|
||||||
|
> The `Select a container` seach fuction will not work for selecting containers. You enter the `Authentication containers` directly into the text field.
|
||||||
|
> This is due to Pfsense running the following filter `"(|(ou=*)(cn=Users))"`, and `Organizational Units` is currently not supported.Could not connect to the LDAP server. Please check the LDAP configuration.
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> if search button is pressed a warning will show on the bottom of the page: `Could not connect to the LDAP server. Please check the LDAP configuration.`
|
||||||
|
|
||||||
|
|
||||||
### Extended Query
|
### Extended Query
|
||||||
|
|
||||||
Enable extended query: `Checked`
|
Enable extended query:
|
||||||
|
|
||||||
|
- [X] `Checked`
|
||||||
|
|
||||||
### Query:
|
### Query:
|
||||||
|
|
||||||
|
@ -49,7 +61,8 @@ Enable extended query: `Checked`
|
||||||
This example gives you two groups in LLDAP, one for pfSense admin access (`pfsense_admin`) and one for guest access (`pfsense_guest`). You **must** create these exact same groups in both LLDAP and pfSense, then give them the correct permissions in pfSense.
|
This example gives you two groups in LLDAP, one for pfSense admin access (`pfsense_admin`) and one for guest access (`pfsense_guest`). You **must** create these exact same groups in both LLDAP and pfSense, then give them the correct permissions in pfSense.
|
||||||
|
|
||||||
### Bind Anonymous
|
### Bind Anonymous
|
||||||
`Unchecked`
|
|
||||||
|
- [ ] `Unchecked`
|
||||||
|
|
||||||
### Bind credentials
|
### Bind credentials
|
||||||
|
|
||||||
|
@ -80,13 +93,18 @@ cn
|
||||||
memberof
|
memberof
|
||||||
```
|
```
|
||||||
### RFC 2307 Groups
|
### RFC 2307 Groups
|
||||||
`Unchecked`
|
|
||||||
|
- [ ] `Unchecked`
|
||||||
|
|
||||||
### Group Object Class
|
### Group Object Class
|
||||||
`groupOfUniqueNames`
|
```
|
||||||
|
groupOfUniqueNames
|
||||||
|
```
|
||||||
|
|
||||||
### Shell Authentication Group DN
|
### Shell Authentication Group DN
|
||||||
`cn=pfsense_admin,ou=groups,dc=example,dc=com`
|
```
|
||||||
|
cn=pfsense_admin,ou=groups,dc=example,dc=com
|
||||||
|
```
|
||||||
|
|
||||||
(This is only if you want to give a group shell access through LDAP. Leave blank and only the pfSense admin user will have shell access.
|
(This is only if you want to give a group shell access through LDAP. Leave blank and only the pfSense admin user will have shell access.
|
||||||
|
|
||||||
|
@ -94,9 +112,9 @@ memberof
|
||||||
|
|
||||||
Enable the following options on the pfSense configuration page for your LLDAP server (the same page where you entered the prior configuration):
|
Enable the following options on the pfSense configuration page for your LLDAP server (the same page where you entered the prior configuration):
|
||||||
|
|
||||||
- UTF8 Encodes: `Checked`
|
- [X] UTF8 Encodes: `Checked`
|
||||||
- Username Alterations: `Unchecked`
|
- [ ] Username Alterations: `Unchecked`
|
||||||
- Allow unauthenticated bind: `Unchecked`
|
- [ ] Allow unauthenticated bind: `Unchecked`
|
||||||
|
|
||||||
### Create pfSense Groups
|
### Create pfSense Groups
|
||||||
|
|
||||||
|
@ -112,6 +130,9 @@ Go to `System > User Manager > Settings` page. Add your LLDAP server configurati
|
||||||
|
|
||||||
pfSense includes a built-in feature for testing user authentication at `Diagnostics > Authentication`. Select your LLDAP server configuration in the `Authentication Server` to test logins for your LLDAP users. The groups (only the ones you added to pfSense) should show up when tested.
|
pfSense includes a built-in feature for testing user authentication at `Diagnostics > Authentication`. Select your LLDAP server configuration in the `Authentication Server` to test logins for your LLDAP users. The groups (only the ones you added to pfSense) should show up when tested.
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> When running `Save and test`, the `Attempting to fetch Organizational Units from` will fail. This is due to Pfsense running the following filter `"(|(ou=*)(cn=Users))"`, and `Organizational Units` is currently not supported.
|
||||||
|
|
||||||
## More Information
|
## More Information
|
||||||
|
|
||||||
Please read the [pfSense docs](https://docs.netgate.com/pfsense/en/latest/usermanager/ldap.html) for more information on LDAP configuration and managing access to pfSense.
|
Please read the [pfSense docs](https://docs.netgate.com/pfsense/en/latest/usermanager/ldap.html) for more information on LDAP configuration and managing access to pfSense.
|
||||||
|
|
Loading…
Reference in New Issue