Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration of LDAP user and groups from LDAP source #8425

Open
1 task done
Lusti67 opened this issue Mar 11, 2025 · 3 comments
Open
1 task done

Integration of LDAP user and groups from LDAP source #8425

Lusti67 opened this issue Mar 11, 2025 · 3 comments
Labels
support Community support

Comments

@Lusti67
Copy link

Lusti67 commented Mar 11, 2025

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe.
Yes the feature request is relatet to a problem, that I would like to import different LDAP Groups in OPNSense. The Firewall should also be able to import the members of this group. The group should be imported from the LDAP source and if not present on OPNSense the group and the included members be created

A clear and concise description of what the problem is including your motivation for the request,
i.e. "For the purpose of [...] I am missing a solution that will [...]."
I want to set different privileges to imported groups at the OPNsense firewall
This option could also be very nice if OPNsense would implement a userportal where users can login and download the VPN client and configuration itself.

Describe the solution you like

A clear and concise description of what you want to happen.
(e.g. I would like an input field in the /ui/firewall/alias which would add .... to ....)
As example it should be possible to set multiple Base DN to search users and groups
(printscreens are an example from another product)

Image

A scheduler that imports the users and groups on OPNsense filrewall

Image

Describe alternatives you considered

A clear and concise description of any alternative solutions or features you considered.

Additional context

Add any other context or screenshots about the feature request here or links to relevant forum thread or similar
@AdSchellevis AdSchellevis added the support Community support label Mar 11, 2025
@AdSchellevis
Copy link
Member

Group relations can already be synced on login (https://docs.opnsense.org/manual/how-tos/user-ldap.html#step-1-1-optional-synchronize-groups), when the user doesn't exist yet, there's also the possibility to auto-create on login.

@Lusti67
Copy link
Author

Lusti67 commented Mar 11, 2025

Hi AdSchellevis

memberOf is not a LDAP standard. This is an attribute used from Active Directory
So this query will not work if you have an openLDAP oder eDirectory. The use Standard LDAP attributes named member

@AdSchellevis
Copy link
Member

In most cases you can add the attribute, I believe it originates from Microsoft indeed, but is quite common as part of RFC2307bis support (just google RFC2307bis and memberOf). I'm open to support other attribute names, depending on what they look like, easy to test using our authentication tester.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support Community support
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AdSchellevis @Lusti67