Actions
Bug #10971
closed
OpenLDAP + group member attribute other than memberUid
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
10/10/2020
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:
amd64
Description
I am trying to connect to OpenLDAP, simple authorization works fine, I can connect as "domain user"
Then I wanted to set up groups. When I create POSIX group in LDAP with memberUid, and same group in pfsense (SystemUser->ManagerGroups->Edit, scope: remote) all works fine, I see groups in Diagnostics - > Authentication
Logs on LDAP server:
Oct 10 15:08:49 openldap slapd[550]: filter: (&(objectClass=posixGroup)(memberUid=user@my.domain.com))
I change Group member attribute to description and set description in LDAP to my user (I know stupid, but only for tests)
Logs on LDAP server:
Oct 10 15:10:45 openldap slapd[550]: filter: (&(objectClass=posixGroup)(description=user@my.domain.com))
Everything works fine, I can see groups. So I change Group Object Class to groupOfUniqueNames, create new group in LDAP, set description in LDAP to my user
Logs:
Oct 10 15:39:29 openldap slapd[550]: filter: (&(objectClass=groupOfUniqueNames)(description=user@my.domain.com))
I see this new group. Perfect!
Now I change Group member attribute to uniquemember and in logs:
Oct 10 15:54:31 openldap slapd[550]: filter: (&(objectClass=groupOfUniqueNames)(?uniqueMember=user@my.domain.com))Two questions:
- Why attribute is changed to ?uniquemember (additional question mark)?
- Why value of attribute wasn't changed to entryDN?
Updated by 
Updated by
Actions