Bug #11615
closedOpenVPN + Ldap broken in 21.02-RELEASE-p1
0%
Description
We recently upgraded to 21.02-RELEASE-p1 (AWS)
And since we see an odd behavior that prevent user to login
OpenLDAP on the LAN
tests
System -> User Manager -> Settings
Authentication Servers : OK
Settings : OK
Diagnostics -> Authentication -> Authentication Server -> Local Database
user in local backend database and LDAP : OK
user only in LDAP : ERROR : which is correct
Diagnostics -> Authentication -> Authentication Server -> LDAP-SERVER
user in local backend database and LDAP : OK
user only in LDAP : OK
Setup OpenVPN
Backend for authentication -> Local database : work as design
LDAP users can not login
Backend for authentication -> Local database + LDAP : ERROR
except if the user is in the admins group (there is an admins group in LDAP)
Backend for authentication -> LDAP : OK for LDAP only user and OK for local user that are admins and in LDAP
issue 2 the username is normally firstname.lastname (note the dot) : this does not work in the user is in LDAP only
issue 3 if we set openvpn to use local database + LDAP : some LDAP user can VPN some can not
right now we got it working by setting up this configuration
1. local users are also in LDAP
2. OpenVPN set to only do LDAP and no local database
tested on 2 different pfsense (AWS in 2 different regions) and see the same behavior, never seen this on the version prior to 21.02 (2.4.5)