Project

General

Profile

Feature #2869

LDAP user authentication backend doesn't support membership lookups by querying the group

Added by Jan Christoph Ebersbach over 7 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
User Manager / Privileges
Target version:
-
Start date:
03/12/2013
Due date:
% Done:

0%

Estimated time:

Description

As far as I understood the LDAP authentication backend, the group membership needs to be stored in an attribute of the user. This is the default for Active Directory but for other LDAP servers like OpenLDAP, a special memberOf-overlay needs to be activated. It would be very convenient if pfSense would be able to look up the group membership by 1. retrieving the user's DN and 2. querying the LDAP server for all groups the user is a member of (attributes memberUid or uniqueMember).

History

#1 Updated by Kill Bill almost 4 years ago

Not exactly sure what's missing here:

#2 Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Resolved

Yeah that's been in place for some time now

Also available in: Atom PDF