mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
Add pfSense example
This commit is contained in:
parent
c64d32e2c0
commit
ee0a891505
53
example_configs/pfSense.md
Normal file
53
example_configs/pfSense.md
Normal file
@ -0,0 +1,53 @@
|
||||
# Configuration for pfSense
|
||||
|
||||
Note: Using the test feature in pfSense does not appear to work, and LDAP users do not appear in the Users tab,
|
||||
these are likely bugs in pfSense.
|
||||
|
||||
This is only a basic configuration, allowing all valid users in the group to have full permissions.
|
||||
|
||||
Go to System > User Manager > Authentication Servers and Add.
|
||||
|
||||
Use the following settings. Non-default options are bolded.
|
||||
Assuming `dc=example,dc=com` and a user for authentication called `cn=auth` in `lldap_strict_readonly`.
|
||||
|
||||
| Key | Value |
|
||||
|-----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| **Hostname or IP address** | Address of LDAP server |
|
||||
| Port value | `389` |
|
||||
| Transport | `Standard TCP` |
|
||||
| Peer certificate authority | `Global Root CA List` |
|
||||
| Protocol version | `3` |
|
||||
| Server timeout | `25` |
|
||||
| **Search scope level** | `Entire subtree` |
|
||||
| **Search scope base DN** | `dc=example,dc=com` |
|
||||
| **Authentication containers** | `ou=people` |
|
||||
| **Extended query** | enabled |
|
||||
| **Query** | `&(objectClass=person)(memberof=cn=admins,ou=groups,dc=example,dc=com)` This will require users to be in the `admins` group. Remove that part to allow all users. |
|
||||
| **Bind anonymous** | disabled (if desired, also set credentials if disabling) |
|
||||
| **Bind credentials** | username: `cn=auth,ou=people,dc=example,dc=com` |
|
||||
| **User naming attribute** | `uid` |
|
||||
| Group naming attribute | `cn` |
|
||||
| **Group member attribute** | `memberUid` |
|
||||
| **RFC 2307 Groups** | enabled |
|
||||
| RFC 2307 User DN | disabled |
|
||||
| **Group Object Class** | `group` |
|
||||
| **Shell Authentication Group DN** | optional |
|
||||
| UTF8 Encode | disabled (may be supported but was not tested) |
|
||||
| Username Alterations | disabled |
|
||||
| **Allow unauthenticated bind** | disabled |
|
||||
|
||||
Save and change to the Settings tab. Change Authentication Server to the one you just created and save.
|
||||
You will still be able to log in with the local database.
|
||||
|
||||
Change to the Groups tab.
|
||||
Add a new group (here called `pfsense_admin`), your user(s) will of course need to be in the group.
|
||||
|
||||
| Key | Value |
|
||||
|------------------|----------------------------------|
|
||||
| **Group name** | `pfsense_admin` |
|
||||
| **Scope** | `Remote` |
|
||||
| **Description** | Can be anything, but is required |
|
||||
| Group membership | Do not add any users |
|
||||
|
||||
Save the group, then click the edit button. In the Assigned Privileges section, click Add then select all permissions.
|
||||
Save and save.
|
Loading…
Reference in New Issue
Block a user