Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap / ad user import is only supported for the first server #4963

Closed
zerwes opened this issue Apr 30, 2021 · 2 comments
Closed

ldap / ad user import is only supported for the first server #4963

zerwes opened this issue Apr 30, 2021 · 2 comments
Labels
help wanted Contributor missing / timeout incomplete Issue template missing info

Comments

@zerwes
Copy link

zerwes commented Apr 30, 2021

The user import from ldap/ad feature is only supported for the first server defined under System: Access: Servers

Steps to reproduce:

Go to System: Access: Servers
Add 2 Servers:

  1. ldap/ad server for firewall management with normal authentication with filtering by groups
  2. ldap/ad + otp server for VPN users with filtering by group (different as the above)

Go to System: Access: Users and try to import user

expected: all users can be imported

real: only users matching the first filter can be imported.

As the ldap/ad source is in my case the same, just the scope and the authentication methods differ, my workaround for now:
extend the ldap filter for the first server in order to match the second groups too, so the users can be imported (required for the OTP token etc.), but do not give them access rights on the firewall itself (the VPN users will not be added to any group that as some viewer).
But to be honest, this seems rather a hack then a solution for me, as it mixes up the scope of the users.

Proposal

the import user feature should
a. automatically fetch all users from all configured servers
or
b. allow the admin to select the server for the import

Version

20.7.8

PS

thank you for your great open source product!
@OPNsense-bot
Copy link

Thank you for creating an issue.
Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

@OPNsense-bot OPNsense-bot added the incomplete Issue template missing info label Apr 30, 2021
@AdSchellevis AdSchellevis mentioned this issue Jul 24, 2021
Closed
2 tasks
@kaysond kaysond mentioned this issue Oct 22, 2021
Closed
2 tasks
@OPNsense-bot
Copy link

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.

@OPNsense-bot OPNsense-bot added the help wanted Contributor missing / timeout label Oct 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Contributor missing / timeout incomplete Issue template missing info
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zerwes @OPNsense-bot