You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The user import from ldap/ad feature is only supported for the first server defined under System: Access: Servers
Steps to reproduce:
Go to System: Access: Servers
Add 2 Servers:
ldap/ad server for firewall management with normal authentication with filtering by groups
ldap/ad + otp server for VPN users with filtering by group (different as the above)
Go to System: Access: Users and try to import user
expected: all users can be imported
real: only users matching the first filter can be imported.
As the ldap/ad source is in my case the same, just the scope and the authentication methods differ, my workaround for now:
extend the ldap filter for the first server in order to match the second groups too, so the users can be imported (required for the OTP token etc.), but do not give them access rights on the firewall itself (the VPN users will not be added to any group that as some viewer).
But to be honest, this seems rather a hack then a solution for me, as it mixes up the scope of the users.
Proposal
the import user feature should
a. automatically fetch all users from all configured servers
or
b. allow the admin to select the server for the import
Version
20.7.8
PS
thank you for your great open source product!
The text was updated successfully, but these errors were encountered:
Thank you for creating an issue.
Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
The user import from ldap/ad feature is only supported for the first server defined under System: Access: Servers
Steps to reproduce:
Go to System: Access: Servers
Add 2 Servers:
Go to System: Access: Users and try to import user
expected: all users can be imported
real: only users matching the first filter can be imported.
As the ldap/ad source is in my case the same, just the scope and the authentication methods differ, my workaround for now:
extend the ldap filter for the first server in order to match the second groups too, so the users can be imported (required for the OTP token etc.), but do not give them access rights on the firewall itself (the VPN users will not be added to any group that as some viewer).
But to be honest, this seems rather a hack then a solution for me, as it mixes up the scope of the users.
Proposal
the import user feature should
a. automatically fetch all users from all configured servers
or
b. allow the admin to select the server for the import
Version
20.7.8
PS
thank you for your great open source product!
The text was updated successfully, but these errors were encountered: